NOT-OD-22-044: Maintaining Security and Confidentiality in NIH Peer Review: Rules, Responsibilities and Possible Consequences

Maintaining Security and Confidentiality in NIH Peer Review: Rules, Responsibilities and Possible Consequences

Notice Number:

NOT-OD-22-044

Key Dates

Release Date:

December 30, 2021

Related Announcements

NOT-OD-18-115 - Maintaining Integrity in NIH Peer Review: Responsibilities and Consequences - RESCINDED

NOT-OD-15-106 - Applicant Responsibilities in Maintaining the Integrity of NIH Peer Review - RESCINDED

NOT-OD-14-073 - Maintaining Confidentiality in Peer Review - RESCINDED

NOT-OD-23-149 - The Use of Generative Artificial Intelligence Technologies is Prohibited for the NIH Peer Review Process

NOT-OD-23-156 - Review Integrity and Bias Awareness Training will be Required for NIH Reviewers Effective May 2024 Council Round

Issued by

Office of The Director, National Institutes of Health (OD)

Purpose

Maintaining security and confidentiality in the NIH peer review process is essential for safeguarding the exchange of scientific opinions and evaluations without fear of reprisal; protecting trade secrets or other proprietary, sensitive and/or confidential information; providing reliable input to the agency about research projects to support; and safeguarding the NIH research enterprise against the misappropriation of research and development to the detriment of national or economic security. In addition, maintaining integrity in the peer review process is important for maintaining public trust in science.

This Notice reminds all participants and stakeholders in the NIH peer review process of federal statutes, regulations, and NIH policies regarding peer review security and confidentiality; their responsibilities for abiding by those rules; and possible actions that the NIH (in coordination with other offices) may take and consequences that may ensue from a violation of those rules. Participants and stakeholders include but are not limited to:

Project Directors/Principal Investigators (PD/PIs), Key Personnel, and officials of applicant organizations and offerors, and others operating on their behalf; and

Peer reviewers (temporary and appointed) and NIH National Advisory Council (NAC) members (temporary and appointed).

This Notice is effective immediately and replaces NIH Guide Notices NOT-OD-14-073, NOT-OD-15-106, and NOT-OD-18-115.

Security of Government Computer Systems

The NIH peer review process is conducted via secure online systems; NIH reviewers and NIH NAC members are provided access through login credentials supplied by the Designated Federal Officer (DFO) in charge of the review meeting. A DFO is a full-time or permanent part-time Federal officer or employee assigned to the committee to ensure compliance with the Federal Advisory Committee Act, 5 U.S.C. App. 2, and other applicable laws, regulations, and NIH policies. The DFO is often referred to as Scientific Review Officer (SRO) for initial peer review meetings or Executive Secretary (ES) for NAC meetings.

Consistent with the agency's responsibility to protect applications, information, and data related to NIH peer review contained in these systems (see the System of Records Notices 09-25-0036 and 09-25-0225), the NIH provides this public Notice that the following activities are prohibited:

Accessing, or attempting to access, a secure government computer system used to support the NIH peer review process by any individual who has not been authorized by the NIH DFO in charge of that review meeting, or assisting such an individual gain access to a system;

Engaging in unauthorized or improper use of these systems, applications, data or information contained therein, including communicating, delivering, transmitting, or causing to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered or transmitted to any person not entitled to receive such information;

Sharing or assisting in the sharing of government-issued login credentials and/or passwords with, or granting access to, any individual, organization, or other entity, in gaining access to a secure government computer system used to support the NIH peer review process.

With issuance of this Notice, each NIH peer reviewer and NAC member must certify (see Appendix) their understanding of, and compliance with, these rules and consequences for violating them.

In addition, participants and stakeholders in NIH peer review (as defined above) are expected to report, in strict confidence, any known breach of security to the NIH DFO managing the review meeting.

Confidentiality of NIH Peer Review

PD/PIs, Key Personnel, Officials of Applicant Organizations and Offerors, and Other Individuals Acting on Their Behalf

The only acceptable channel for communication about the review of an NIH grant application after submission is through the DFO who is managing the Scientific Review Group (SRG) or NAC; the only acceptable channel for communication about an R&D contract proposal is through the Contracting Officer (CO) in charge of the solicitation. Therefore, PD/PIs, Key Personnel, officials of applicant organizations and offerors, and other individuals acting on their behalf are prohibited from:

Contacting a reviewer on the SRG, Technical Evaluation Panel (TEP), or NAC evaluating an application or proposal in which they, their employer, close relative, or professional associate plays a major professional role, in order to request or provide information or materials related to the review, to otherwise attempt to influence the outcome of the review or the reviewer(s), or to access information or materials related to the review by any other means until/unless provided directly to them through NIH-approved communication channels.

