NIH Genomic Data Sharing (GDS) Policy – use of cloud computing services

Dear Colleagues:


NIH has issued notice NOT-OD-15-086  that describes the use of cloud computing services for storage and analysis of controlled-access data subject to the NIH Genomic Data Sharing Policy. The purpose of this Notice is to inform the research community that the National Institutes of Health (NIH) is now allowing investigators to request permission to transfer controlled-access genomic and associated phenotypic data obtained from NIH-designated data repositories that are under the auspices of the NIH Genomic Data Sharing (GDS) Policy to public or private cloud systems for data storage and analysis.  This change is being made in light of the advances made in security protocols for cloud computing in the past several years and given the expansion in the volume and complexity of genomic data generated by the research community. 


Provisions for the Use of Cloud Computing Services for Storage and Analysis of Controlled-Access Data Subject to the NIH GDS Policy

NIH expects cloud computing systems to meet the data use and security standards outlined in NIH Security Best Practices for Controlled-Access Data Subject to the NIH Genomic Data Sharing (GDS) Policy as well as the institution’s own IT security requirements and policies.


Investigators who wish to use cloud computing for storage and analysis will need to indicate in their Data Access Request (DAR) that they are requesting permission to use cloud computing and identify the cloud service provider or providers that will be employed.  They also will need to describe how the cloud computing service will be used to carry out their proposed research.  As with data stored in institutional systems, the institution’s signing official, Program Director/Principal Investigator, IT Director, and any other personnel approved by NIH to access the data are responsible for ensuring the protection of the data.  The institution, not the cloud service provider, assumes responsibility for any failure in the oversight of using cloud computing services for controlled-access data. 


The NIH Security Best Practices for Controlled Access Data Subject to the NIH Genomic Data Sharing (GDS) Policy have been updated to include best practices for cloud computing, are available at  The  Model Data Use Certification has also been updated and  is available at .  More information on NIH Genomic Data Sharing may be found at


Questions regarding this Notice should be directed to your Contract and Grant Officer. IRB related questions should be directed to the IRB Administrators or Directors.


Nancy Lewis

Director, Sponsored Projects


Sponsored Projects Administration

UCI Office of Research

5171 California Avenue, Suite 150

Irvine, CA  92697-7600

PH:  (949) 824-2897

Fax: (949) 824-2094



Normal hours: 8:30am-6:30pm
1st/3rd Thursday: 8:30am-5:30pm
1st/3rd Friday: Out of office


*Sign up for the SPA listserv emailing: or



Scroll to Top