Principal Investigators/Research Assistants

NDAR Data Access Request

NDAR DUC terms_final (040513)

Principal Investigators/Research Assistants

OMB: 0925-0667

Document [docx]
Download: docx | pdf








National Database for Autism Research (NDAR)


Central Repository Access Request















Contents


NDAR Central Repository Access 2

Steps to Request General Access to the NDAR Central Repository 2

Data Use Certification for the National Database for Autism Research Central Repository 3

Introduction 3

Definitions 3

Terms and Conditions 3

NDAR Information Security Best Practices 7

Recipient Information and Certifications……..…………………………………………………..……………......8

NDAR Central Repository Access Request


The NDAR Data Access Committee (DAC) approves access to data and/or images from the NDAR Central Repository for research purposes only. The DAC will review the Central Repository Access Request and the Data Use Certification (DUC) of each Recipient requesting data and provide access based on the expectations outlined in the NDAR policy (see http://ndar.nih.gov/ndarpublicweb/Documents/NDAR_Policy.pdf). These expectations include the protection of data privacy, confidentiality, and security. In the event that requests raise concerns related to privacy and confidentiality, risks to populations or groups, or other concerns, the DAC will consult with other experts as appropriate.


Recipients seeking access to data or images from NDAR are expected to submit their Central Repository Access Request, including a DUC, certified and co-signed by the Principal Investigator and the designated Institutional Official(s). Completing this Central Repository Data Access Request is a necessary step to access data or images from NDAR. Submission of data to NDAR may be subject to the NDAR Central Repository Submission Request and procedures.


Steps to Request General Access to the NDAR Central Repository

  1. Read the NDAR Central Repository Data Use Certification (DUC).

  2. Complete Recipient Information and Certifications pages, including your Institution’s Federal-wide Assurance number and a Research Use Statement—a brief description of your Research Project in the text box provided: the objectives, design, and analysis plan. Provide a statement as to whether you have/will apply for, obtain, or do not have a Certificate of Confidentiality for the Research Project. List all the collaborating investigators at your organization. By submitting an individual’s name on the form, you and your Institutional Official affirm that the collaborators have read and agreed to the terms and conditions within the Data Use Certification. Your collaborators at different organizations must complete separate requests for the data. Coordinated requests by collaborating organizations should all use the same title in their request and each should reference the others in the Research Use Statement.

  3. Sign the Recipient Information and Certifications page, and obtain your Institutional Official’s signature and date.

  4. Provide a scanned copy of the completed DUC Recipient Information and Certifications pages, including signatures, when requesting an account or requesting additional access to NDAR data at http://ndarportal.nih.gov.

  5. Access Request Review: The DAC will review requests to access the NDAR Central Repository. Such reviews are generally completed within 10 business days.

  6. The DAC will notify NDAR staff if the access request has been approved, and an account will then be provided. The user will receive an automated notification of their account update with any modified user name, passwords, or instructions for accessing the NDAR Central Repository.

  7. Optional: NDAR System Training (if request approved): Contact NIH through NDAR@mail.nih.gov to discuss specific training needs the user may have and schedule the training. 


Data Use Certification for the National Database for Autism Research Central Repository

Introduction

The National Institutes of Health (NIH) has developed a central data repository to store the collection of data from participants in autism research studies, regardless of the source of funding. The extensive information collected by these studies, and subsequently stored in the National Database for Autism Research (NDAR), provides a rare and valuable scientific resource. Promoting optimal use on a national scale of this resource will require a large and concerted effort, which may exceed the research capacity of currently available investigators. NIH has responsibility to the public in general, and to the scientific community in particular, to encourage the use of these resources to achieve rapid scientific progress. In order to take full advantage of such resources and maximize their research value, it is important that data be made available, on appropriate terms and conditions, to the largest possible number of qualified investigators in a timely manner.


Data collected by the Submitters have been stripped of all individual identifiers, but the unique and intrinsically personal nature of DNA, derivative data of which are included in NDAR, combined with the recent increase in the accessibility of conducting genotype and other sequence analyses (in terms of technological capacity and cost), has altered the framework through which “identify-ability” can be defined. To protect and assure the confidentiality and privacy of all participants, the Recipient who is granted access to these data is expected to adhere to the specifications of this DUC. Failure to do so could result in denial of further access to data.


