Submission of Data to dbGaP and Genomic Data Sharing

Protocols should include the following information (preferably as a separate section):

• Summary of the intent to contribute data to dbGaP or another NIH data repository
• Specific sources of the data to be submitted (e.g., all participants in the study, a specific subset of individuals, participants from all sites, etc.)
• List of the genotypic data that will be provided
• List of the phenotypic data that will be provided (as applicable)
• Statement of the proposed restrictions (if any) for access
  • Shared information will be available to for-profit entities unless restricted.
  • Aggregate information will be made available without restriction unless designated as sensitive in the institutional certificate.
• Plan for removing identifiers from the data to be provided
  • The identities of research participants cannot be disclosed to NIH data repositories; only coded data with all 18 HIPAA identifiers removed will be accepted. The IRB must review researchers’ plans for data coding to determine the plan’s appropriateness for the specific dataset and to provide the assurances required by the institutional certification.
• For multisite studies, a statement of whether Ohio State will be providing certification on behalf of all participating institutions, and if so, confirmation that the other institutions have agreed.
  • Certification must be provided for all sites contributing samples to dbGaP or another NIH genomic data repository. The lead site may submit one institutional certification on behalf of all collaborating sites. Alternatively, each site providing data may provide its own institutional certification.

Study participants must be informed in the consent process that their study-related materials will be submitted to public, scientific databases such as dbGaP. Note: NIH expects that informed consent for future research use and broad data sharing will have been obtained even if the cell lines or clinical specimens are de-identified. NIH recommends that the data provided to dbGaP or another NIH data repository are coded and that participants are informed that they are free to withdraw their data from the NIH database (although data that have been distributed for approved research cannot be retrieved).

The protocol should be amended to include the following information:

• Summary of the intent to contribute data to dbGaP or another NIH data repository
• Specific sources of the data to be submitted (e.g., all participants in the study, a specific subset of individuals, participants from all sites, etc.)
• List of the genotypic data that will be provided
• List of the phenotypic data that will be provided (as applicable)
• Statement of the proposed restrictions (if any) for access
  • Shared information will be available to for-profit entities unless restricted.
  • Aggregate information will be made available without restriction unless designated as sensitive in the institutional certificate.
• Plan for removing identifiers from the data to be provided
  • The identities of research participants cannot be disclosed to NIH data repositories; only coded data with all 18 HIPAA identifiers removed will be accepted. The IRB must review researchers’ plans for data coding to determine the plan’s appropriateness for the specific dataset and to provide the assurances required by the institutional certification.
• For multisite studies, a statement of whether Ohio State will be providing certification on behalf of all participating institutions, and if so, confirmation that the other institutions have agreed.
  • Certification must be provided for all sites contributing samples to dbGaP or another NIH genomic data repository. The lead site may submit one institutional certification on behalf of all collaborating sites. Alternatively, each site providing data may provide its own institutional certification.

To determine if the required assurances in the institutional certification can be made, the IRB must review all versions of the consent form signed by participants authorizing the researchers to collect participants’ data. If Ohio State will be providing certification on behalf of other participating institutions, consent forms used at these sites must also be reviewed. Previous consent form versions (or consent forms from other sites) should be uploaded as part of the amendment submission in the “Other Files/Comments” section in Buck-IRB.

If participant recruitment is ongoing, the consent form/process should be revised to inform new participants that their study-related data will be submitted to public, scientific databases such as dbGaP. NIH recommends that the data provided to dbGaP or another NIH data repository are coded and that participants are informed that they are free to withdraw their data from the NIH database (although data that have been distributed for approved research cannot be retrieved).

Provide a cover letter that includes the following information:

• Summary of the intent to contribute data to dbGaP or another NIH data repository
• Specific sources of the data to be submitted (e.g., all participants in the study, a specific subset of individuals, participants from all sites)
• List of the genotypic data that will be provided
• List of the phenotypic data that will be provided (as applicable)
• Statement of the proposed restrictions (if any) for access
  • Shared information will be available to for-profit entities unless restricted.
  • Aggregate information will be made available without restriction unless designated as sensitive in the institutional certificate.
• Plan for removing identifiers from the data to be provided
  • The identities of research participants cannot be disclosed to NIH data repositories; only coded data with all 18 HIPAA identifiers removed will be accepted. The IRB must review researchers’ plans for data coding to determine the plan’s appropriateness for the specific dataset and to provide the assurances required by the institutional certification.
• For multisite studies, a statement of whether Ohio State will be providing certification on behalf of all participating institutions, and if so, confirmation that the other institutions have agreed.
  • Certification must be provided for all sites contributing samples to dbGaP or another NIH genomic data repository. The lead site may submit one institutional certification on behalf of all collaborating sites. Alternatively, each site providing data may provide its own institutional certification.

Submit a copy of the original protocol.

Provide all consent documents used. To determine if the required assurances in the institutional certification can be made, the IRB must review all versions of the consent form signed by participants authorizing the researchers to collect participants’ data. If Ohio State will be providing certification on behalf of other participating institutions, consent forms used at these sites must also be reviewed.