Policy

NDAR Policy | Data Access Committee | Standard Operating Procedures

NDAR has been developed for the autism research community. More broadly, NDAR has multiple stakeholders with differing needs. The NDAR policies and procedures defined here address the needs of all stakeholders. They are reviewed and approved by the NDAR Leadership Team.

NDAR Policy

The NDAR Policy is the primary overarching policy of NDAR addressing considerations for providing data to NDAR, outlining the requirements for data submission and the protection of research subjects. The Ongoing Study Policy is for the purpose of using NDAR as a collaborative space for an investigator determined period of time, subject to NDAR Data Access Committee approval.


Data Access Committee

As defined by the NDAR Policy, the NDAR Data Access Committee (DAC) has been established to objectively and systematically review data access and submission requests. Collectively, the DAC has overall responsibility for ensuring compliance with the NDAR Policy. Specifically, the DAC's responsibilities include the following:

  1. Review and approval of data submissions to NDAR.
  2. Review and approval of individuals requesting access to controlled NDAR resources (e.g. NDAR Central Repository) for broad access or for NDAR's Ongoing Study capability.
  3. Agreeing to Memoranda of Understanding (MOUs) or agreements with entities interacting with NDAR, such as federated data resources.
  4. Authorizing other groups, such as NDAR staff, to perform specific tasks defined within this document (e.g. QA/QC procedures, security compliance, granting of access in NDAR based upon DAC decisions, etc.).

The DAC consists of a minimum of three federal employees appointed by the NDAR Director. The DAC comprises the following individuals with expertise in science, policy, or bioinformatics resources:

  • Dr. Michelle Freund — Chair
  • Dr. Anjene Addington
  • Dr. Holly Garriock
  • Dr. Lisa Gilotty
  • Dr. Alice Kau
  • Dr. Cindy Lawler
  • Dr. Judith Rumsey
  • Dr. Anne Sperling

Standard Operating Procedures

NDAR is a protected resource for autism data contributed by investigators, funded by the NIH and other organizations. Contained in the NDAR Central Repository are detailed research data derived from consenting human subjects. Operational procedures have been established to ensure that the data contained in NDAR are efficiently made available to qualified researchers according to the protections defined in NDAR and other federal policies.

The SOPs described below are to be followed by NIH, their designees, and NDAR users. Note that these procedures often require an investigator to upload a document into their NDAR profile and possibly associate these documents with an NDAR Collection or NDAR Study. Only the investigator and NDAR staff will have access to these documents. For any other questions or feedback, please contact ndarhelp@mail.nih.gov.


SOP-01 NDAR Account Request

Revision 1
Effective 9/27/12

Purpose

The purpose of this SOP is to define the steps for requesting access to the shared data available in the NDAR Central Repository as well as multiple autism-relevant data sources federated with NDAR.

Scope

This procedure applies to all account requests and the investigators and data managers at research sites who request them. This procedure requires 1-3 business days for accounts. Accounts with shared data access to NDAR or data submission privileges will take longer.

Procedure

Account Request Initiation
  1. The user requests an account:
    1. Navigate to the NDAR portal home page and click the "Signup" link.
    2. On the "Request an Account" page, fill in the required fields. Click "Save and Continue."
    3. Review and edit information. Click the [Save and Continue] button.
  2. The NDAR portal notifies NDAR Staff that the request is awaiting review.
Account Request Review and Approval
  1. NDAR Staff review the information provided in the request.
  2. NDAR Staff look up the user's name in the NIH grants management system to see if he/she has applied for or received grant support (which is not required for an NDAR account).
  3. NDAR Staff verify that the user's affiliated institution is recognized by the NIH as a research organization.
  4. NDAR Staff may contact the user for more information about the intended use of NDAR.
  5. NDAR Staff summarize this information and - if required - provide it to the NDAR Data Access Committee (DAC).
  6. The DAC reviews the information and authorizes the account request.
  7. With approval from the DAC, NDAR Staff establish a link between the account and NIH enterprise systems for the purpose of making grant and publication information available in the NDAR portal.
  8. An automated email message is sent to the user with instructions on validating the account.
Account Validation
  1. The user receives an email from NDAR with the subject line: "NDAR Portal New User Account Request."
  2. The user clicks on the unique URL provided in the email.

Related Documents


SOP-02 Data Submission Privilege Request

Revision 1
Effective 9/27/12

Purpose

The purpose of this SOP is to define the steps necessary to request, review, and approve data submission privileges in NDAR.

Scope

This procedure applies to all investigators and data managers who will submit descriptive data, analyzed data, and supporting documentation associated with a research study to an NDAR Collection. This procedure typically requires 5-7 business days.