Submitters have made a substantial long-term contribution to NDAR by submitting data to the Central Repository. NIH seeks to encourage appropriate data use and collaborative relationships by outside investigators with the Submitters and to ensure that the contribution of the Submitters is appropriately acknowledged.


Definitions


For purposes of this agreement, “data” refers to the information that has been collected and recorded from participants in autism studies, regardless of the source of funding. Data from study participants were collected through the periodic examinations and follow-up contacts conducted pursuant to the Submitters' Cooperative Agreement grants, other grants, contracts, and other autism studies conducted independent of NIH.


A “Submitter” is defined as a researcher with a past or current/active grant, contract, or consulting agreement with NIH, one of its contractors, or any other funding source, who has submitted data to the NDAR Central Repository, according to the policies laid out in the NDAR Central Data Repository Submission Agreement.


The “Recipient” Principal Investigator and his/her Organization may be a researcher at a non-profit or for-profit organization or corporation with an approved assurance from the Department of Health and Human Services Office for Human Research Protections. The Recipient Principal Investigator requests access to study data at his or her sole risk and at no expense to the study and NIH.

Terms and Conditions


I request approval to access data and/or images from the National Database for Autism Research (NDAR) Central Repository for research purposes. I agree to the following terms:


1. Research Project. These data will be used by Recipient Principal Investigator solely in connection with the “Research Project”, specifically indicated and described in the Research Use Statement on the DUC. If the Project does involve Submitter(s), their names and the work they will perform is also included in the Recipient Information and Certifications section.


This DUC covers only the Research Project contemplated in the Research Use Statement section. Recipient agrees that data will not be used in any research that is not disclosed and approved as part of the Research Project. Recipient will submit a completed DUC (this document) for each research project for which data are requested. This applies to all versions of NDAR data.


2. Non-transferability of Agreement. This DUC is not transferable. Recipient agrees that any substantive change Recipient makes to the Research Project requires execution of a new DUC, in which the new Research Project is designated. If the Recipient appoints another Principal Investigator to complete the Research Project, a new DUC in which the new Recipient is designated is necessary. If the Recipient changes institutions and wishes to retain access to NDAR data, a new DUC in which the new institution acknowledges and agrees to the provisions of the DUC is necessary.


3. Non-Identification of Subjects. Recipient agrees that data will not be used, either alone or in conjunction with any other information, in any effort whatsoever to establish the individual identities of any of the subjects from whom data were obtained. Recipient agrees to notify NIH as soon as possible if, upon use of NDAR data, the Recipient discovers identifying information in that data.


4. GUID and Access to Submitted Data. The Global Unique Identifier (GUID) is a computer-generated alphanumeric code that is unique to each research participant. The GUID allows NDAR to link together all submitted information on a single participant, giving researchers access to information even if the data were collected at different locations or through different studies. If Recipients request access to data on individuals for whom they themselves have previously submitted data to NDAR, they may gain access to more data about an individual participant than they themselves collected. Consequently, these research activities may be considered “human subjects research” within the scope of 45 C.F.R. 46. Recipients must comply with the requirements contained in 45 C.F.R. 46, as applicable, which may require that they obtain IRB approval of their Research Project.


5. Data Disclaimers. Recipient agrees that NIH does not and cannot warrant the results that may be obtained by using any data included therein. NIH disclaims all warranties as to the accuracy of the data in NDAR or the performance or fitness of the data for any particular purpose.


6. Notification of NIH of Publication. Prompt publication or other public disclosure of the results of the Research Project is encouraged. Recipient agrees to notify NIH via email at NDAR@mail.nih.gov as to when and where a publication (or other public disclosure) of a report from the Research Project will appear. Notification of such publications can occur by sending to NIH an updated biographical sketch or CV of the publishing author.


7. Data Access for Research. Data from completed studies are eligible for restricted “Controlled Access” by qualified researchers pursuant to the terms set forth in this agreement. Recipients of Controlled Access data acknowledge that other researchers have access to the data and that downloading, utilization, and duplication of research is a distinct possibility.