Sending information or data related to the project under review directly to a reviewer on the SRG, TEP, or NAC evaluating their application or proposal. The only acceptable processes for submitting post-submission materials for applications are outlined in the NIH Grants Policy Statement (section 2.3.7.7), as well as NIH Guide Notices NOT-OD-12-141, NOT-OD-19-083, and NOT-OD-20-061.

Participants and stakeholders (as defined above) who are contacted by an NIH peer reviewer, NAC member, or another individual acting on behalf of an NIH peer reviewer or NAC member, for purposes of obtaining or exchanging information outside of the channels described above, are expected to report the contact to the DFO in charge of the SRG or NAC, or the CO in charge of the solicitation.

NIH Peer Reviewers and NIH Advisory Council Members

Consistent with the NIH peer review regulations at 42 CFR 52h.6, NIH peer review meetings are closed to the public and most documents provided to reviewers are confidential. Therefore, NIH peer reviewers, NIH NAC members, and other individuals acting on their behalf must destroy, delete, and/or return the grant applications, R&D contract proposals, and associated confidential information to the DFO in charge of the review meeting, and are prohibited from:

Accessing, or attempting to access, or attempting to gain access to, a closed session of an NIH SRG meeting, an NIH TEP, or an NIH NAC meeting either in person or remotely, unless access has been authorized by the DFO in charge of the meeting;

Disclosing, transmitting, or discussing the grant applications, R&D contract proposals, and associated confidential information with any other individual (including but not limited to colleagues, lab members, fellows, students, applicants, offerors or employees of an offeror), through any communication channel (including social media) except as authorized by the DFO or other designated NIH official;

Disclosing, in any manner, information about the committee deliberations, discussions, evaluations, or documents to anyone (including but not limited to a colleague, lab member, fellow, student, applicant, offeror or employee of an offeror), through any communication channel (including social media), other than as authorized during the peer review meeting.

Disclosing, transmitting, or discussing confidential information pertaining to an application or proposal to/with another member who has declared or had had declared a real or apparent conflict of interest (consistent with the NIH peer review regulations at 42 CFR 52h) with that application or proposal;

Recording or transcribing committee deliberations, discussions, evaluations, or documents;

Using information contained in a grant application or R&D contract proposal for personal benefit or making such information available for the personal benefit of any other individual, organization, or entity; and

Disclosing, transmitting, or discussing procurement information (i.e., contractor bid or proposal information or source selection information as defined in 48 CFR 2.101; 3.104-1(a) prior to the award of a contract (see 48 CFR 3.104-3(a)).

Certifications

Each NIH peer reviewer must certify a Security, Confidentiality and Nondisclosure Agreement (see the Appendix) that they fully understand and will comply with the confidential nature of the review process. Members of NIH NACs must submit Confidential Financial Disclosure statements and certify similar Security, Confidentiality and Nondisclosure Agreements.

Each reviewer/NAC member certifies the Security, Confidentiality and Nondisclosure Agreement "with the understanding that any materially false, fictitious, or fraudulent statement or representation may subject me to criminal, civil, or administrative penalties (18 USC 1001)".

18 USC 1001 states:

"Except as otherwise provided in this section, whoever, in any matter within the jurisdiction of the executive, legislative, or judicial branch of the Government of the United States, knowingly and willfully-

(1) falsifies, conceals, or covers up by any trick, scheme, or device a material fact;

(2) makes any materially false, fictitious, or fraudulent statement or representation; or

(3) makes or uses any false writing or document knowing the same to contain any materially false, fictitious, or fraudulent statement or entry;

Shall be fined under this title, imprisoned not more than 5 years or, if the offense involves international or domestic terrorism (as defined in section 2332), imprisoned not more than 8 years or both."

In addition, each reviewer is expected to notify the DFO who is managing the review of the relevant application or the CO in charge of the solicitation if they are contacted for purposes of obtaining or exchanging information outside of the channels described above or in attempts to influence the outcome of the review process.

