Request for Information (RFI) Seeking Stakeholder Input on the Need for an NIH Administrative Data Enclave

Notice Number: NOT-OD-19-085

Key Dates
Release Date: March 1, 2019
Response Date: May 30, 2019

Related Announcements

Issued by
National Institutes of Health (NIH)


The National Institutes of Health (NIH), Office of the Director, Office of Extramural Research (OER) issues this Request for Information (RFI) to gauge interest in NIH expending funds to develop, host, and maintain a secure environment (data enclave) that would allow approved research organizations-controlled access to structured, de-identifiable NIH administrative and scientific information not made available to the public.


The NIH is committed to transparency about its research investments and currently makes grant award information available to stakeholders (e.g. grantee institutions, researchers, professional organizations, the public) through web-based self-service tools. Currently RePORTER provides the public a searchable public repository of NIH-funded projects, and ExPORTER provides bulk files on funded projects for download. These tools contain non-sensitive information on NIH funded projects, including the institutions and principal investigators funded by NIH, with project abstracts and basic administrative data on those grant awards.

In recent years NIH has noted an increasing demand for access to sensitive information collected via the grants process. Such data includes information on peer review outcomes, progress reports, as well as, demographic information such as age range, sex/gender, race and ethnicity of individuals listed in NIH grant applications, etc. A recent report released by the Advisory Committee to the NIH Director on Next Generation Researchers calls for an increase in NIH administrative data for members of the biomedical research community. To address this demand, the NIH is considering making sensitive data available in accordance with the federal system of record1; collection, maintenance and dissemination of the data governed by the Privacy Act 1974, as amended, in a secure data enclave accessible only upon request through an approved Special Data Access Agreement (SDAA).

Data Access

NIH has an obligation to ensure the protection of sensitive information collected through the grants process in accordance with federal laws. Prior to receiving data access, organizations would be required to enter into an SDAA with NIH to gain access to records that would be made available in a controlled virtual environment or designated physical location. The SDAA would require inclusion of a previously funded research plan that would need to be approved by the organization for submission to NIH. The SDAA and accompanying research plan would undergo review by an internal NIH committee and the OER Privacy Officer before access would be granted.

There will be costs, likely in the millions of dollars, for NIH to create a secure data enclave that allows NIH-funded researchers interested in using the secure data enclave to establish “seats”. These “seats” would allow researchers to access data within the secure enclave and would provide researchers the ability to export data. The organization and researcher would agree in writing to adhere to Federal IT security and privacy policies as well as other statutes, policies, and regulations as appropriate. An NIH federal official or authorized system manager would need to pre-approve any de-identified aggregate data exported from the secure environment.

Information Requested

The NIH seeks input on any of the following:

  • Examples of NIH mission relevant biomedical and behavioral research using a data enclave that cannot be pursued currently.
  • Whether the benefits of the proposed data enclave are worth repurposing NIH research funds to establish, maintain and operate the data enclave.
  • Preferences and considerations about accessing a data enclave only at a designated physical location or within a virtual environment.
  • Quantity of seats desired if NIH decides to make a substantial investment to sponsor access to sensitive data as allowable under the applicable federal laws in a secure virtual or physical environment.
  • Examples of procedures an organization would implement to ensure the highest level of data protections, as well as to monitor, document, and notify NIH of any unauthorized and/or inadvertent data breaches.
  • Examples of outputs from approved research and how these may be shared with NIH.

How to Submit a Response

All responses to this RFI must be submitted electronically to the following webpage at by May 30, 2019.

Responses to this RFI are voluntary and may be submitted anonymously.Please do not include any personally identifiable or other information that you do not wish to make public.Proprietary, classified, confidential, or sensitive information should not be included in responses. The Government will use the information submitted in response to this RFI at its discretion. The Government reserves the right to use any submitted information on public websites, in reports, in summaries of the state of the science, in any possible resultant solicitation(s), grant(s), or cooperative agreement(s), or in the development of future funding opportunity announcements. This RFI is for informational and planning purposes only and is not a solicitation for applications or an obligation on the part of the Government to provide support for any ideas identified in response to it.Please note that the Government will not pay for the preparation of any information submitted or for use of that information.

1The data collected and maintained in the eRA system are covered under NIH Privacy Act Systems of Record Notice (SORN) 09-25-0225 (


Please direct all inquiries to:

Office of Extramural Research