Data Access Request Instructions

This page is in progress.

To submit a Data Access Request (DAR), please read the instructions below, prepare the required documents, and submit the form here.

Please contact us if you have questions.

Checklist

This is the list of fields on the form found here. All fields are required unless otherwise noted. Brief descriptions can be found the form itself. Detailed descriptions of the more complex items can be found below.

  • Name
  • Email
  • Name of organization
  • Organization website (optional)
  • Addresses: main, billing and shipping
  • Phone
  • Employer Identification Number (EIN) or Business License Number (optional)
  • Cover letter
  • Non-technical summary
  • Funding information
  • NIH biosketches: applicant, relevant investigators and co-investigators with full legal names.
  • Internal and External Collaborators
  • Supervised Associates (optional)
  • Facilities and other resources
  • At least one of the following:
    • Requested phenotypic datasets
    • Requested samples
  • Optional: requested genetic data
  • Digitally signed distribution agreements if you are requesting samples.
  • Data and resource sharing plan
  • Data Use Agreement (see below)
  • Research Use Statement (see below)
  • Institutional Signing Official (SO): name, email, website, proof of authority, CV (see below)
  • Institutional Certification digitally signed by the SO
  • Information Technology Director: name, email, attestation (see below)
  • Developer Use Statement (see below)
  • Cloud Use Statement if applicable
  • Human subjects approval
  • Billing and shipping addresses
  • P.O. Box # and FedEx account numbers are optional.

Required Credentials for Requestors

Requests must be submitted by a Data Access Requester (e.g., Recipient) who meets all the following criteria:

  1. Is a permanent employee of their institution at a level equivalent to, but not limited to, that of an academic professor (e.g., assistant, associate, or non-tenure or tenure-track professor) or senior researcher. This does not include lab technicians or trainees, e.g., post-docs or graduate students.
  2. Uses an email address affiliated with their self-identified institution or corporation.
  3. Has direct oversight of laboratory staff and trainees.
  4. Is accountable for ensuring that the terms of access (through agreements such as DUA, DUC agreement, DTA, etc.) and the Data Access Requester’s institutional policies are followed.
  5. Only occupies one role at a time. Requests in which the Data Access Requester, or any other Key Personnel, occupy more than one role (e.g., Institutional Signing Official or IT Director) are not allowed.

Research Use Statement

The approval of project requests depends on a carefully written Research Use Statement (250 words maximum).  The statement should include the following components:

  • Objectives of the proposed research
  • Study design
  • Analysis plan, including phenotypic characteristics that will be evaluated in association with genetic variants.
  • Brief description of any planned collaborations with researchers at other institutions, including the name of the collaborator(s) and their institutions

Data use is limited to non-profits and is only for substance use and addiction research. Other data for substance use research that can be used in other studies may be found in dbGaP. Research should not deviate from the description in the approved Research Use Statement.  If the scope is expanded, investigators must submit another research statement.  Conducting research not described in the Research use statement is violation of the terms of the Data Use Certification.

Data Use Agreement

If you are requesting phenotypic and/or genotypic datasets, you just upload a digitally signed PDF to indicate that you agree to the terms of the NIH Data Use Certification Agreement. You may use the following file as a template.

NIDA DAR Data Use AgreementDownload

Distribution Agreement

A digitally signed distribution agreement is required if you are requesting samples. Please follow the instructions on the template below to create a digitally signed PDF on institutional letterhead.

NIDA DAR Distribution AgreementDownload

Institutional Certification

Requests must be certified by the institution as represented by an Institutional Signing Official (SO) who meets all the following criteria:

  1. Is affiliated with the Data Access Requester’s institution or corporation.
  2. Has institutional authority to legally bind the institution or corporation in administrative matters.
  3. Uses an email affiliated with the Data Access Requester’s institution or corporation.