Possible Consequences

If the NIH determines that a situation involves a breach of integrity, including confidentiality or security, in the NIH peer review process, the NIH in coordination with other offices may take actions including, but not limited to:

Notifying or requesting information from an individual's institution.
Terminating review service for a reviewer or NAC member.
Deferring or withdrawing an application submitted by the individual's institution.
Terminating grant, cooperative agreement, fellowship or R&D contract awards to the individual's institution.
Notifying the NIH Office of Management Assessment (OMA) with possible referral to the U.S. Department of Health and Human Services Office of Inspector General (OIG) and the U.S. Department of Justice (DOJ) for further action, which may include pursuing criminal and civil penalties as allowable by law.
Providing a referral for government-wide suspension or debarment.
Notifying other, appropriate Federal agencies.

Additional Information

For information on additional, applicable laws, regulations, and policies, as well as possible consequences for violations, see Integrity and Confidentiality in NIH Peer Review.

Inquiries

Please direct all inquiries to:

NIH Review Policy Officer
[email protected]

Appendix

Certifications for NIH Peer Reviewers

Before gaining access to NIH grant applications, R&D contract proposals or review meeting information, NIH reviewers must certify their understanding of the Security, Confidentiality and Nondisclosure Agreement below. This agreement also is available on the Consolidated List of Reviewer Documents website.

Security, Confidentiality, and Nondisclosure Agreement

With the understanding that any materially false, fictitious, or fraudulent statement or representation may subject me to criminal, civil, or administrative penalties (18 USC 1001), I certify that I fully understand the confidential nature of the NIH peer review process and possible consequences for breaches of confidentiality, and agree:

Not to share or assist in the sharing of government-issued login credentials and/or passwords with, or grant access to, or assist any individual, organization, or other entity gain access to, a secure government computer system used to support the NIH peer review process.

Not to engage in unauthorized or improper use of these systems, data or information contained therein, including communicating, delivering, transmitting, or causing to be communicated, delivered, or transmitted, or attempting to communicate, deliver, transmit or cause to be communicated, delivered or transmitted to any person not entitled to receive such information;

To destroy, delete, and/or return the grant applications, R&D contract proposals, and associated confidential information to the Designated Federal Official (DFO) in charge of the review meeting;

Not to disclose, transmit, or discuss the grant applications, R&D contract proposals, and associated confidential information with any other individual (including but not limited to colleagues, lab members, fellows, students, applicants, offerors or employees of an offeror), through any communication channel (including social media) except as authorized by the DFO or other designated NIH official;

Not to disclose, in any manner, information about the committee deliberations, discussions, evaluations, or documents to anyone (including but not limited to a colleague, lab member, fellow, student, applicant, offeror or employee of an offeror), through any communication channel (including social media) other than as authorized during or for the peer review meeting.

Not to disclose, transmit or discuss confidential information pertaining to an application or proposal to/with another member who has declared a real or apparent conflict of interest (consistent with the NIH peer review regulations at 42 CFR 52h) with that application or proposal;

Not to record or transcribe committee deliberations, discussions, evaluations, or documents;

Not to use information contained in a grant application or R&D contract proposal for my personal benefit or make such information available for the personal benefit of any other individual, organization, or entity;

Not to disclose or transmit procurement information prior to the award of a contract (i.e., contractor bid or proposal information or source selection information as defined in 48 CFR 2.101; 3.104-1(a)) prior to the award of a contract (see 48 CFR 3.104-3(a)); and

To refer all inquiries concerning the recruitment or review, including inquiries related to these Security, Confidentiality and Nondisclosure Rules and/or Certification, to the DFO managing the review meeting, the Contracting Officer in charge of the solicitation, or other designated NIH official.

I understand that confidential information related to NIH peer review includes but is not limited to grant applications, R&D contract proposals, and data and information contained therein; other materials made available to me as an NIH reviewer; information and materials related to the reviewer recruitment process and reviews; individual reviewer assignments, conflicts of interest, and evaluations including scores and written critiques; and discussions and notes taken during review meetings.

I understand that the NIH may take steps in response to a violation of the above rules, in order to preserve the integrity of the NIH review process. Depending on the specific circumstances, such steps may include but are not limited to:

Notifying or requesting information from my institution.
Terminating my review service.
Deferring or withdrawing an application submitted by my institution.
Terminating grants, cooperative agreements, fellowships or R&D contract awards to my institution.
Notifying the NIH Office of Management Assessment (OMA) and other appropriate Department officials for review of the matter in accordance with applicable law, with possible referral to the U.S. Department of Health and Human Services Office of Inspector General (OIG) and the U.S. Department of Justice (DOJ) for further action, which may include pursuing criminal and civil penalties as allowable by law.
Pursuing a referral for government-wide suspension or debarment.
Notifying other, appropriate Federal agencies.