Standard Operating Procedures

The NIMH Data Archive (NDA) is a protected resource for research data contributed by investigators, funded by the NIH and other organizations. The NDA contains detailed research data derived from consenting human subjects. Operational procedures have been established to ensure that the data contained in the NDA are efficiently made available to qualified researchers according to the protections defined for the NDA and other federal policies. These procedures apply to the NDA generally and all research clusters operated within the NDA infrastructure.

The Standard Operating Procedures (SOPs) described below are to be followed by the NIH, their designees, and NDA users. Note that these procedures may require an investigator to upload a document into their NDA user account profile and possibly associate these documents with an NDA Collection or NDA Study. Only the investigator and NDA staff will have access to these documents unless indicated otherwise. For any other questions or feedback, please contact the NDA Help Desk.

^ top of page

SOP-01 NDA Account Request

Revision 2
Effective 3/1/16

Purpose

The purpose of this SOP is to define the steps for requesting a user account to use in accessing shared data in an NDA repository, assisting a project contribute data to the NDA, create GUIDs using participant PII, or any other purpose. A request for an NDA user account is the first step in obtaining access privileges in the NDA system.

Scope

This procedure applies to all account requests and the users who request them. This procedure requires 1-3 business days for accounts. Account requests that involve access to shared data or data submission privileges will take longer.

Procedure

Account Request Initiation
  1. The user requests an account:
    1. Navigate to an account request page on an appropriate website operated by the NDA.
    2. Complete the form by filling in the information required.
  2. NDA staff are notified that the request is awaiting review.
Account Request Review and Approval
  1. NDA staff review the information provided in the request.
  2. NDA staff may contact the user for more information about the intended use of their NDA account depending on the information provided and the privileges requested.
  3. Based on the information provided and results of the review, the NDA Data Access Committee has delegated to NDA staff the ability to approve user accounts for privileges required to work on projects submitting data (SOP-02), or initiate the process to request access to shared data (SOP-03)
  4. An email is sent to the user with instructions on using the account or taking further steps to obtain approval.

Related Procedures

^ top of page

SOP-02 Data Submission Privilege Request

Revision 2
Effective 3/1/16

Purpose

The purpose of this SOP is to define the steps necessary to request, review, and approve data submission privileges in the NDA.

Scope

This procedure applies to all investigators and data managers who will submit descriptive data, analyzed data, and supporting documentation associated with a research study to an NDA Collection, or a point of contact responsible for acting on behalf of the investigator and/or data manager. This procedure should only be completed once per grant, contract, project, or once for each NDA Collection. This procedure typically requires 5-7 business days.

Procedure

Data Submission Privilege Request Initiation
  1. After completing SOP-01 and obtaining a valid user account, the user downloads and completes the Data Submission Agreement
    1. The agreement must be signed by two parties:
      • The Principal Investigator or person responsible for collecting the data
      • The NIH-recognized business official at the investigator's affiliated institution. This is someone listed as a Signing Official in the institution's eRA Commons profile.
  2. The user creates an Adobe PDF file of the signed agreement. 
  3. The investigator uploads the PDF file to his/her NDA user account profile or emails the document to the NDA Help Desk.
  4. The NDA system notifies NDA staff that the request is awaiting review.
Review and Approval
  1. NDA staff review the Data Submission Agreement for completeness.
    1. NDA staff ensure that the signing business official is recognized by the NIH as having the appropriate authority.
  2. NDA staff set an appropriate agreement expiration date based on the lifespan of the project. The agreement may be extended as necessary by contacting The NDA Help Desk.
  3. NDA staff provide the agreement and a summary of the request to the NDAR Data Access Committee (DAC) for decision. The DAC reviews these requests and makes a decision based on the expectations outlined in the NDA Policy, or delegates this authority to NDA staff.The user may be contacted for additional information to support the decision.
  4. Once the request is approved, NDA staff update the NDA Collection and the associated account privileges, permitting the investigator to submit data and supporting documentation.
  5. An email is sent notifying the investigator of these changes.

Related Procedures

^ top of page

SOP-03 NDA Certification and Assurance to Operate

As a Federal Information System, the NDA will follow NIH Security Certification and Accreditation. The NDA is rated at a Security Objective of Confidentiality and a Potential Impact Level of Moderate. This level of security is defined by NIST publication 800-18 Guide for Developing Security Plans for Federal Information Systems:

"The unauthorized disclosure of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals."

