Standard Operating Procedures

The NIMH Data Archive (NDA) is a protected resource for research data contributed by investigators, funded by the NIH and other organizations. The NDA contains detailed research data derived from consenting human subjects. Operational procedures have been established to ensure that the data contained in the NDA are efficiently made available to qualified researchers according to the protections defined for the NDA and other federal policies. These procedures apply to the NDA generally and all research clusters operated within the NDA infrastructure.

The Standard Operating Procedures (SOPs) described below are to be followed by the NIH, their designees, and NDA users. Note that these procedures may require an investigator to upload a document into their NDA user account profile and possibly associate these documents with an NDA Collection or NDA Study. Only the investigator and NDA staff will have access to these documents unless indicated otherwise. For any other questions or feedback, please contact the NDA Help Desk.

^ top of page

SOP-01 NDA Account Request

Revision 2
Effective 3/1/16

Purpose

The purpose of this SOP is to define the steps for requesting a user account to use in accessing shared data in an NDA repository, assisting a project contribute data to the NDA, create GUIDs using participant PII, or any other purpose. A request for an NDA user account is the first step in obtaining access privileges in the NDA system.

Scope

This procedure applies to all account requests and the users who request them. This procedure requires 1-3 business days for accounts. Account requests that involve access to shared data or data submission privileges will take longer.

Procedure

Account Request Initiation
  1. The user requests an account:
    1. Navigate to an account request page on an appropriate website operated by the NDA.
    2. Complete the form by filling in the information required.
  2. NDA staff are notified that the request is awaiting review.
Account Request Review and Approval
  1. NDA staff review the information provided in the request.
  2. NDA staff may contact the user for more information about the intended use of their NDA account depending on the information provided and the privileges requested.
  3. Based on the information provided and results of the review, the NDA Data Access Committee has delegated to NDA staff the ability to approve user accounts for privileges required to work on projects submitting data (SOP-02), or initiate the process to request access to shared data (SOP-03)
  4. An email is sent to the user with instructions on using the account or taking further steps to obtain approval.

Related Procedures

^ top of page

SOP-02 Data Submission Privilege Request

Revision 2
Effective 3/1/16

Purpose

The purpose of this SOP is to define the steps necessary to request, review, and approve data submission privileges in the NDA.

Scope

This procedure applies to all investigators and data managers who will submit descriptive data, analyzed data, and supporting documentation associated with a research study to an NDA Collection, or a point of contact responsible for acting on behalf of the investigator and/or data manager. This procedure should only be completed once per grant, contract, project, or once for each NDA Collection. This procedure typically requires 5-7 business days.

Procedure

Data Submission Privilege Request Initiation
  1. After completing SOP-01 and obtaining a valid user account, the user downloads and completes the Data Submission Agreement
    1. The agreement must be signed by two parties:
      • The Principal Investigator or person responsible for collecting the data
      • The NIH-recognized business official at the investigator's affiliated institution. This is someone listed as a Signing Official in the institution's eRA Commons profile.
  2. The user creates an Adobe PDF file of the signed agreement. 
  3. The investigator uploads the PDF file to his/her NDA user account profile or emails the document to the NDA Help Desk.
  4. The NDA system notifies NDA staff that the request is awaiting review.
Review and Approval
  1. NDA staff review the Data Submission Agreement for completeness.
    1. NDA staff ensure that the signing business official is recognized by the NIH as having the appropriate authority.
  2. NDA staff set an appropriate agreement expiration date based on the lifespan of the project. The agreement may be extended as necessary by contacting The NDA Help Desk.
  3. NDA staff provide the agreement and a summary of the request to the NDA Data Access Committee (DAC) for decision. The DAC reviews these requests and makes a decision based on the expectations outlined in the NDA Policy, or delegates this authority to NDA staff. The user may be contacted for additional information to support the decision.
  4. Once the request is approved, NDA staff update the NDA Collection and the associated account privileges, permitting the investigator to submit data and supporting documentation.
  5. An email is sent notifying the investigator of these changes.

Related Procedures

^ top of page

SOP-03 NDA Certification and Assurance to Operate

As a Federal Information System, the NDA will follow NIH Security Certification and Accreditation. The NDA is rated at a Security Objective of Confidentiality and a Potential Impact Level of Moderate. This level of security is defined by NIST publication 800-18 Guide for Developing Security Plans for Federal Information Systems:

"The unauthorized disclosure of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals."

Related Procedures

^ top of page

SOP-04A Data Access Permission Request – Institutional Sponsorship

Revision 3
Effective 06/12/2020

Purpose

The purpose of this SOP is to establish the steps for requesting new or continued access to a subset of shared data available in the NIMH Data Archive (NDA).