Procedure

Data Submission Privilege Request Initiation
  1. The investigator downloads and completes the NDAR Data Submission Agreement.
    1. The agreement must be signed by two parties:
      • The Principal Investigator or person responsible for collecting the data
      • The NIH-recognized business official at the investigator's affiliated institution with an active Federal Wide Assurance. This is the same person that signs off on grant applications at the research institution.
  2. The investigator creates an Adobe PDF file of the signed agreement.
  3. The investigator uploads the PDF file to his/her NDAR account through the "My Profile" link or emails the document to ndarhelp@mail.nih.gov.
  4. The NDAR portal notifies NDAR Staff that the request is awaiting review.
Review and Approval
  1. NDAR Staff review the Data Submission Agreement for completeness.
    1. NDAR Staff ensure that the signing business official is recognized by the NIH.
  2. NDAR Staff set an appropriate agreement expiration date, generally 180 days following project end date. The agreement may be extended as necessary by contacting the NDAR Help Desk.
  3. NDAR Staff provide the agreement and a summary of the request to the NDAR Data Access Committee (DAC) for decision. The DAC reviews these requests electronically and/or via conference call and makes a decision based on the expectations outlined in the NDAR Policy. The user may be contacted for additional information to support the decision.
  4. Once the request is approved, NDAR Staff update the NDAR account privileges, permitting the investigator to create and edit a Collection and submit data.
  5. An automated email is sent notifying the investigator of his/her change in account privileges.

SOP-03 NDAR Certification and Assurance to Operate

As a Federal Information System, NDAR will follow NIH Security Certification and Accreditation. NDAR is rated at a Security Objective of Confidentiality and a Potential Impact Level of Moderate. This level of security is defined by NIST publication 800-18 Guide for Developing Security Plans for Federal Information Systems:

"The unauthorized disclosure of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals."

SOP-04 Data Access Permission Request

Effective 10/31/2013

Purpose

The purpose of this SOP is to establish the steps for requesting access to the shared data available in the NDAR Central Repository as well as multiple autism-relevant data sources federated with NDAR (e.g., AGRE, ATN, and IAN).

Scope

This procedure applies to all individuals interested in gaining access to shared data in NDAR. Each federated data source has its own specific procedure to request access to data. These requests can now be made through NDAR when requesting an NDAR account or in the "My Profile" page for current NDAR users. For more information on requesting access to the Pediatric MRI Data Repository, check the NIH MRI Study of Normal Brain Development Data Access Page. NDAR Help Desk with any questions.

Procedure

Data Access Permission Request Initiation
  1. The user completes the Data Use Certification (DUC) form. (**Note: A single document is now used to request access to both NDAR and the Pediatric MRI Data Repository.) Check the appropriate box(es) on the Data Use Certification to indicate the repository(ies) for which you are requesting access.
    1. The DUC must be signed by 2 parties:
      • The Principal Investigator who will be the recipient of the data in NDAR and/or Pediatric MRI Data Repository.
      • The NIH-recognized business official at the investigator's affiliated institution. This signature must be from an individual who is listed as having signing autheority in the eRA Commons system. Contact the NDAR Help Desk if you do not know the business official at your institution.
  2. The user scans the completed and signed document as an Adobe PDF file.
  3. The user uploads the PDF file to his/her account through the "My Profile" link or emails it to NDARHelp@mail.nih.gov
Data Access Permission Request Review and Approval
  1. NDAR Staff review the Data Use Certification form for completeness. NDAR Staff will contact the Principal Investigator if the form is not complete.
  2. NDAR Staff provide the Data Use Certification form and a summary to the appropriate authority for decision. For example, if the request is for the NDAR Central Repository, it is routed to the NDAR Data Access Committee (DAC) for adjudication. If the request is for access to the Pediatric MRI Data Repository, the request is routed to the Pediatric MRI Data Access Committee for adjudication.
  3. The appropriate DAC(s) will review the request and make a decision about whether to grant access. Decisions are typically made within 5-10 business days from receipt of a complete Data Use Certification form. Once access is approved, NDAR Staff update account privileges to permit the user to query and access shared data.
  4. An automated email message is sent notifying the user of his/her change in account privileges.
  5. Access to NDAR shared data is valid for one year.

Related Documents


SOP-05 Quality Assurance and Quality Control

Revision 1
Effective 9/27/12

Purpose

The high quality of data within NDAR is crucial for ensuring its usefulness and reliability for research. Therefore, the NIH has implemented a multi-tiered quality control procedure for data contributed to NDAR.