Related Procedures

^ top of page

SOP-04 Data Access Permission Request

Revision 1

Effective 3/1/16

Purpose

The purpose of this SOP is to establish the steps for requesting access to the shared data available in the NIMH Data Archive (NDA).

Scope

This procedure applies to all individuals interested in gaining access to shared, restricted-access research data. This procedure can be completed before or after SOP-01.

Procedure

Data Access Permission Request Initiation
  1. The user completes a Data Use Certification (DUC) form. The DUC must be signed by 2 parties:
    • The investigator who will be the lead recipient of the data.
    • The NIH-recognized business official at the investigator's sponsoring institution. This signature must be from an individual who is listed as having signing authority in the eRA Commons system. Contact the NDA Help Desk for a list of authorized business officials at your institution.
  2. The user scans the completed and signed document as an Adobe PDF file.
  3. The user uploads the PDF file to his/her user account profile or emails it to the NDA Help Desk.
Data Access Permission Request Review and Approval
  1. NDA staff review the Data Use Certification for completeness. This includes verifying that the FWA of the investigator's sponsoring institution is active, the signing official is recognized as having this authority by the NIH, and that all required fields on the DUC form have been completed.
  2. The request is sent to the appropriate Data Access Committee (DAC).
  3. The DAC will review requests for access based upon patient protection, and not on scientific merit or availability of data. Decisions to approve access are typically made within 10 business days from receipt of a completed Data Use Certification.
  4. Once approved, NDA staff will notify the individuals requesting access and update account privileges.
  5. Access to NDA shared data is valid for one year.

^ top of page

SOP-05 Quality Assurance and Quality Control

Revision 2
Effective 9/01/15

Purpose

The high quality of data within NDA is crucial for ensuring its usefulness and reliability for research. Therefore, the NIH has implemented a multi-tiered quality control procedure for data contributed to NDA.

Procedure 1: Validation of Data Made Available by NDA

Prior to sharing of data, NDA Staff will certify that the data does not contain any personally identifiable information, and using already automated procedures in place or standard tools for that specified file type, validate that the data can be opened and the files are the file types specified by the extension or in the data structure.

Ensuring data does not contain personally identifiable information

NDA Staff will check that the data does not include any information that can be reasonably used to identify a research subject or those associated with the research. Although not applicable to NDA, the HIPAA Limited Dataset definition will be used as the basis for this certification. Specifically, NDA Staff will look for the following direct identifiers of the research subject or of relatives, employers, or household members associated with the research subject:

  1. Names (Patient, Operator, Physician, Relative, Employer, etc.);
  2. Birth dates;
  3. Initials;
  4. Postal address information, other than town or city and state or 3 digit zip code;
  5. Telephone numbers;
  6. Fax numbers;
  7. Email addresses;
  8. Social Security numbers;
  9. Medical record numbers;
  10. Health plan beneficiary numbers;
  11. Account numbers;
  12. Certificate or license numbers;
  13. Vehicle identifiers and license plate numbers;
  14. Device identifiers and serial numbers;
  15. URLs associated with an individual;
  16. IP addresses;
  17. Biometric identifiers; and
  18. Full-face photographs and any comparable images.
  19. Full-face videos unless actor or actress

Any potential discrepancies to this privacy rule (e.g., genomics data or images that could be transformed) will be documented and approved/denied by the NDA Data Access Committee (DAC).

Procedure 2: Validation of Data Elements Made Available by NDA

Prior to a data dictionary release or the establishment of a federated data resource, NDA Staff will certify that the fields defined do not include any information that can be reasonably used to identify a research subject or those associated with the research. Although not applicable to NDA, the HIPAA Limited Dataset definition will be used as the basis for this certification. Specifically, NDA Staff will ensure that the direct identifiers of the research subject or of relatives, employers, or household members associated with the research subject listed in Procedure 1 are removed. Any potential discrepancies to this privacy rule will be documented and approved/denied by the NDA Data Access Committee (DAC).

Procedure 3: Sharing of an NDA Study or NDA Collection

Investigators may create an NDA Collection or Study many months prior to submitting data to them. As containers empty of research data, Collections and Studies contain only general information such as the project title, contributing investigators and funding source. These containers may be shared either to specific individuals through NDA's Ongoing Study capability or broadly with other researchers. The decision to share a Collection or Study is based solely upon the discretion of the owner. No additional review is necessary.