Scope

This procedure applies to all individuals and their institutions submitting a Data Access Request (DAR) to access shared research data in one of NDA’s Permission Groups. This procedure must be completed after SOP-01 - NDA Account Request.

Key Terms

Access to shared NDA data is provisioned at the level of an NDA Permission Group. NDA Permission Groups consist of one or multiple NDA Collections that contain data with the same subject consents.

An NDA Collection is a virtual container for data and other information related to a project/grant. It provides important information about the project, funding amounts, reported enrollment, data sharing schedule, and results. Each NDA Collection contains data with the same subject consents and is associated with one NDA Permission Group.

NDA hosts three types of Permission Groups:

Broad Use Permission Groups consist of one or multiple NDA Collections that contain data that all have been consented for broad research use. 

Controlled Access Permission Groups consist of one or multiple NDA Collections that contain data with the same subject consent-based data use limitations. SOP-04A (Data Access Permission Request – Institutional Sponsorship) describes the Data Access Request (DAR) procedure for Broad Use and Controlled Access Permission Groups in NDA.

Open Access Permission Groups consist of one or multiple NDA Collections that contain data that have all been consented for broad research use and for which the submitting investigator and their research institution have agreed in their NDA Data Submission Agreement (DSA) that access to qualified individuals is available without the need for Institutional Sponsorship. SOP-04B describes the Data Access Request (DAR) procedure for Open Access Permission Groups in NDA.

Policies

Users with NDA credentials may submit Data Access Requests (DAR) for one NDA Permission Group at a time. Each DAR requires an NDA Data Use Certification (DUC) signed by the lead recipient and an authorized Signing Official from the recipient’s research institution. NDA recommends that all recipients on a Data Use Certification be affiliated with the recipient’s research institution.

Data Access Requests for a given NDA Permission Group are reviewed by one NIH-staffed Data Access Committee (DAC).

Procedure

New Data Access Requests
  1. The authenticated user initiates a Data Access Request for an NDA Permission Group by selecting to “request access” in the NDA Data Permissions Dashboard.
    • The NDA Data Permissions Dashboard lists each of the Permission Groups for all shared data in NDA.
    • Each Data Access Request is for one NDA Permission Group.
  2. The user enters a Research Data Use Statement, the lead recipient’s contact information, and names and contact information for all other recipients who would access and work with the data. The user identifies a Signing Official (SO) at their research institution who will review and sign the Data Use Certification (DUC) and then agrees to follow the NDA data use terms and conditions.
    • Data Access Requests for Controlled Access Permission Groups should include a Research Data Use Statement that appropriately addresses consent-based data use limitations for that Permission Group.
    • The recipient’s research institution must have an active Federal-Wide Assurance (https://www.hhs.gov/ohrp/federalwide-assurances-fwas.html).
    • NDA recommends that all recipients listed on a Data Access Request be affiliated with the lead recipient’s research institution. Collaborators at different research institutions may submit a Data Access Request (DAR) with the same Research Data Use Statement, sponsored by their affiliated research institution.
  3. The user downloads the Data Use Certification (DUC) PDF, which is then signed by 2 parties: (1) The investigator who will be the lead recipient of the data, who is also the user who has initiated the Data Access Request and (2) The NIH-recognized Signing Official at the investigator's sponsoring institution.
    • This Signing Official should be listed as having signing authority in the eRA Commons system. Contact the NDA Help Desk for a list of authorized business officials at your institution.
  4. The authenticated user uploads the signed DUC to their open Data Access Request on their NDA Permissions Dashboard, completing the process.
  5. NDA staff review the Data Use Certification for completeness. This includes verifying that the FWA of the recipient institution is active, the signing official is recognized as having this authority by the NIH, and that all required fields on the DUC form have been completed.
  6. The request is sent to the appropriate Data Access Committee (DAC).
  7. The DAC reviews data access requests based upon research subject protection and adherence to the data use limitations consented to by the research subjects, and not on scientific merit or availability of data.
    • Decisions to approve access are typically made within 10 business days from receipt of a completed Data Use Certification.
  8. NDA notifies requester on data access requests with the outcome of the DAC decision. NDA data access privileges are updated accordingly. All recipients must agree to the DUC terms and conditions before gaining data access.
  9. Recipients on approved data access requests will have valid access to the shared data in a given permission group for one year. Access will be revoked one year from the DAC approval if a renewal request has not been approved.
  10. Recipients on denied data access requests have the option to submit a new data access request that addresses the DAC justification for denial.
Data Access Request Renewal
  1. The authenticated user initiates a Data Access Request renewal for an NDA permission group to which they are already authorized to access by selecting to “renew access” in the NDA Data Permissions Dashboard.
    • Data access request renewals should be submitted 60 days prior to access expiration to avoid any lapse in access. All recipients must delete all NDA data immediately upon expiration of a DUC.
  2. The user enters a progress report that lists any publication, computational pipeline, or other public disclosure of results from the analysis of NDA data accessed during the previous access period. The user is expected to create an NDA Study for these outcomes and to include the NDA Study ID in the progress report (https://nda.nih.gov/get/manuscript-preparation.html). The user may also update the Research Data Use Statement, the lead recipient’s contact information, and names and contact information for all other recipients who will be accessing and working with the data. The user identifies a Signing Official at their research institution who will review and sign the Data Use Certification and then agrees to follow the NDA data use terms and conditions.
    • A data access request renewal must be associated with the same lead recipient and research institution. If the lead recipient has changed or if the lead recipient’s research institution affiliation has changed, a new data access request must be submitted.
    • The recipient’s research institution must have an active Federal-Wide Assurance (https://www.hhs.gov/ohrp/federalwide-assurances-fwas.html).
    • NDA recommends that all recipients listed on a Data Access Request be affiliated with one research institution. Other recipients at different research institutions may submit a Data Access Request with the same research data use statement, sponsored by their affiliated institution.
Adding Data Recipients to an existing Data Use Certification