Procedure 1: Validation of Data Elements Made Available by NDAR

Prior to a Data Dictionary release or the establishment of a federated data resource, NDAR Staff will certify that the fields defined do not include any information that can be reasonably used to identify a research subject or those associated with the research. Although not applicable to NDAR, the HIPAA Limited Dataset definition will be used as the basis for this certification. Specifically, NDAR Staff will ensure that the following direct identifiers of the research subject or of relatives, employers, or household members associated with the research subject are removed:

  1. Names;
  2. Postal address information, other than town or city and state or 3 digit zip code;
  3. Telephone numbers;
  4. Fax numbers;
  5. Email addresses;
  6. Social Security numbers;
  7. Medical record numbers;
  8. Health plan beneficiary numbers;
  9. Account numbers;
  10. Certificate or license numbers;
  11. Vehicle identifiers and license plate numbers;
  12. Device identifiers and serial numbers;
  13. URLs associated with an individual;
  14. IP addresses;
  15. Biometric identifiers; and
  16. Full-face photographs and any comparable images.

Any potential discrepancies to this privacy rule (e.g., genomics data or images that could be transformed) will be documented and approved/denied by the NDAR Data Access Committee (DAC).

Procedure 2: Sharing of an NDAR Study or NDAR Collection

Investigators may create an NDAR Collection or Study many months prior to submitting data to them. As containers empty of research data, Collections and Studies contain only general information such as the project title, contributing investigators and funding source. These containers may be shared either to specific individuals through NDAR's Ongoing Study capability or broadly with other researchers. The decision to share a Collection or Study is based solely upon the discretion of the owner. No additional review is necessary.

Sharing a Collection or Study only makes general information available to others. Documentation contained in the Collection or Study or data contained in the Collection must follow specific data sharing procedures, defined below.

Procedure 3: Validation of Documents within an NDAR Collection or NDAR Study

For documentation uploaded to NDAR, the following procedure will be followed.

  1. A user with appropriate privilege uploads a document into an NDAR Collection or NDAR Study.
  2. The account holder assures NDAR that the data contained in the document contains no identifying information.
  3. The NDAR portal performs a virus scan of the document and accepts it.
  4. NDAR Staff are notified of the uploaded document and performs a review of the document to verify that it contains no identifying information associated with research subjects.
  5. The owner of the Collection or Study requests that the document be shared.
  6. NDAR Staff notify the DAC of the request for a decision to allow the document to be shared.
  7. If the document is approved, the DAC authorizes NDAR Staff to allow the document to be shared with others.

Procedure 4: Validation and Sharing of an NDAR Dataset

Datasets contributed to the NDAR Central Repository are shared with those that have appropriate access. The same process is followed for data shared broadly and data shared through NDAR's Ongoing Study capability.


SOP-06 Establishment of a Federated Data Resource

Revision 1
Effective 9/27/12

Purpose

The purpose of this SOP is to outline the steps required to establish a federated resource. The data federation provides investigators with a single point of access to multiple autism-related data sources in addition to the shared data stored in the NDAR Central Repository.

Scope

This procedure applies to NDAR Staff and the NDAR Data Access Committee (DAC).

Procedure

  1. NDAR Staff request DAC approval to pursue data federation with a specific data resource.
  2. NDAR Staff work with the prospective federated data resource and resolve issues associated with data definition, translation, security, and access.
  3. The NDAR Director, working with NDAR Staff, will develop a data federation agreement between the prospective data resource and NDAR. The agreement will define the specific views of data to be made available and the persons or groups the federated resource has determined to have authority to grant access to those views.
  4. The DAC and federated data resource approve the data federation agreement.
  5. NDAR Staff perform data validation steps associated for each of the views established by the federated data resource.
  6. The DAC authorizes the data resource (or specific views into that resource) to be available through NDAR as defined by the agreement.

SOP-07 Data Dictionary Definition

Revision 1
Effective 9/27/12

Purpose

The purpose of this SOP is to outline the steps for adding a data structure in NDAR's Data Dictionary.

Scope

This procedure applies to all investigators and data managers submitting data who wish to create a data structure. Duplication of data structures is to be avoided as much as possible. However, if no data structure exists for a given type of assessment or measure, we encourage the community to define the data structure.

Procedure

Investigators are encouraged to extend the autism data dictionary available at http://ndar.nih.gov/ndar_data_dictionary.html?type=All&source=NDAR&category=All. To change a definition or use an existing one as a template, simply select the definition from the website and then select download definition, which will allow you to save your definition in csv format, which can be opened in Excel. Make your changes indicating the type of changes you have made and email the updated spreadsheet to the NDAR Help Desk. NDAR will then curate the definition and if no changes are needed, have it applied to the NDAR Data Dictionary. Please note that for all NDAR data definitions, subjectkey , src_subject_id , interview_age , interview_date , and gender are required.


