Visit the Federal Research Updates 2025 website for current resources.

NIH updates policies on genomic data sharing

News for Researchers

Posted January 10, 2025 by Tiffany Lee

The National Institutes of Health recently announced significant updates to its Genomic Data Sharing (GDS) Policy, which will take effect on Jan. 25. These updates introduce enhanced cybersecurity requirements and new terms of access, impacting researchers and developers accessing genomic data stored in NIH-controlled repositories.

Cybersecurity enhancements

Researchers accessing de-identified human genomic data must ensure that institutional systems meet the National Institutes of Standards and Technology Special Publication 800-171 cybersecurity standard. Institutions must evaluate their IT infrastructure, identify gaps and develop a Plan of Action and Milestones (POAM) to address risks. Developers managing repositories must comply with the stricter NIST SP 800-53 standard.

Defined roles and responsibilities

The policy distinguishes between “Approved Users” (researchers accessing data for study) and “Approved Developers” (those building tools or managing data repositories). Each must adhere to tailored security practices and terms of access, including mandatory reporting of data breaches and adherence to NIH security training.

New access procedures for developers

Developers must submit a Developer Use Statement (DUS) outlining their planned activities and attesting to cybersecurity compliance. Terms of access prohibit unauthorized data sharing, require prompt incident reporting and mandate data destruction upon project completion.

Institutional action steps

Institutions are advised to:

Effective date and compliance deadlines

The updated requirements apply to all grants, contracts and agreements initiated or renewed after Jan. 25. Existing projects can continue under their current terms until renewal.

To help institutions and researchers prepare for these updates, NIH hosted two information sessions in January. When available, recordings and transcripts can be accessed on the past NIH VideoCasts page. For more details, visit NIH’s Genomic Data Sharing Policy page. Questions about compliance with the NIST standards can be directed to Matthew Long, director of research IT services at the University of Nebraska.


Back to News for Researchers