The National Institutes of Health (NIH) has issued updated data management policies, which introduce new security standards in the Genomic Data Sharing (GDS) Policy. Specifically, “NIH Security Best Practices for Users of Controlled-Access Data” require that data managed on institutional IT systems and third-party computing infrastructures that meet certain standards in accordance with NIST SP 800-171 “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.” These new policies will be effective on January 25, 2025, at which point adherence to this standard will be included in new or renewed Data Use Certifications or similar agreements stipulating terms of access to controlled-access human genomic data regardless of whether the Approved User is supported by NIH or not. 

What is UK doing to address these new policies: 
To support our researchers in addressing these new policies, investments have been made to extend our existing secure research environments. Specifically, the Office of the Vice President for Research has invested over $2 million in self-encrypting storage and the College of Medicine invested $1 million in computational infrastructure. In addition, a vendor has been engaged to conduct an external audit of our expanded infrastructure. View the Plan of Action and Milestones (POAM) for additional details and timelines associated with compliance efforts.    
  
How do I know if I am impacted by these new policies? 
This new ruling currently applies to 20 controlled-access data repositories associated with the following access systems: dbGap, NDA, NDA & Synapse, NIAGADS, AMP PD, PDBP DMR, PEGS, NRGR and FaceBase. View the list of repositories here. If your research involves data from one or more of these repositories you are impacted by these new policies and must follow the provided instructions.
  
What do I do if I am impacted? 
Fill out this REDCap survey and a consultant will contact you to discuss a remediation plan and documentation that you must maintain for NIH review. In addition, you will be provided technical assistance to migrate your data to a compliant facility as needed. 
 
Additional Resources for Genomic Data Sharing Policy: 
NIH Webinars, Slides and Decision tool