NIH has issued notice NOT-OD-15-086 that describes the use of cloud computing services for storage and analysis of controlled-access data subject to the NIH Genomic Data Sharing Policy. The purpose of this Notice is to inform the research community that the National Institutes of Health (NIH) is now allowing investigators to request permission to transfer controlled-access genomic and associated phenotypic data obtained from NIH-designated data repositories that are under the auspices of the NIH Genomic Data Sharing (GDS) Policy to public or private cloud systems for data storage and analysis. This change is being made in light of the advances made in security protocols for cloud computing in the past several years and given the expansion in the volume and complexity of genomic data generated by the research community.
Provisions for the Use of Cloud Computing Services for Storage and Analysis of Controlled-Access Data Subject to the NIH GDS Policy
NIH expects cloud computing systems to meet the data use and security standards outlined in NIH Security Best Practices for Controlled-Access Data Subject to the NIH Genomic Data Sharing (GDS) Policy as well as the institution’s own IT security requirements and policies.
Investigators who wish to use cloud computing for storage and analysis will need to indicate in their Data Access Request (DAR) that they are requesting permission to use cloud computing and identify the cloud service provider or providers that will be employed. They also will need to describe how the cloud computing service will be used to carry out their proposed research. As with data stored in institutional systems, the institution’s signing official, Program Director/Principal Investigator, IT Director, and any other personnel approved by NIH to access the data are responsible for ensuring the protection of the data. The institution, not the cloud service provider, assumes responsibility for any failure in the oversight of using cloud computing services for controlled-access data.
The NIH Security Best Practices for Controlled Access Data Subject to the NIH Genomic Data Sharing (GDS) Policy have been updated to include best practices for cloud computing, are available at http://www.ncbi.nlm.nih.gov/projects/gap/pdf/dbgap_2b_security_procedures.pdf. The Model Data Use Certification has also been updated and is available athttp://gds.nih.gov/pdf/Model_DUC.pdf . More information on NIH Genomic Data Sharing may be found at http://gds.nih.gov
Questions regarding this Notice should be directed to your Contract and Grant Officer. IRB related questions should be directed to the IRB Administrators or Directors.
Director, Sponsored Projects
Sponsored Projects Administration
UCI Office of Research
5171 California Avenue, Suite 150
Irvine, CA 92697-7600
PH: (949) 824-2897
Fax: (949) 824-2094
Normal hours: 8:30am-6:30pm
1st/3rd Thursday: 8:30am-5:30pm
1st/3rd Friday: Out of office