Sharing a Collection or Study only makes general information available to others. Documentation contained in the Collection or Study or data contained in the Collection must follow specific data sharing procedures, defined below.

Procedure 4: Validation of Documents within an NDA Collection or NDA Study

For documentation uploaded to NDA, the following procedure will be followed.

  1. A user with appropriate privilege uploads a document into an NDA Collection or NDA Study.
  2. The account holder assures NDA that the data contained in the document contains no identifying information.
  3. The NDA portal performs a virus scan of the document and accepts it.
  4. NDA Staff are notified of the uploaded document and performs a review of the document to verify that it contains no identifying information associated with research subjects.
  5. The owner of the Collection or Study requests that the document be shared.
  6. The DAC has authorized NDA Staff to allow the document to be shared with others.

Procedure 5: Validation and Sharing of an NDA Dataset

Datasets contributed to the NDA are shared with those that have appropriate access. The same process is followed for data shared broadly and data shared through NDA's Ongoing Study capability. Before sharing of data, data will be validated using the steps outlined in Procedure 1.

Related Procedures

^ top of page

SOP-06 Establishment of a Federated Data Resource

Revision 2
Effective 3/1/16

Purpose

The purpose of this SOP is to outline the steps required to establish a federated resource. Data federation provides investigators with a single point of access to multiple data sources in addition to the shared data stored in the NDA.

Scope

This procedure applies to NDA staff and the NDA Data Access Committee (DAC).

Procedure

  1. NDA staff request DAC approval to pursue data federation with a specific data resource.
  2. NDA staff work with the prospective federated data resource and resolve issues associated with data definition, translation, security, and access.
  3. The NDA Director, working with NDA staff, will develop a data federation agreement between the prospective data resource and the NDA. The agreement will define the specific views of data to be made available and the persons or groups the federated resource has determined to have authority to grant access to those views.
  4. The DAC and federated data resource approve the data federation agreement.
  5. NDA staff perform data validation steps associated for each of the views established by the federated data resource.
  6. The DAC authorizes the data resource (or specific views into that resource) to be available through the NDA as defined by the agreement.

^ top of page

SOP-07 Data Dictionary Definition

Revision 2
Effective 3/1/16

Purpose

The purpose of this SOP is to outline the steps for adding a data structure to the NDA Data Dictionary.

Scope

This procedure applies to all investigators and data managers submitting data who wish to create a data structure. Duplication of data structures and data elements is to be avoided as much as possible. However, if no data structure exists for a given type of assessment or measure, we encourage the community to define the data structure.

Procedure

Investigators are encouraged to extend the Data Dictionary. To use an existing definition as a starting point for submitting changes or a new structure, download the definition file  you wish to change, or one to use as an example, from the structure's definition page. This will be a CSV file that can be opened and edited in Microsoft Excel. After making your desired changes, email the updated spreadsheet and documentation of the changes made to the NDA Help Desk. The NDA will then curate the definition and if no changes are needed, publish it in the NDA Data Dictionary. Please note that for all NDA data definitions, the data elements subjectkey, src_subject_id, interview_age, interview_date, and gender are required.

^ top of page

SOP-08 GUID Generation Permission Request

Revision 2
Effective 3/1/16

Purpose

The purpose of this SOP is to define the steps for using the free GUID Tool software. This includes GUID Tool request initiation, review, approval, and verification.

Scope

This procedure applies to all investigators and data managers who need to generate GUIDs and pseudo-GUIDs for data submission, or researchers who have been approved to use the GUID Tool to generate identifiers for their non-NDA supported projects.

Procedure

GUID Tool Request Initiation
  1. When completing SOP-01, the user has an option to request access to the GUID Tool concurrent with their general account. If this was requested, the request is initiated through SOP-01. If not, the user initiates the request by emailing the NDA Help Desk
  2. NDA staff are notified that the request is awaiting review.
GUID Request Review and Approval
  1. NDA staff verify the information provided by the user and if appropriate, approve the request by updating the user's NDA account privileges. This allows the user to login to the GUID Tool software with their NDA account credentials.
  2. NDA staff notify the user of this approval.