Data from ongoing studies may be eligible for restricted “Ongoing Study Access” following coordination and consultation with the Submitter and pursuant to the Additional Standards for Accessing NDAR Data While a Study is Ongoing (see http://ndar.nih.gov/ndarpublicweb/Documents/NDAR%20Ongoing%20Study%20Policy%20Addendum.PDF).


8. No Distribution of Data. Recipient agrees to retain control over data, and further agrees not to transfer data, with or without charge, to any other entity or any individual. Recipient agrees not to sell the data in any form to any entity or individual or to distribute the data to anyone other than his/her research staff who will also agree to the terms within this DUC. This applies to all versions of NDAR data.


9. Acknowledgments. Recipient agrees to acknowledge the contribution of the NDAR bioinformatics platform, the relevant NDAR dataset identifier(s) (a serial number), and the Submitter(s) in any and all oral and written presentations, disclosures, and publications resulting from any and all analyses of data using the NDAR tools, whether or not Recipient is collaborating with Submitter(s). The manuscript should include the following acknowledgement or other similar language:


Data and/or research tools used in the preparation of this manuscript were obtained and analyzed from the controlled access datasets distributed from the NIH-supported National Database for Autism Research (NDAR). NDAR is a collaborative biomedical informatics system created by the National Institutes of Health to provide a national resource to support and accelerate research in autism. Dataset identifier(s): [provide]. This manuscript reflects the views of the authors and may not reflect the opinions or views of the NIH or of the Submitters submitting original data to NDAR.


If the Research Project involves collaboration with Submitters or NIH staff (as indicated in the DUC), then Recipient will acknowledge Submitters or NIH staff as co-authors, if appropriate, on any publication.


In addition, Recipients agree to include a reference to NDAR datasets analyzed and to cite NDAR and the federal funding sources in abstracts as space allows.


11. Non-Endorsement; Liability. Recipient agrees not to claim, infer, or imply endorsement by the United States Government, the Department of Health & Human Services, the National Institute of Health, or the National Institute of Mental Health of the Research Project, the entity, or personnel conducting the Research Project or any resulting commercial product(s). The United States Government assumes no liability except to the extent provided under the Federal Tort Claims Act (28 U.S.C. § 2671-2680).


12. Recipient's Compliance with Institutional Requirements. Recipient acknowledges that access, if provided, is for research that is approved by the Institution, which must be operating under an Office of Human Research Protections (OHRP)-approved Assurance. Furthermore, Recipient agrees to comply with all applicable rules for the protection of human subjects, which may include Department of Health and Human Services regulations at 45 C.F.R. Part 46, and other federal and state laws for the use of this data. Recipient agrees to report promptly to NIH any proposed change in the research project and any unanticipated problems involving risks to subjects or others. This DUC is made in addition to, and does not supersede, any of Recipient's institutional policies or any local, State, and/or Federal laws and regulations that provide additional protections for human subjects.


13. Recipient’s Permission to Post Information Publicly. Recipient agrees to permit the NIH to summarize on the NDAR Web site the Recipient’s research use of NDAR along with the Recipient’s name and organizational/institutional affiliation.


14. Privacy Act Notification. In order to access the NDAR Central Repository, the Recipient agrees to provide the information requested below. 


The Recipient agrees that information collected from the Recipient, as part of the Data Access Request, may be made public in part or in whole for tracking and reporting purposes. This Privacy Act Notification is provided pursuant to Public Law 93-579, Privacy Act of 1974, 5 U.S.C. Section 552a.  Authority for the collection of the information requested below from the recipient comes from the authorities regarding the establishment of the National Institutes of Health, its general authority to conduct and fund research and to provide training assistance, and its general authority to maintain records in connection with these and its other functions (42 U.S.C. 203, 241, 289l-1 and 44 U.S.C. 3101), and Section 301 and 493 of the Public Health Service Act.  These records will be maintained in accordance with the Privacy Act System of Record Notice 09-25-0156 (http://oma.od.nih.gov/ms/privacy/pa-files/0156.htm) covering “Records of Participants in Programs and Respondents in Surveys Used to Evaluate Programs of the Public Health Service, HHS/PHS/NIH/OD.” The primary uses of this information are to document, track, and monitor and evaluate the use of the NDAR datasets, as well as to notify interested recipients of updates, corrections or other changes to the database. 


