The National Institutes of Health (NIH) has announced updates to data security standards and terms of access for human genomic data under the Genomic Data Sharing Policy (GDS). These updates are designed to enhance data security and ensure compliance with federal cybersecurity requirements. Changes are in effect as of January 25, 2025.

Key Updates

• Enhanced Security Standards: Users and developers of controlled-access genomic data must secure data in accordance with the "NIH Security Best Practices for Users of Controlled-Access Data" and comply with the NIST SP 800-171 cybersecurity requirements.
• Applicable Repositories: The updated requirements apply to data obtained from controlled-access repositories listed here. NIH will periodically update the list of repositories subject to these new requirements.

Implementation Details

• Compliance Obligation: Investigators must comply with the updated security standards for all new or renewal applications for controlled-access data after January 25, 2025. Active data use agreements approved prior to this date may continue under their existing terms.
• Attestation Requirements: The data requestor, IT contact, and signing official listed on the data use agreement must attest to compliance. If full compliance with NIST SP 800-171 has not yet been achieved, NIH will accept an attestation under a Plan of Action and Milestones (POAM). TU has a POAM in place and is working through compliance milestones, so investigators may attest to this.
• Institutional Compliance Plan: Temple University is actively developing compliance solutions and has established a POAM outlining how data environments requiring compliance with NIST SP 800-171 will be brought into alignment with the updated standards.

Additional Notes

• Data Use Agreement Review Process: Data use agreements subject to NIST SP 800-171 compliance will require ITS review prior to final approval by OVPR.
• Support for Compliance with Security Standards: Questions regarding compliance with the NIST SP 800-171 standards at Temple University should be directed to [click-for-email].
• Budget Considerations: The costs of using a secure data environment are allowable and should be included in proposal budgets when known at the proposal stage. Please  direct questions about cost allowability for new proposals to Director of Pre Award management, Christine Blewett at [click-for-email],  and Director of Finance/Accounting, Stephen Kosciolek at stephen.kosciolek@temple.edu. For questions related to existing awards, contact Dennis Paffrath, Associate Vice President for Research Administration at [click-for-email].
• Please ensure that you review the updated requirements and adjust your data management practices accordingly. 

If you have questions or concerns about research compliance matters, please contact Maria Palazuelos Jorganes, Associate Vice President of Research Compliance at [click-for-email].

In compliance with NIH requirements, Temple University Libraries has created a guide to the NIH 2023 DMS policy for research purposes.

As you write your grant, create your Data Management Policy (DMP) plan by using this DMP tool.

Temple has also acquired the services of LabArchives to provide an electronic notebook data keeping and sharing tool.

Submit a Data Management and Sharing plan outlining how scientific data and any accompanying metadata will be managed and shared, taking into account any potential restrictions or limitations.

Comply with the Data Management and Sharing plan approved by the funding Institute or Center (IC).

NIH is flexible about the named oversight to the Data Management and Sharing Plan. The proposal PI is responsible for primary oversight and monitoring of the laboratory data managing activities and data sharing to ensure compliance with the NIH DMS guidelines. The co-PI and named senior laboratory personnel may also provide broader compliance oversight.

Temple University has partnered with LabArchives to provide the research community a data management and sharing tool.

LabArchives Electronic Laboratory Notebooks (ELN) was designed to maintain the security of research data while providing a means to safely share data following institution and funder requirements. They are actively working to create and evolve solutions that meet the NIH guidelines. 

Visit the LabArchives page to learn more and to create your account.

In addition to LabArchives enabled data management, repositories recommended and hosted by Temple University are a resource for all researchers to use to share and preserve their data. TUScholarShare, Temple's institutional repository, can accept certain kinds of research data and this guide lists recommended generalist and subject-specific repositories. For more information reach out to Will Dean at Temple University Libraries [click-for-email] or Research Data Services Team at [click-for-email].

All Temple Data sharing is governed by Temple’s ITS Tech policies as found on Temple’s ITS Tech Policies List. This includes use of and return of Temple owned computers and storage devices.

Visit our training and documentation page to learn about trainings and webinars.