SOP-08 GUID Generation Permission Request

Revision 1
Effective 9/27/12

Purpose

The purpose of this SOP is to define the steps for installing the free GUID Tool software. This includes GUID Tool request initiation, review, approval, and verification.

Scope

This procedure applies to all investigators and data managers who are required to generate GUIDs and pseudo-GUIDs for data submission.

Procedure

GUID Tool Request Initiation
  1. The user requests access to the GUID Tool through the "My Profile" link in their NDAR account:
    1. On the "Modify my Profile" page, scroll down to the "Account Privileges" section.
    2. Check the "GUID Tool" checkbox.
    3. Click the [Save] button.
  2. NDAR Staff is notified that the request is awaiting review.
GUID Client Request Review and Approval
  1. NDAR Staff approve the request and update the NDAR account privileges allowing the user to launch the GUID software from within the NDAR Portal.

SOP-09 Request for Ongoing Study

Revision 1
Effective 9/27/12

Purpose

The purpose of this SOP is to outline the steps for receiving the Ongoing Study capability. This includes request initiation, review, and approval.

Scope

The procedure applies to the Principal Investigators, Co-Investigators, and collaborators interested in this capability. This procedure typically requires 10 business days.

Procedure

Ongoing Study Request Initiation

The PI sends the reason they would like to use NDAR's ongoing study capability including a description of the data that will be held by NDAR, the Co-Investigators, and the duration the data will be available only to the group. Note that the Principal Investigator must have a current Data Submission Agreement uploaded to their account.

Ongoing Study Request Review and Approval
  1. NDAR Staff provide the ongoing study abstract and any related data access agreements to the NDAR Data Access Committee (DAC) for decision.
  2. The DAC reviews the request and makes a decision based on the expectations outlined in the NDAR Policy. NDAR Staff may contact investigators for additional information to support the decision.
  3. Once approved, NDAR Staff send an email to the Principal Investigator with the decision.
  4. Co-Investigators are then given accounts or their accounts are associated with the collection defined for the ongoing study.

Related Documents


SOP-10 Request Time Extension for Sharing

Revision 1
Effective 9/27/12

The purpose of this SOP is to outline the steps for requesting a time extension for data sharing. These requests may be made if there are reasons for which the release of data would be considered premature. Extensions are not granted for the sole purpose of delaying QA/QC activities.

Scope

This procedure applies to investigators who have submitted data and only the data contained in the NDAR Central Repository. This procedure typically requires 10 business days.

Procedure

Time Extension Request Initiation
  1. The investigator develops a written request for extension for a specific Collection or Study which includes the following:
    1. The title of the Collection or Study for which he/she is requesting the extension.
    2. The scientific rationale for the extension.
    3. A description of the data requiring the extension.
    4. A schedule for the release of the data requiring the extension.
    5. A description of data that will be released in the original timeframe.
  2. The investigator emails NDAR with the reason for the time extension.
  3. The NDAR portal notifies NDAR Staff that the request is awaiting review.
Time Extension Request Review and Approval
  1. If the data are associated with NIH-funded research, the NDAR Data Access Committee will consult with the NIH Program Officer to decide whether to support the request.
  2. NDAR Staff will update the status of the request in NDAR based upon the decision.

SOP-11 Deviations to Data Sharing Terms

Revision 1
Effective 9/27/12

Purpose

The purpose of this SOP is to outline the steps necessary to change the data-sharing terms associated with NIH-funded research. Over the course of research, circumstances may arise that necessitate a change in the terms.

Scope

This procedure applies to all investigators who are required to submit data to NDAR.

Procedure

  1. The investigator defines the scientific need to deviate from the established terms and conditions.
  2. The owner of the Collection emails the concern to the NDAR Help Desk.
  3. NDAR Staff will forward the request to the DAC and appropriate NIH Program Officer.
  4. The Data Access Committee (DAC) and Program Officer will approve the request or consult with the investigator for clarification/modification.
  5. Once approved, NDAR Staff will update their records on when the specified data will be submitted.

SOP-12 Administrative Access to NDAR

Purpose

The purpose of this SOP is to outline the steps for receiving administrative access to NDAR.

Scope

This procedure applies to all NDAR technical staff, NDAR operational staff, and extramural program staff who must have the ability to query and review data within NDAR in order to perform their job. Intramural staff who wish to request access to NDAR should follow SOP-04 Data Access Permission Request.