Institutional Signing Official (SO) Attestation of Data Access Requester Affiliation Requests must include an attestation by the SO that all listed Data Access Requesters fulfill the criteria below:

1. Are affiliated with their listed institution or corporation.

2. Meet the minimum criteria to qualify as a Data Access Requester. Is a permanent employee of their institution at a level equivalent to, but not limited to, that of an academic professor (e.g., assistant, associate, non-tenure or tenure-track professor) or senior researcher. This does not include lab technicians or trainees, e.g., post-docs or graduate students.

3.  Is accountable for ensuring that the terms of access (through agreements such as DUA, DUC agreement, DTA, etc.) and the Data Access Requester’s institutional policy(ies) are followed.

4.  Only occupies one role at a time. Requests in which the Data Access Requester, or any other Key Personnel, occupy more than one role (e.g., Institutional Signing Official or IT Director) are not allowed.

The certification must be provided in the Data Access Request in the form of a PDF on institutional letterhead that is digitally signed by the SO. You may use the following Word document as a template.

NIDA DAR SO Institutional CertificationDownload

Attestation by Information Technology Director

You must provide the full legal name and contact information of an IT Director with the necessary expertise and authority to affirm the IT capacities your institution. Additionally, you must upload a digitally signed PDF that serves as an attestation of the IT directory that the following guidelines will be followed. A template for this document can be found below.

The IT director is expected to have authority and capacity to ensure the institution and users are compliant with NIH Security Best Practices for Users of Controlled-Access Data. These are intended to ensure that Approved Users of NIH controlled-access data under the GDS Policy maintain such data on institutional IT systems and third-party computing infrastructures that meet certain standards in accordance to NIST SP 800-171 “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.”

To that end, NIH expects that:

  • Approved Users of NIH controlled-access data will attest to NIH that their institution is compliant with NIST SP 800-171.
  • Approved Users choosing a third-party IT system and/or Cloud Service Provider (CSP) for data analysis and/or storage will provide NIH with an attestation affirming that the third-party system is compliant with NIST SP 800-171.
  • Non-U.S. users that are unable to attest to the NIST SP 800-171 may attest to the equivalent ISO/IEC 27001/27002 standard.

Expectations under the NIH Security Best Practices for Users of Controlled-Access Data are in addition to, and do not supersede, any local, State, Tribal, Federal laws and regulations, and/or relevant institutional policies.

Here is a template for the IT Director Attestation that is to be digitally signed and uploaded as part of the Data Access Request.

IT Director AttestationDownload

Developer Use Statement

Please download the PDF below, file out the fields, and upload it in the Data Access Request form.

Developer Use StatementDownload

Renewal and Closeout Requirements

  1. All requests must be approved for a duration not to exceed 12 months.
  2. All requests must be re-approved through an annual renewal process that re-authenticates the Data Access Requester and the Institutional Signing Official (SO).
  3. Reporting standards are expected for request renewals and request close-outs (i.e., the dataset will no longer be used).
  4. Renewals must include at least the following:
    • Options to update collaborators, key personnel, and datasets.
    • A report of any publications or presentations using the data.
    • A report of any research progress within the last year even if progress is unchanged.
    • Report of any violations of the terms of access (e.g., data misuse, breaches, security
    • incidents) and the implemented remediation.
    • Report of information on any downstream intellectual property generated from the data.
  5. Close-outs must include at least the following:
    • Report of publications or presentations using the data.
    • Report of research progress within the last year even if progress is unchanged.
    • Report of any violations of the terms of access (e.g., data misuse, breaches, security incidents) and the implemented remediation.
    • Report of information on any downstream intellectual property generated from the data.
    • The institution or corporation, through SO, and the Data Access Requester, are each signatories to the agreement and ensure that all copies and versions of the dataset(s) have been destroyed from local hardware and third-party Information Technology (IT) systems according to the NIH Security Best Practices for Users of Controlled Access Data.

Data Access Request Form

When you have gathered the required documents, please submit the request form here.