Lead recipients should add other recipients to a DAR before the institutional business official has signed the DUC and before the request has been reviewed by the NDA DAC. In order to add new other recipients after a DAR has been approved:

  1. The lead recipient submits an updated version of the original active DUC, including the name and contact information for the new data recipient(s) via email to the NDA helpdesk. The updated DUC must be newly signed by the lead recipient and the institutional Signing Official.
  2. If a new other recipient is affiliated with a different research institution than that of the lead recipient, the institutional Signing Official must acknowledge in writing to the NDA Help Desk that they are responsible for the new other recipient’s adherence to the DUC terms and conditions.
  3. NDA will review the updated DUC to ensure that no other changes have been made to the DUC and the two required signatures are present.
  4. NDA staff will notify the lead recipient that the new other recipients have been added to the existing active DUC.
    • Newly added other recipients will be subject to the original expiration date for that DUC.

SOP-04B Data Access Permission Request - Individual Sponsorship (Open Access)

Revision 1
Effective 06/12/2020

Purpose

The purpose of this SOP is to establish the steps for requesting new or continued access to a subset of shared, Open Access data available in the NIMH Data Archive (NDA).

Scope

This procedure applies to all individuals and their institutions submitting a Data Access Request to access shared research data in one of NDA’s Open Access Permission Groups. This procedure must be completed after SOP-01 NDA Account Request.

Procedure

New Data Access Requests
  1. The authenticated user initiates a Data Access Request for an NDA Open Access Permission Group by selecting to “request access” in the NDA Data Permissions Dashboard.
    • The NDA Data Permissions Dashboard lists each of the Permission Groups for all shared data in NDA.
    • Each Data Access Request is for one NDA Permission Group.
    • Each recipient must log into the NDA Data Permissions Dashboard to submit a Data Access Request for an Open Access Permission Group. Users may not submit Data Access Requests on behalf of other NDA users.
  2. The user is presented with the NDA Data Use Certification Terms and, which outline expectations for responsible data use.
  3. The user clicks to accept the Terms and Conditions for accessing NDA data.
  4. NDA adds the user as an approved user to the given Open Access Permission Group.
  5. The approved receives a confirmation email from NDA.
  6. Access to NDA shared data is valid for one year and will be revoked one year from the DAC approval if a renewal request has not been approved.
Data Access Request Renewal
  1. The authenticated user initiates a Data Access Request renewal for an NDA Open Access Permission Group to which they are already authorized to access by selecting to “renew access” in the NDA Data Permissions Dashboard.
    • Data access request renewals should be submitted 60 days prior to access expiration to avoid any lapse in access. All recipients must delete all NDA data immediately upon expiration of a DUC.
  2. The user enters a progress report that lists any publication, computational pipeline, or other public disclosure of results from the analysis of NDA data accessed during the previous access period. The user is expected to create an NDA Study for these outcomes and to include the NDA Study ID in the progress report (https://nda.nih.gov/get/manuscript-preparation.html).
  3. The user is presented with the NDA Data Use Certification Terms and, which outline expectations for responsible data use.
  4. The user clicks to accept the Terms and Conditions for accessing NDA data.
  5. NDA extends the approved user’s access to the given Open Access Permission Group.
  6. The approved receives a confirmation email from NDA.
  7. Access to NDA shared data is valid for one year and will be revoked one year from the DAC approval if a renewal request has not been approved.