Procedure

NDAR Staff

The NDAR Director is responsible for granting individual access to those administering NDAR. The Director may choose to delegate the responsibility of granting access to other NDAR Staff.

Extramural Program Staff

Requests for such access will be approved by the Data Access Committee (DAC). The procedure for requesting such access generally follows the procedure detailed in SOP-04 Data Access Permission Request, however, the request can be submitted by email in lieu of completing and submitting the NDAR Data Use Certification. Requests should be addressed to NDARHelp@mail.nih.gov and must provide the reason that access to data in NDAR is needed.

Related Documents


SOP-13 Request to Submit Data to an NDAR Federated Repository

Purpose

Beginning in fiscal year 2012, all NIH-funded human subject research data related to autism is expected to be shared through NDAR. For new projects, the data sharing terms will be included in the Notice of Grant Award (NGA) which will also include expected timelines for data submission. For projects enrolling new research subjects and collecting new data on those subjects, both descriptive and analyzed data are expected to be deposited into NDAR. When experimental results are obtained from a dataset originating from an NDAR federated source (e.g. ATP, AGRE), only the newly derived analyzed data are expected to be submitted to NDAR in an effort to avoid duplication. While most data are expected to be submitted directly into NDAR, there may be valid scientific and/or operational reasons for submitting data, either descriptive and/or experimental, into another repository and not NDAR. However, to ensure that data remains available to the research community, only repositories that are federated with NDAR, make the data generally available to the autism research community, and have a memo of understanding (MOU) in place with NDAR ensuring such data deposited remain available to the community in perpetuity, will be considered.

The following procedure should be followed for such cases.

Procedure

An investigator who wishes to use another repository for data sharing should first consult with his/her Program Officer. If the Program Officer believes that it is appropriate for the investigator to submit to another repository, the investigator should provide the following information to the NDAR Help Desk:

  • NIH grant information (title, PI, grant number, etc.)
  • Background and reason for submitting into another repository
  • Submission and data sharing schedule, if different from the terms of award
  • Name of the federated repository proposed for data submission where the data will be made available.

NDAR Staff will provide the request to submit and share data through a federated repository and any related information to the NDAR Data Access Committee (DAC) for a decision. The DAC meets twice a month to review these requests. NDAR Staff may contact investigators and/or the Program Officer for additional information if required. The DAC reviews the request and makes a decision based on the information provided in the request. Final approval of the request to submit to another repository instead of NDAR is contingent upon approval from both the Program Officer and the DAC. Once approved, NDAR Staff will send an email to the lead investigator with the decision. The entire procedure typically requires 10 business days.


SOP-14 Removal of Subjects Data from NDAR

Purpose

The purpose of this SOP is to outline the steps for requesting removal of participant data from the NDAR Central Repository.

Scope

SOP-14 applies to all investigators who have submitted data to NDAR and the investigator's lab that has received a request from individuals who were previously consented to have their data removed from NDAR.

Procedure

Submitting investigators and their institutions may use the GUID as a means to request removal of data on individual participants from the NDAR Central Repository in the event that a research participant withdraws his/her consent. To have a subject removed, please email the NDAR Help Desk at ndarhelp@mail.nih.gov with your request referencing this procedure and the GUID(s) requiring removal. As per NDAR policy, data that have been distributed for approved research use will not be retrieved.


SOP-15 Discovery of Personally Identifiable Information (PII) within NDAR Protected Data

Purpose

Investigators submitting data to NDAR must certify that all data contributed to NDAR is de-identified as defined in the NDAR Submission Agreement. While NDAR reviews all data submitted for PII (see SOP-5), the potential still exists for PII to be found. If this happens, the following procedure applies.

Scope

SOP-15 applies to individuals with access to NDAR protected data that may have discovered potential PII in NDAR or one of its federated repositories. This includes NDAR Staff, program staff, an individual at the submitting lab, or a user with permission to access data using NDAR.

Procedure

Persons discovering potential PII will contact the NDAR help desk ideally including the lab, data structure, elements, and GUIDs that potentially contain the PII. Within 1 hour, NDAR will review and make a determination if the data is PII.

If a determination is made that the data includes PII and those data have not been shared or downloaded, NDAR will immediately expunge the data.

If a determination is made that the data contains PII and those data have been downloaded from NDAR, the data will immediately be moved to a private state to prevent any further downloads. NDAR will then work with the submitting lab to expunge the data. In some cases, resubmission of the data may be needed. NDAR staff will then notify those users that have downloaded the data containing PII and instructing them to expunge the PII. NDAR will notify the submitting lab that the users downloading the data have been contacted. An incident report will be maintained for a period of at least five years.