The National Institutes of Health requires that funded researchers and researchers generating or accessing NIH data comply with the NIH Data Management and Sharing Policy (‘DMS Policy’) and the NIH Genomic Data Sharing Policy (‘GDS Policy’). These policies are concerned with the confidentiality, integrity, and availability of data and results connected to NIH-sponsored research, and the specific requirements for data management and sharing will depend on the data type and research funding aims.

As you are starting to work on your data plan, you need to identify the correct NIH policy for your research and data:

• NIH Data Management and Sharing Policy
• NIH Genomic Data Sharing Policy
• NIH Data Policy Decision Tool
• Selecting an NIH data repository
• List of NIH Controlled Access Data repositories

You should also be aware of the UT Dallas policies and procedures that support compliance with NIH requirements:

• UT Dallas BP3096 Information Security and Acceptable Use
• UT Dallas PP 1035 Committee on Research Involving Human Subjects (Institutional Review Board)
• Practices for Safeguarding Federal Research Data

If you need help with identifying your data type or reviewing your funding requirements, contact datamanagement@utdallas.edu.

All UTD faculty, staff, and students must be aware of the security requirements of their research and development activities, and of their obligations to make data and results publicly available.

NIH policies apply to UT Dallas faculty, staff, and students who engage in research and development activities that require use, access, or storage of data that is generated using NIH funding or was received from an NIH repository. NIH researchers are responsible for following NIH and UT Dallas requirements and best practices for safeguarding their data using human research protocols, system security plans, data confidentiality plans, and compliant information resources.

Principal investigators on NIH funding awards are responsible for budgeting the appropriate costs needed for the appropriate data sharing and security required by their project.

As articulated in the DMS Policy, all NIH data should be made as widely and freely available as possible while safeguarding the privacy of participants and protecting confidential and proprietary data.

Contact the Data Management team for assistance to make research publications related to your NIH funding available through PubMed Central and other NIH-Supported Data Sharing Resources.

Researchers preparing NIH funding proposals should start by reviewing the NIH guidance on Budgeting for Data Management & Sharing. Data management costs may be included in your NIH budget when related to:

• Curating data and developing supporting documentation, including formatting data according to accepted community standards; de-identifying data; preparing metadata to foster discoverability, interpretation, and reuse; and formatting data for transmission to and storage at a selected repository for long-term preservation and access.
  
• Local data management or security considerations, such as unique and specialized information infrastructure necessary to provide local management and preservation (e.g., before deposit into an established repository).
  
• Preserving and sharing data through established repositories, such as data deposit fees necessary for making data available and accessible.

When submitting an NIH proposal, you must state if you have additional data sharing and management costs. Your needs should be explicitly stated in the budget justification:

• Option 1) We do not anticipate any costs will be needed for the data sharing and management for this project.
  
• Option 2) If you need new software, high performance computing or secure storage, you must add these costs into your budget.

NIH genomic data frequently requires specific storage and security requirements. You must budget for these costs. At this time, Controlled Access Data that requires NIST SP 800-17 safeguarding must be stored and processed using the protected data services offered by the Texas Advanced Computing Center (TACC).

We have partnered with TACC to receive their internal rate:

1. Data Storage on corral-secure: $92.82/TB/year
2. Node Usage (per contracted note hour): $0.70
3. Virtual Machines (2 GB RAM, 2 VCPU, 100 GB Storage): $383.26/year

Consistent with the values of fundamental research, the NIH DMS Policy is primarily concerned with the integrity and availability of data. Researchers writing data management and sharing plans under the DMS Policy should focus their attention on documenting their laboratory practices for storing, processing, and sharing their NIH data. For in-depth guidance, review the NIH practices for Writing a Data Management & Sharing Plan.

Researchers who are working with NIH genomic data must also consider the confidentiality and security of their data, including that proper human subject protections have been implemented for collection and use of the data. To get started, review the NIH practices for Developing Genomic Data Sharing Plans.

