OFFICE OF THE VICE CHANCELLOR FOR
REASEARCH AND INNOVATION

April 23, 2025

Alternate text

ALL ACADEMICS AT UC SAN DIEGO

Updates to NIH Genomic Data Sharing Policy

Dear Colleagues,

As of January 25, 2025, the National Institutes of Health has updated its Genomic Data Sharing Policy. This change affects all researchers receiving NIH funding who are also working with genomic data. The revised policy aims to promote data sharing, collaboration, and transparency in genomic research, as well as establish data security control standards used by institutions to secure genomic data.

To ensure compliance with the new policy, we encourage all researchers to review the updated guidelines outlined in NOT-OD-24-157 and NIH Security Best Practices.

To support our faculty in compliance with updated guidelines, our offices are working together to provide technical and compliance support, as needed by impacted faculty and labs.

This notice applies to:

  1. Users who require access to NIH controlled-access data repositories: These are databases and access systems that:
    1. Are funded by the NIH;
    2. Store and control access to human genomic data;
    3. Review and approve data access requests; and
    4. Use federal employees to conduct reviews and authorize access.
  2. Developers: These are individuals or teams that:
    1. Test and develop platforms, tools, and interfaces for working with human genomic data;
    2. Provide infrastructure development and maintenance for NIH repositories; and
    3. Work with human genomic data from NIH controlled-access data repositories.

What investigators need to do

The NIH policy requires that: 

  • Approved Users of NIH controlled-access data will attest to NIH that their institution is compliant with NIST SP 800-171; and
  • Approved Users choosing a third-party IT system and/or Cloud Service Provider (CSP) for data analysis and/or storage will provide NIH with an attestation affirming that the third-party system is compliant with NIST SP 800-171.

If you receive NIH funding and work with genomic data, you should ensure that you are in compliance with this policy and follow NIH Security Best Practices to protect the confidentiality, integrity and availability of genomic data.

NIH attestation processes have not been finalized but may take the form of a click-thru agreement (button/checkbox on a website) when accessing NIH controlled-access data repositories and/or as part of a formal award action.

If you have questions about this new policy or complying with it, please contact the appropriate Information Services team members at:

  • Campus Faculty: Please contact the Regulated Research team at OIA-Research-Support@ucsd.edu for guidance and available resources on implementing and complying with the new policy in your research.
  • Health Sciences Faculty: Please contact Health Information Services at HS-InfoSecReviews@health.ucsd.edu for guidance and available resources on implementing and complying with the new policy in your research.

If you have immediate questions or concerns, please send queries to the contacts above.

Best regards,

Corinne Peek-Asa
Vice Chancellor for Research and Innovation

Kevin Chou
Acting Chief Information Security Officer, UC San Diego

Scott Currie
Chief Information Security Officer, UC San Diego Health

University of California San Diego, 9500 Gilman Drive, La Jolla, CA, 92093