Related Procedures

^ top of page

SOP-09 Request for Ongoing Study (Data Enclave) 

Revision 2
Effective 3/1/16

Purpose

The purpose of this SOP is to outline the steps for receiving the Ongoing Study capability, allowing a lab or group of investigators to establish an data enclave using the NDA for their use. This includes request initiation, review, and approval of the data enclave as defined by the NDA Policy, Section VI

Scope

The procedure applies to the Principal Investigators, Co-Investigators, and collaborators interested in this capability. This procedure is typically completed within10 business days after receiving a completed Ongoing Study Request.

Procedure

Ongoing Study Request Initiation

The PI sends the reason they would like to use the NDA's Ongoing Study capability including a description of the data that will be held by the NDA, the Co-Investigators, and the duration the data will be available only to the group. Note that the Principal Investigator must have a current Data Submission Agreement on file.

Ongoing Study Request Review and Approval
  1. NDA staff provide the ongoing study abstract and any related data access agreements to the NDA Data Access Committee (DAC).
  2. The DAC reviews the request and makes a decision based on the expectations outlined in the NDA Policy. NDA staff may contact investigators for additional information to support the decision.
  3. Once approved, NDA staff send an email to the Principal Investigator with the decision.
  4. Co-Investigators are then given accounts or their accounts are associated with the collection defined for the ongoing study.

Related Procedures

^ top of page

SOP-10 Request Time Extension for Sharing

Revision 2
Effective 3/1/16

The purpose of this SOP is to outline the steps for requesting a delay in the transition of submitted data from its initial private state to a shared state beyond the NDA prescriptive timelines. These requests may be made if there are reasons for which the release of data would be considered premature. Extensions are not granted for the sole purpose of delaying QA/QC activities.

Scope

This procedure applies to investigators who have submitted data to the NDA. This procedure is typically completed within 10 business days after receiving a completed Time Extension for Sharing Request.

Procedure

Time Extension Request Initiation
  1. The investigator develops a written request to extend the sharing of data associated with a specific NDA Collection or NDAStudy which includes the following:
    1. The title of the NDA Collection or NDA Study for which the extension is requested.
    2. The scientific rationale for the extension.
    3. A description of the data requiring the extension.
    4. A schedule for the release of the data.
    5. A description of data that will be released in the original timeframe.
  2. The investigator emails the NDA with the reason for the time extension.
Time Extension Request Review and Approval
  1. If the data are associated with NIH-funded research, the NDA Data Access Committee or its representatives will consult with the NIH Program Officer to decide whether to support the request.
  2. NDA staff will update the status of the request in the NDA based upon the decision.

Related Procedures

^ top of page

SOP-11 Deviations to Data Sharing Terms

Revision 2
Effective 3/1/16

Purpose

The purpose of this SOP is to outline the steps necessary to change the data-sharing terms associated with NIH-funded research. Over the course of research, circumstances may arise that necessitate a change in the terms.

Scope

This procedure applies to all investigators who submit data, or may be expected to submit data, to NDA.

Procedure

  1. The investigator defines the scientific need to deviate from the established terms and conditions.
  2. The investigator emails the concern to the NDA Help Desk or edits the Data Expected schedule in the relevant NDA Collection.
  3. NDA staff will forward the request to the DAC and appropriate NIH Program Officer.
  4. The Data Access Committee (DAC) or its representatives and the Program Officer will approve the request or consult with the investigator for clarification/modification.
  5. Once approved, the investigator makes the appropriate changes to the Data Expected schedule, and NDA staff will update their records on when the specified data will be submitted.

Related Procedures

^ top of page

SOP-12 Administrative Access to NDA

Revision 1

Effective 3/1/16

Purpose

The purpose of this SOP is to outline the steps for receiving administrative access to NDA systems. Administrative access is defined as user account privileges needed to perform tasks associated with administering the system, rather than for research purposes.

Scope

This procedure applies to all NDA technical staff, NDA operational staff, and extramural program staff who must have the ability to query and review data within NDA or access NDA-maintined tools in order to perform their job. NIH Intramural staff who wish to request access to NDA shared data should follow SOP-04.

Procedure

NDAR Staff

The NDA Director is responsible for granting individual access to those administering the NDA. The Director may choose to delegate the responsibility of granting access to other NDA staff.

Extramural Program Staff

Requests for such access will be approved by the Data Access Committee (DAC) or delegated to NDA staff. Requests should be addressed to the NDA Help Desk and must provide the reason that access to data in the NDA is needed.

