Genomic Data Sharing

Purpose & Background: 

The Genomic Data Sharing (GDS) Policy applies to all competing NIH grant applications and proposals for NIH contracts, or other Programs following this policy if the proposed research will generate large-scale human or non-human genomic data or will use these data for subsequent research. 

Per NIH GDS Policy, an Institutional Certification must be submitted at the time of Just in Time and before submission to the repository. 
 

Regulatory Information & Guidance:

NIH Scientific Data Sharing Policies
NIH Genomic Data Sharing Policy
NIH Institutional Certification
 

Data Sharing Plans:

1. Follow the guidance in the NIH Notice (NOT-OD-15-083 NIH Grant Applications and the NIH Genomic Data Sharing Policy) for data sharing plans.
2. The PI should contact the appropriate NIH Institute or Center (IC) Program Official or Project Officer as early as possible to discuss genomic data sharing expectations and timelines that would apply to the proposed research.
   1. For obtaining an Institutional Certification, follow the steps under “Institutional Certification Process” below.
3. Include your plan for sharing genomic data in the grant application. As of January 25, 2023, NIH expects a single data sharing plan at the time of application. Your Genomic Data Sharing plan must be incorporated into your Data Management & Sharing plan and NIH will no longer accept a separate Genomic Data Sharing plan. 
   1. If sharing of human data is not possible, provide an explanation as to why, and an alternative plan. 
   2. The plan should describe how the expectations of the policy will be met. 
       

Institutional Certification Process: 

1. The PI must complete the Institutional Certification form (provided by the funding agency) which also describes any data use limitations. The PI is responsible for filling out the form and providing it to the relevant parties. 
2. Contact the Research Integrity Unit at researchintegrity@research.ucsb.edu for assistance with the process of verifying the Institutional Certification.  
3. An IRB must review the informed consent document along with the Institutional Certification and grant application (if needed). 
   1. For prospective studies, either:
      1. Submit a protocol application in ORahs, an informed consent document, and the Institutional Certification document for IRB review; or 
      2. Initiate an IRB reliance with another institution and ensure the Reviewing IRB reviews the Institutional Certification along with the informed consent document; and
      3. The informed consent document must satisfy NIH’s expectations on broad and genomic data sharing/use. The Reviewing IRB must assess that all of the required elements are included in the informed consent to meet NIH’s data submission requirements. Note that the criteria for a waiver of consent under 45 CFR part 46 are not applicable to the IRB's determinations and the IRB must apply the criteria set forth in the NIH GDS Policy.
   2. For existing studies in which the data has already been collected:
      1. The PI should obtain copies of the original informed consent documents and include them in the protocol application or in the reliance materials, along with the Institutional Certification, and
      2. The Reviewing IRB must assess that all of the required elements were included in the informed consent to meet NIH GDS Policy data submission requirements. Note that the criteria for a waiver of consent under 45 CFR Part 46 are not applicable to the IRB's determinations and the IRB must apply the criteria set forth in the NIH GDS Policy.  
      3. Note for studies that lacked consent or lack elements of GDS Policy data submission requirements, the Reviewing IRB may determine that the original informed consent is not consistent with NIH’s GDS Policy.
   3. For studies which use de-identified, coded, or anonymized data:
      1. When a study involves only anonymized cells/data with no identifiers or codes linking back to an individual, either directly or indirectly, the HSC will make a “non human subjects research” determination and inform the PI that an Institutional Certification does not need to be provided to NIH, or
      2. When a study involves de-identified or coded data and is considered human subjects research, the Reviewing IRB will request copies of the original consent documents. For studies that lacked consent or lack elements of GDS Policy data submission requirements, the Reviewing IRB may determine that the original informed consent is not consistent with NIH’s GDS Policy. 
4. Once the Reviewing IRB has certified that the data submission is consistent with the GDS Policy and NIH’s expectations, the PI must work with an Institutional Signing Official. 
   1. The signatory official is credentialed through the NIH eRA Commons system,  is authorized to enter the institution into a legally binding contract, and can sign on behalf of an investigator who has submitted data or a data access request to NIH.

Note: 
For studies that propose to use existing data or samples, the Reviewing IRB may conclude that the original consent document is not adequate for submission to the NIH-designated repository. In these cases, the Reviewing IRB may decide that it is appropriate and necessary for the investigator to seek explicit consent of the research participants for submission to the NIH-designated repository and subsequent sharing or impose data use restrictions. The PI should consult with the NIH Program Officer on how to proceed if the IRB determines that data is not consistent with NIH’s expectations. 
 

Certification Criteria:

The certification must assure that:

• The data submission is consistent with all applicable laws and regulations, as well as institutional policies;
• The limitations on the research use of the data, as expressed in the informed consent documents, are delineated;
• The identities of research participants will not be disclosed to the NIH-designated data repositories

The Institutional Review Board (IRB) must review the following requirements for investigators’ requests to submit data to the NIH :

• That the informed consent that was obtained from subjects was consistent with NIH requirements for data sharing:
  • The protocol for the collection of genomic and phenotypic data is consistent with 45 CFR Part 46;
  • Data submission and subsequent data sharing for research purposes are consistent with the informed consent of study participants from whom the data were obtained;
  • Consideration was given to risks to individual participants and their families associated with data submitted to NIH-designated data repositories and subsequent sharing, including unrestricted access to genomic summary result:
  • To the extent relevant and possible, consideration was given to risks to groups or populations associated with submitting data to NIH-designated data repositories and subsequent sharing, including unrestricted access to genomic summary results; and
  • The investigator’s plan for de-identifying datasets is consistent with the HHS Regulations for the Protection of Human Subjects
• The certification also needs to indicate whether the data are to be made available through unrestricted or controlled access and whether future use is limited to not-for-profit organizations. 
  • NIH has developed guidance on developing effective data use limitation statements. 
     

Informed Consent Considerations:

Prospective Research Studies:

The informed consent process and informed consent document should include all the required elements of informed consent per 45 CFR 46, be consistent with NIH’s broad sharing expectations, and make clear whether participants' DNA will undergo genetic analysis and whether resultant genotype and phenotype data will be shared with an NIH-designated data repository for research purposes. 
 

Retrospective Studies:

The IRB must determine whether the initial consent document, under which existing genetic materials and data were obtained, is consistent with the submission of data to the NIH-designated repository and the sharing of that data is in accordance with the GDS policy. 
 

De-identification & Codes: 

Investigators should de-identify human genomic data that they submit to NIH-designated data repositories according to the standards set forth in the HHS Regulations for the Protection of Human Subjects to ensure that the identities of research subjects cannot be readily ascertained with the data. Investigators should also strip the data of identifiers according to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. For example, the de-identified data should be assigned random, unique codes by the investigator, and the key to other study identifiers held by the submitting institution.