The discussions surrounding the Precision Medicine Initiative (PMI) have highlighted some of the policy challenges inherent in balancing the sharing of valuable research data with the protection of participants whose data is being shared. How do you ensure that researchers, and even participants themselves, have appropriate access to data while making sure that the data is not inadvertently or deliberately released or misused in a way that might present a risk to participants?
As mentioned in the last blog post: Part I – Enhancing Consent through the NIH Genomic Data Sharing Policy, the NIH is not new to this, of course, and has had success in developing policies that support the sharing of data that also harbors information about the disease status of research participants. The NIH Genomic Data Sharing (GDS) Policy, which became effective on January 25, 2015, and its predecessor, the Policy for Sharing of Data Obtained in NIH Supported or Conducted Genome-Wide Association Studies (GWAS) have enabled the sharing of potentially sensitive genomic and phenotypic data from NIH-funded studies. The ethical principles and privacy safeguards incorporated in the GDS Policy enable secondary use of NIH genomic data while respecting participant autonomy and protecting privacy.
These protections have been built into both the submission and access stages of the genomic data sharing process. When investigators submit data, their institution must assure, through submission of an Institutional Certification, the appropriateness of the data submission as well as the secondary use of the data, based on the consent of the participants. When qualified investigators seek access to the data, they must describe how they intend to use the data through a Data Access Request (DAR) in the database of Genotypes and Phenotypes (dbGaP) and promise, through a Data Use Certification (DUC) Agreement, to adhere to the GDS Policy’s ethical principles, terms of data access, and privacy safeguards. Before access is granted, each request is reviewed by an NIH Data Access Committee (DAC) for consistency with the appropriate data uses, as outlines by the data submitters, and Policy expectations.
Since 2007, and under the GWAS Policy, approximately 3,700 datasets have been submitted and made available in dbGaP for secondary research, and nearly 21,000 access requests from over 3,300 investigators from 46 countries, have been approved by NIH. Of the large number of approved requests, we can say that approved users of the data have adhered to the terms of Policy most of the time, and that only 27 violations of the Policy (out of the 21,000 approved requests) have been reported. The figure below provides a schematic of this, as well as the general categories that these violations fall under. Policy compliance violations, also known as data management incidents, have occurred in both the submission and access processes as well as in data security. For example, in one case, an investigator accidentally reversed the labels for two datasets in a data submission, such that a dataset meant only for disease-specific secondary research was made available for general secondary research use and vice versa. Fortunately, the mistake was discovered before the data were improperly used. The datasets were then reconfigured with the appropriate use categories and made available again to the research community. NIH has also made a similar mistake in handling the data once it was received.
In all Policy compliance violation cases, NIH has worked cooperatively with the violator to remedy the situation. Most importantly, however, and to the best of our knowledge, none of the 27 Policy compliance violations have resulted in harm to the research participants from which the data were generated. Additional information on Policy compliance violations and specific cases, as well as other statistics on data submission, access, and use, are available on the Facts & Figures section of the GDS Policy website.
In order to advance our understanding of how the myriad of genetic, environmental, and behavioral factors interact to play a role in human health and disease, we must continue to enable the responsible sharing of genomic and associated data broadly within biomedical research community, while at the same time respecting the wishes of study participants. NIH’s policies for sharing of genomic data have led the way and set a precedent for culture changes in sharing all types of data, including sharing of data though groundbreaking initiatives such as PMI.
For more information on the GDS Policy please visit the GDS website.