NIH Implements New Procedures to Protect NIH Application Data Sent to Peer Reviewers on Compact Disks

Notice Number: NOT-OD-08-071

Update: The following update relating to this announcement has been issued:

  • March 28, 2014 - See Notice NOT-OD-14-073. Maintaining Confidentiality in NIH Peer Review.

Key Dates
Release Date: May 14, 2008

Issued by
National Institutes of Health (NIH), (http://www.nih.gov)

The cornerstone of the NIH peer review process is confidentiality. However, technology enables people to work on portable electronic devices in remote locations where these devices can be stolen or misplaced, thus putting sensitive data at risk. This notice serves to reconfirm the NIH’s commitment to protect sensitive data and confidential information contained in grant applications submitted for funding (NOT-OD-07-054 and NOT-OD-08-066).

Congress and the Office of Management and Budget (OMB) have instituted laws, policies and directives that govern the creation and implementation of federal information security practices that pertain specifically to grants and contracts. The current regulations are pursuant to the Federal Information Security Management Act (FISMA), Title III of the E-Government Act of 2002 Pub. L. No. 107-347 (beginning on page 48) (NOT-OD-08-032), and the HHS Policy for Department-Wide Information Security.

Effective May 15, 2008, NIH will implement a new safeguard to password-protect data on the compact disks (CDs) ordered through IMPAC II for peer reviewers prior to study section meetings. Although individual NIH Institutes and Centers (ICs) may use their own, internal procedures to create CDs, all NIH ICs are expected to ensure password protection for the following types of information contained on CDs generated by NIH for reviewers:

  • grant application information,
  • previous summary statements,
  • appendix materials, and
  • additional materials ( eAdditions ) in the grant folder.

Specific instructions [Accessing a Password-Protected CD: Instructions for Reviewers and Accessing a Password-Protected CD: Instructions for Reviewers (with screenshots)] will be sent to peer reviewers with the CD. NIH recognizes that this feature will be somewhat cumbersome for its users; however the protection is necessary to enhance security of the data and information contained in grant applications. Also, NIH peer reviewers are reminded of their obligation to protect review materials and take all prudent measures to maintain the confidentiality of sensitive federal information.

Inquiries

For additional information, please contact Dr. Sally Amero, NIH Review Policy Officer, Office of Extramural Research, NIH (301-435-1418; ReviewPolicyOfficer@mail.nih.gov). For technical assistance, please contact the eRA HelpDesk (http://ithelpdesk.nih.gov/eRA/).