Skip to Main Content

Writing an NIH Data Management & Sharing Plan

Guidance, considerations, tips, and resources to write a competitive DMS Plan for your NIH proposal

Guidance

DMS Plan Section Instructions

Describe any applicable factors affecting subsequent access, distribution, or reuse of scientific data related to:

  • Informed consent
  • Privacy and confidentiality protections consistent with applicable federal, Tribal, state, and local laws, regulations, and policies
  • Whether access to scientific data derived from humans will be controlled 
  • Any restrictions imposed by federal, Tribal, or state laws, regulations, or policies, or existing or anticipated agreements
  • Any other considerations that may limit the extent of data sharing. Any potential limitations on subsequent data use should be communicated to the individuals or entities (for example, data repository managers) that will preserve and share the scientific data. The NIH ICO will assess whether an applicant’s DMS plan appropriately considers and describes these factors. For more examples, see Frequently Asked Questions for examples of justifiable reasons for limiting sharing of data.

 

Expectations for human genomic data subject to the GDS Policy:

  • Informed Consent Expectations: 
    • For research involving the generation of large-scale human genomic data from cell lines or clinical specimens that were created or collected AFTER the effective date of the GDS Policy (January 25, 2015):
      • NIH expects that informed consent for future research use and broad data sharing will have been obtained. This expectation applies to de-identified cell lines or clinical specimens regardless of whether the data meet technical and/or legal definitions of de-identified (i.e. the research does not meet the definition of “human subjects research” under the Common Rule).
    • For research involving the generation of large-scale human genomic data from cell lines or clinical specimens that were created or collected BEFORE the effective date of the GDS Policy:
      • There may or may not have been consent for research use and broad data sharing. NIH will accept data derived from de-identified cell lines or clinical specimens lacking consent for research use that were created or collected before the effective date of this Policy. 
  • Institutional Certifications and Data Sharing Limitation Expectations:
    • DMS Plans should address limitations on sharing by anticipating sharing according to the criteria of the Institutional Certification.
    • In cases where it is anticipated that Institutional Certification criteria cannot be met (i.e., data cannot be shared as expected by the GDS Policy), investigators should state the institutional Certification criteria in their DMS Plan, explaining why the element cannot be met, and indicating what data, if any, can be shared and how to enable sharing to the maximal extent possible (for example, sharing data in a summary format). In some instances, the funding NIH ICO may need to determine whether to grant an exception to the data submission expectation under the GDS Policy.
  • Genomic Summary Results: 
    • Investigators conducting research subject to the GDS Policy should indicate in their DMS Plan if a study should be designated as “sensitive” for the purposes of access to Genomic Summary Results (GSR), as described in NOT-OD-19-023.

Key institutional resource for this part of a DMS Plan:

The IU Research Data Management Plan Working Group has developed a tool to help researchers identify relevant constraints and considerations for sharing research data. That resource is available at https://forms.office.com/r/ssQjhtD9m3

Informed Consent

If your research project involves human participants, the data sharing practices described in the Informed Consent process and document must align with your DMS Plan. In general, you cannot share data unless the participants have consented. One exception is related to de-identified datasets, or datasets from which all identifiable information has been removed (see box below).

Privacy & Confidentiality

Privacy - In research, privacy relates to a participant's right to control the conditions under which they participate in a study. These often involve the timing, circumstances, and extent of their participation.

Confidentiality - In research, confidentiality relates to the agreements researchers make with participants about how information the participants agree to share about themselves will be collected, stored, analyzed, used, and reported.

 

Sharing a dataset that contains protected data elements (i.e., variables) either requires sharing via controlled access, for the dataset to be de-identified, or sometimes both. De-identification can be complex. Minimally, it begins with removing all data elements that are considered Personally Identifiable Information (PII). These 18 data elements (direct identifiers) are defined in the HIPAA regulation. IU uses the HIPAA definition for research purposes as well. 

Datasets can also contain indirect identifiers, which are more complex to identify and remove. For instance, the combination of a person's age and birth location could enable them to be re-identified. The risk of deductive disclosure (of identity) varies depending on the data elements involved. For more information, see this overview from the ICPSR. Thus, de-identification of datasets that include indirect identifiers can require significant time and expertise. For example, transcripts of interviews are often shared via controlled access because de-identification is not possible or would compromise the usefulness of the dataset.

Controlled Access

Controlled access generally describes a process by which potential re-users of a dataset can seek access for research purposes. In some cases, a Data Use Agreement (DUA) is required, while other situations are more appropriately handled by other types of agreements. For a list of the types of research agreements commonly used at IU, see https://research.iu.edu/awards-agreements/research-agreements/index.html

Controlled access describes many specific processes. In contrast to openly or freely shared data, controlled access sharing involves a defined procedure for reviewing and approving the request. The procedure may be shaped by federal regulations, state law, and more. This type of sharing is common when the data to be shared cannot be de-identified, are deemed sensitive for other reasons, or when participants have consented only to controlled forms of sharing.

These agreements describe what the re-user is allowed to do with the data. Are they allowed to combine it with other data? Can they re-distribute the aggregated data set? How should they give credit to the original data source(s)? How long can they keep the data? Must the data be destroyed when the agreement period is over? And many more. The conditions provided in the agreement may be shaped by federal regulations, state law, and more.

Licensing for Data

If you are able to share a subset of the data from your project openly/publicly, it is strongly recommended that you choose a license to clearly communicate the rights of data re-users. In many cases, the data repository you select will have identified licenses that they support and can help you to choose an appropriate license. A helpful guide to open data licensing is available from the Open Knowledge Foundation.

Other restrictions & considerations

In some cases, data is shared with specific permissions (or terms and conditions) for their use. 

  • The dataset must be cited in any publications resulting from the research.
  • If the recipient of the data experiences a breach in which protected information from IU, such as PHI or PII, are involved, the recipient must notify IU of the breach within a specified time period. 
  • The dataset must be destroyed when the project is complete, or when the agreement is terminated.
  • The dataset cannot be re-distributed to others.

In many cases, these permissions or requirements are due to international, federal, and state regulations.

Library Support for Sharing Data

IU Libraries provide support for researchers seeking NIH-funding. We are actively monitoring updates and guidance available from the NIH, as well as the IU Research Data Management Plan Working Group. We will continue to update the information here to reflect those changes. Our support includes:

  • data management planning
  • selecting the appropriate repository(ies) for sharing data
  • planning for documentation that will enable data sharing, and
  • some aspects of preparing data for deposit
  • support decision-making related to data management and sharing that occurs during project start-up and active conduct of research

We will also connect you with other experts across IU who can help you submit the best DMS Plan possible. We are not able to write DMS Plans on behalf of research teams of which we are not members.

To request a consultation, contact the data librarian for your campus or school:

  • Heather Coates, IUPUI - hcoates@iu.edu 
  • Levi Dolan, Indiana University School of Medicine - dolanl@iu.edu
  • Ethan Fridmanski, Indiana University Bloomington - ejfridma@iu.edu