The Federal Privacy Act protects the confidentiality of the Recipient’s NIH records. The NIH and any sites that are provided access to the datasets will have access to the data collected from the Recipient for the purposes described above. In addition, the Act allows the release of some information in the Recipient’s records without his/her permission; for example, if it is required by members of Congress or other authorized individuals. The information requested is voluntary, but necessary for obtaining access to data. 


15. Security. Recipient acknowledges the expectations set forth by the attached “NDAR Information Security Best Practices” for the use and security of data.


16. Annual Update. When requested, Recipient will provide to NDAR@mail.nih.gov an annual summary of research accomplishments from using NDAR in an updated biographical sketch or CV.


17. Amendments. Amendments to this DUC must be made in writing and signed by authorized representatives of all parties.


18. Termination. Either party may terminate this DUC without cause provided 30 days written notice to the other party. Recipients agree to immediately report violations of NDAR Policy to the NDAR DAC. Additionally, NIH may terminate this agreement with 5 days written notice if the NIH determines, in its sole discretion, that the Recipient has committed a material breach of this DUC. NIH may, in its sole discretion, provide Recipient with 30 days’ notice to remedy a breach before termination. Closed accounts may be reactivated upon submission of an updated Central Repository Access Request and DUC.


19. One-Year Term and Access Period. Recipients who are granted permission to access data from NDAR receive an account that is valid for a period of one year. This DUC will automatically terminate at the end of one year. An account may be renewed upon recertification of a new DUC. Accounts that remain inactive for 12 consecutive months may be closed at the discretion of NIH.


20. Accurate Representations. Recipient expressly certifies that the contents of any statements made or reflected in this document are truthful and accurate.

NDAR Information Security Best Practices

The purpose of these Security Best Practices, which are subject to applicable law, is to provide minimum security standards and best practices for individuals who use NDAR to submit, access, and analyze data. Keeping NDAR information secure through these best practices is important. Subject to applicable law, Recipients agree to immediately report breaches of data confidentiality to the NDAR DAC.

Best Practices

We suggest that you:

  • Do not attempt to override technical or management controls to access data for which you have not been expressly authorized.

  • Do not use your trusted position and access rights to exploit system controls or access data for any reason other than in the performance of the proposed research.

  • Ensure that anyone directed to use the system has access to, and is aware of, NDAR Information Security Best Practices and all existing policies and procedures relevant to the use of NDAR, including but not limited to, the NDAR policy at http://ndar.nih.gov and 45 C.F.R. Part 46.

  • Follow the NDAR password policy which includes:

  • Choose passwords of at least seven characters including at least three of the following types of characters: capital letters, lower case letters, numeric characters and other special characters.

  • Change your passwords every six months.

  • Protect your NDAR password from access by other individuals—for example, store it electronically in a secure location.

  • Notify NDAR staff, as permitted by law, at ndar@mail.nih.gov of security incidents, or any incidents of suspected fraud, waste or misuse of NDAR or when access to NDAR is no longer required.

Security Standards

  • Protect the data, providing access solely to authorized researchers permitted access to such data by your institution or to others as required by law.

  • When you download NDAR data, download the data to a secured computer or server with strong password protection.

  • For the computers hosting NDAR data, ensure that they have the latest security patches and are running virus protection software.

  • Make sure the data are not exposed to the Internet or posted to a website that may be discovered by Internet search engines such as Google or MSN.

  • If you leave your office, close out of data files or lock your computer. Consider the installation of a timed screen saver with password protection.

  • Avoid storing data on a laptop or other portable medium. If storing data on such a device, encrypt the data. Most operating systems have the ability to natively run an encrypted file system or encrypt portions of the file system. (Windows = EFS or Pointsec and Mac OSX = File Vault)

  • When finished using the data, destroy the data or otherwise dispose of it properly, as permitted by law.


File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
AuthorAnne Sperling
File Modified0000-00-00
File Created2021-01-26

© 2024 OMB.report | Privacy Policy