Request for Information (RFI) Seeking Stakeholder Input on the Need for an NIH Administrative Data Enclave
The National Institutes of Health (NIH), Office of the Director, Office of Extramural Research (OER) issues this Request for Information (RFI) to gauge interest in NIH expending funds to develop, host, and maintain a secure environment (data enclave) that would allow approved research organizations-controlled access to structured, de-identifiable NIH administrative and scientific information not made available to the public. (NOT-OD-19-085)
The NIH is committed to transparency about its research investments and currently makes grant award information available to stakeholders (e.g. grantee institutions, researchers, professional organizations, the public) through web-based self-service tools. Currently RePORTER provides the public a searchable public repository of NIH-funded projects, and ExPORTER provides bulk files on funded projects for download. These tools contain non-sensitive information on NIH funded projects, including the institutions and principal investigators funded by NIH, with project abstracts and basic administrative data on those grant awards.
In recent years NIH has noted an increasing demand for access to sensitive information collected via the grants process. Such data includes information on peer review outcomes, progress reports, as well as, demographic information such as age range, sex/gender, race and ethnicity of individuals listed in NIH grant applications, etc. A recent report released by the Advisory Committee to the NIH Director on Next Generation Researchers calls for an increase in NIH administrative data for members of the biomedical research community. To address this demand, the NIH is considering making sensitive data available in accordance with the federal system of record; collection, maintenance and dissemination of the data governed by the Privacy Act 1974, as amended, in a secure data enclave accessible only upon request through an approved Special Data Access Agreement (SDAA).
NIH has an obligation to ensure the protection of sensitive information collected through the grants process in accordance with federal laws. Prior to receiving data access, organizations would be required to enter into an SDAA with NIH to gain access to records that would be made available in a controlled virtual environment or designated physical location. The SDAA would require inclusion of a previously funded research plan that would need to be approved by the organization for submission to NIH. The SDAA and accompanying research plan would undergo review by an internal NIH committee and the OER Privacy Officer before access would be granted.
There will be costs, likely in the millions of dollars, for NIH to create a secure data enclave that allows NIH-funded researchers interested in using the secure data enclave to establish “seats”. These “seats” would allow researchers to access data within the secure enclave and would provide researchers the ability to export data. The organization and researcher would agree in writing to adhere to Federal IT security and privacy policies as well as other statutes, policies, and regulations as appropriate. An NIH federal official or authorized system manager would need to pre-approve any de-identified aggregate data exported from the secure environment.
The NIH seeks input on any of the following:
- Examples of NIH mission relevant biomedical and behavioral research using a data enclave that cannot be pursued currently.
- Whether the benefits of the proposed data enclave are worth repurposing NIH research funds to establish, maintain and operate the data enclave.
- Preferences and considerations about accessing a data enclave only at a designated physical location or within a virtual environment.
- Quantity of seats desired if NIH decides to make a substantial investment to sponsor access to sensitive data as allowable under the applicable federal laws in a secure virtual or physical environment.
- Examples of procedures an organization would implement to ensure the highest level of data protections, as well as to monitor, document, and notify NIH of any unauthorized and/or inadvertent data breaches.
- Examples of outputs from approved research and how these may be shared with NIH.
See Guide Notice NOT-OD-19-085 for more information.
To ensure consideration, responses must be submitted by: May 30, 2019 11:59:59 PM EDT
( * = Required fields)