Related Procedures

^ top of page

SOP-13 Request to Submit Data to an NDA Federated Repository

Purpose

Federation with a repository is used when the data source wishes to retain greater control over the access of data and not directly submit the data to the NDA.While most data are expected to be submitted directly into NDAR, there may be valid scientific and/or operational reasons for submitting data, either descriptive and/or experimental, into another repository and not the NDA. However, to ensure that data remains available to the research community, only repositories that are federated with the NDA, make the data generally available to the research community, and have a Memo of Understanding (MOU) in place with the NDA ensuring such data deposited remain available to the research community in perpetuity, will be considered.

The following procedure should be followed for such cases.

Procedure

An investigator who wishes to use another repository for data sharing should first consult with his/her Program Officer. If the Program Officer believes that it is appropriate for the investigator to submit to another repository, the investigator should provide the following information to the NDA Help Desk:

  • NIH grant information (title, PI, grant number, etc.)
  • Background and reason for submitting into another repository
  • Submission and data sharing schedule, if different from the terms of award
  • Name of the federated repository proposed for data submission where the data will be made available.

NDA Staff will provide the request to submit and share data through a federated repository and any related information to the NDA Data Access Committee (DAC) for a decision. NDAR Staff may contact investigators and/or the Program Officer for additional information, if required. The DAC reviews the request and makes a decision based on the information provided in the request. Final approval of the request to submit to another repository instead of the NDA is contingent upon approval from both the Program Officer and the DAC. Once approved, NDA Staff will send an email to the lead investigator with the decision. The entire procedure typically requires 10 business days.

^ top of page

SOP-14 Removal of Subject Data from the NDA

Revision 1

Effective 3/1/16

Purpose

The purpose of this SOP is to outline the steps to request removal of participant data from the NDA.

Scope

SOP-14 applies to all investigators who have submitted data to the NDA and who have received a request from a previously consented participant to have their data removed from the NDA.

Procedure

In the event that a research participant withdraws his/her consent, please email the NDA Help Desk with the request referencing this procedure and the GUID(s) associated with the subject(s) requiring removal. As per NDA policy, data that have been distributed for approved research use will not be retrieved.

^ top of page

SOP-15 Discovery of Personally Identifiable Information (PII) within NDA Protected Data

Purpose

Investigators submitting data to the NDA must certify that all data is de-identified as defined in the NDA Data Submission Agreement. While NDA reviews all data submitted for PII (see SOP-5), the potential still exists for PII to be found. If this happens, the following procedure applies.

Scope

SOP-15 applies to individuals with access to NDA protected data that may have discovered potential PII in the NDA or one of its federated repositories. This includes NDA staff, program staff, an individual at the submitting lab, or a user with permission to access data in the NDA.

Procedure

Persons discovering potential PII should contact the NDA Help Desk ideally including the lab, data structure, elements, and GUIDs that potentially contain the PII. Within 1 business hour, NDA staff will review and make a determination if the data is PII.

If a determination is made that the data includes PII and those data have not been shared or downloaded, the NDA will immediately expunge the data.

If a determination is made that the data contains PII and those data have been downloaded from the NDA, the data will immediately be moved to a private state to prevent any further downloads. NDA staff will then work with the submitting lab to expunge the data. Resubmission of the data without PII is expected in a timely manner. NDA staff will then notify those users that have downloaded the data containing PII and instructing them to expunge the PII. NDA staff will notify the submitting lab that the users downloading the data have been contacted. An incident report will be maintained for a period of at least five years.

^ top of page

SOP-17 Informatics Access to the NDA

Purpose

Those needing access to the NDA to properly implement informatics approaches (e.g. for computational pipelines, integrating data submission/extraction tools, developing phenotypic constructs or other specific needs) may request an NDA account.

Scope

Informatics access to the NDA will be for very brief periods of time (not to exceed 30 days) and can only be used to exercise system functionality. Movement of data from the NDA or access to any data for research purposes is prohibited. The NDA Director is responsible for granting informatics access.

Procedure

Individuals requesting informatics access to the NDA may send requests to the NDA Help Desk providing a reason for the request, the length of time needed and provide an assertion that no data will be moved from the NDA or used for research purposes. 

The NDA Director will then make a decision on whether or not to grant informatics access for the time period requested.

Related Procedures

^ top of page