^ top of page

SOP-05A Contributor Quality Assurance and Quality Control

Effective: 03/27/19

Purpose

The high quality of data within NDA is crucial for ensuring its usefulness and reliability for research. Therefore, the NIH has implemented a multi-tiered quality control procedure for data contributed to NDA. SOP-05A establishes the quality control steps NDA contributors are expected to perform as part of the standard process for submitting and sharing data through NDA.

Scope

This SOP applies to all users submitting and sharing data through NDA.

Procedure 1: Ensuring data do not contain Personally Identifiable Information

Prior to submitting data, contributing users and their institutional business officials will sign an NDA Data Submission Agreement in which they certify that the data do not contain any Personally Identifiable Information. Data submitters also agree to verify post-submission that submitted data lack identifying information.  NDA requires that all submitted data do not contain any information that even resembles PII.   NDA provisions data to authorized users for secondary analysis and thus masked PII may appear to secondary users as true PII. 

Information considered Personally Identifiable Information includes but is not limited to:

  1. Names (Patient, Operator, Physician, Relative, Employer, etc.);
  2. Birth dates;
  3. Initials;
  4. All geographic subdivisions smaller than a state, including street address, city, county, precinct, ZIP code, and their equivalent geocodes, except for a three digit zip code.
  5. Telephone numbers;
  6. Fax numbers;
  7. Email addresses;
  8. Social Security numbers;
  9. Medical record numbers;
  10. Health plan beneficiary numbers;
  11. Account numbers;
  12. Certificate or license numbers;
  13. Vehicle identifiers and license plate numbers;
  14. Device identifiers and serial numbers;
  15. URLs associated with an individual;
  16. IP addresses;
  17. Biometric identifiers;
  18. Full-face photographs and any comparable images; and
  19. Full-face videos unless actor or actress.

NDA maintains a Best Practices document to help contributing users locate and remove Personally Identifiable Information from datasets prior to submission to NDA. Please consult the most recent version of this document for more information.

Datatsets that contain information with any of these 19 characteristics will be handled on a case by case basis by NDA staff, investigators, and the appropriate institutional points of contact.

Procedure 2: Validation of Datasets Prior to NDA Submission

Contributors to NDA will use the NDA’s Validation and Submission Tools to perform a pre-submission Quality Control check on their datasets. This Quality check is a service provided by NDA and validates that data elements and data values within the dataset are consistent with the NDA Data Dictionary.  The full Validation and Submission of Data procedure is described in SOP-18 Validation and Submission of Data.

NDA contributors must correct all errors identified by the Validation Tool prior to submitting a data package.

Procedure 3: Correction of Errors within Datasets Submitted to NDA

NDA contributors are responsible for ensuring their data submissions are free of errors. The NIMH Data Archive provides an additional Quality Assurance service as part of its ingestion and sharing processes (SOP-05B NDA Quality Assurance and Quality Control). NDA contributors will correct any errors identified in this NDA QA/ QC process and update their data in a timely manner, as described in the following procedure.  

  1. The contributor receives an automated Quality Assurance/Quality Control notification from NDA that describes all errors identified in the post-submission QA/QC procedure.  The notification includes details on which records and datasets are affected by the identified errors
  2. The contributor determines which, if any, of the NDA-identified records constitute true data errors.
  3. The contributor resolves the errors within their version of the dataset(s).
  4. The contributor resolves the errors within the NDA version of the dataset in one of the following ways depending on data type:
    1. For cumulative datasets that do not include associated files (e.g. clinical assessments or other tabulated data), any dataset containing errors will be re-submitted in its entirety, through the Validation and Submission Tool.
    2. For non-cumulative dataset including associated files (e.g. imaging, EEG, etc.), Contributors will notify NDA Staff, who will resolve the errors.

SOP-05B NDA Quality Assurance and Quality Control

Purpose

The purpose of this SOP is to establish the steps NDA takes to promote the high quality of data made available through its infrastructure. Although ensuring the quality of shared data is the responsibility of the contributors, NDA provides a set of Quality Assurance/Quality Control services as part of its ingestion and sharing processes.

Scope

This SOP applies to NDA Staff.