The specific safeguarding requirements for NIH genomic data obtained from an NIH repository will be identified in the Data Use Certification that is issued to UT Dallas by NIH. NIH security best practices require that the recipient scientist and institution implement internal controls for digital security, physical security, network security, dissemination, and destruction and the NIH data. The security configuration and practices required depends on the sensitivity of the NIH data.

• Data from many NIH genomic data repositories can be stored and processed using UT Dallas information resources managed by ORIS or your department IT that have been configured to NIH best practices. For more information, review the NIH Security Best Practices for the NIH Genomic Data Sharing Policy (2021)
• Controlled-Access Data must be stored and processed in an environment that is compliant with NIST SP 800-171. For more information, review the NIH Security Best Practices for Users of Controlled-Access Data.

UT Dallas faculty, staff, and students must obtain approval from the Office of Research and Innovation before they can accept an obligation to safeguard NIH genomic data using UT Dallas information resources. At this time, Controlled-Access Data that requires NIST SP 800-17 safeguarding must be stored and processed using the protected data services offered by the Texas Advanced Computing Center (TACC).

Faculty and staff requesting NIH genomic data access need to complete the following steps with the Office of Research:

1. Submit a Proposal Certification requesting a Data Use Agreement in OAR.
2. Confirm the NIH security requirements in the data use certification and share the requirements with ORSE and OSP.
3. Obtain institutional approval of a human subjects protocol by applying via Cayuse IRB. Approval must be obtained prior to accessing human subjects data.
4. For Controlled Access Data, the PI will obtain, and pay for, access to TACC protected data services and implement a system security plan in coordination with TACC and ORSE.
5. Write a data confidentiality plan with ORSE to document your laboratory’s procedures and practices that comply with the required NIH security practices.

TACC must be used if you obtain data from the following repositories:

• dbGap
• BioData Catalyst
• AnVIL
• NCI Genomic Data Commons
• CDS-Trusted Partner
• Kids First Data Resource
• INCLUDE data hub
• Restricted portion of Sequence Read Active
• National Institute of Mental Health Data Archive
• NIAAADA
• ABCD
• The Neuroscience Multi-omic data Archive Brain/NeMo
• The CommonMind Consortium Knowledge Portal
• PsychENCODE Knowledge Portal
• NIAGADS
• Accelerating Medicines Partnership^® Parkinson’s Disease
• Parkinson’s Disease Biomarkers Program Data Management Resource
• PEGS
• NIMH Repository and Genomics Resources
• NIDCR FaceBase

Office of Sponsored Projects (OSP) – review, negotiate and sign all data use agreements related to sponsored projects, including those with GDS Policy requirements.

Office Research Security and Ethics (ORSE) – review research proposals and data use agreements for security requirements, provide feedback on data management and security plans, and support researchers to identify and secure appropriate storage for NIH GDS Policy data. Provide resources and training necessary to safeguard NIH data in compliance with policy requirements.

Office of Research Information Systems (ORIS) – review research proposals and data use agreements for data processing, storage, and management needs and support researchers to identify and obtain appropriate storage for NIH data. Provide resources and training necessary to manage and publish NIH data in compliance with policy requirements.

Office of Human Subjects Protections (OHSP) – review NIH data for human subjects research protections and ensure compliance with consent requirements and other safeguarding practices required for human data used in NIH research.

Information Security Office (ISO) – provide institutional oversight and monitoring of UT Dallas efforts to store, process, generate, and use NIH data.

• Proposal Certification form
• Cayuse IRB Submission Guidance
• NIST SP 800-171
• System Security Plan template

• Data Confidentiality Plan template
• Texas Advanced Computing Center Documents
  • Protected Data Service Form (https://tacc.utexas.edu/about/security-and-compliance/protected-data-service/)
  • Acceptable Use Policy (https://tacc.utexas.edu/use-tacc/user-policies/)
  • User Documentation (https://tacc.utexas.edu/use-tacc/getting-started/)
  • Training (https://tacc.utexas.edu/use-tacc/training/)