Procedure

Reviewing for Personally Identifiable Information

NDA Staff will review newly submitted data to detect any Personally Identifiable Information, focusing primarily on data types that are generally most at-risk for containing direct identifiers.   If PII are identified, NDA staff will immediately mark the data as containing PII, making it unavailable to all users. NDA Staff will then generate a report on the location and type(s) of PII found, and an automated notification including this report will be sent to the Contributor.  If no PII are identified, NDA will certify that the data does not contain any Personally Identifiable Information

Validation of Data Files

NDA staff will use automated procedures or file-type specific tools to validate that the data can be opened and that the files that which is specified by their extension or in the data structure.

Validation of Documents within an NDA Collection or NDA Study

NDA contributors regularly upload supporting documentation for NDA Collections and NDA Studies.  NDA Staff validate those files according to the following procedure.

  1. A user with appropriate privilege uploads a document into an NDA Collection or NDA Study.
  2. The account holder certifies that the information contained in the document contains no identifying information.
  3. The NDA portal performs a virus scan of the document and accepts it.
  4. NDA Staff are notified of the uploaded document and performs a review of the document to verify that it contains no identifying information associated with research subjects, contains no research data, and its contents are consistent with its title and designated document type.
  5. The owner of the Collection or Study requests that the document be shared.
  6. The NDA Data Access Committee has delegated the authority to NDA Staff to determine the document may be shared with others.

Validation of NDA-compliant Data Elements in New Data Structures

Prior to the creation of a new structure in the NDA Data Dictionary or the establishment of a federated data resource whereby NDA users can access data in an external database, NDA Staff will review each data field and certify that the fields defined do not appear to include any information that can be reasonably used to identify a research subject or another individual associated with the research. See SOP-05A Contributor Quality Assurance and Quality Control for a list of identifiers.

Identification of Errors within Datasets Submitted to NDA

This procedure establishes how NDA identifies potential issues within submitted datasets and notifies contributors. SOP-05A Contributor Quality Assurance and Quality Control describes the procedure for contributors to resolve these issues. NDA maintains a description of errors that can be identified by this check.

  1. Within four months of each biannual submission period, NDA Staff use an automated process to assess each dataset. Where applicable cumulative datasets are compared to previous uploads of the same dataset and datasets are checked for internal consistency.
    1. NDA maintains a document describing these checks and the issues potentially identified.
  2. NDA Staff compile the results of this assessment into a single report for each Collection.
  3. NDA Staff send a single notification to the Principal Investigator or other Owner of each affected Collection, and responsible NIH Program and Grants Management staff.
  4. Contributors are asked to respond as described in SOP-05A Contributor Quality Assurance and Quality Control.

^ top of page

SOP-06 Establishment of a Federated Data Resource

Revision 2
Effective 3/1/16

Purpose

The purpose of this SOP is to outline the steps required to establish a federated resource. Data federation provides investigators with a single point of access to multiple data sources in addition to the shared data stored in the NDA.

Scope

This procedure applies to NDA staff and the NDA Data Access Committee (DAC).

Procedure

  1. NDA staff request DAC approval to pursue data federation with a specific data resource.
  2. NDA staff work with the prospective federated data resource and resolve issues associated with data definition, translation, security, and access.
  3. The NDA Director, working with NDA staff, will develop a data federation agreement between the prospective data resource and the NDA. The agreement will define the specific views of data to be made available and the persons or groups the federated resource has determined to have authority to grant access to those views.
  4. The DAC and federated data resource approve the data federation agreement.
  5. NDA staff perform data validation steps associated for each of the views established by the federated data resource.
  6. The DAC authorizes the data resource (or specific views into that resource) to be available through the NDA as defined by the agreement.

^ top of page

SOP-07 Data Dictionary Definition

Revision 2
Effective 3/1/16

Purpose

The purpose of this SOP is to outline the steps for adding a data structure to the NDA Data Dictionary.

Scope

This procedure applies to all investigators and data managers submitting data who wish to create a data structure. Duplication of data structures and data elements is to be avoided as much as possible. However, if no data structure exists for a given type of assessment or measure, we encourage the community to define the data structure.

Procedure

Investigators are encouraged to extend the Data Dictionary. To use an existing definition as a starting point for submitting changes or a new structure, download the definition file you wish to change, or one to use as an example, from the structure's definition page. This will be a CSV file that can be opened and edited in Microsoft Excel. After making your desired changes, email the updated spreadsheet and documentation of the changes made to the NDA Help Desk. The NDA will then curate the definition and if no changes are needed, publish it in the NDA Data Dictionary. Please note that for all NDA data definitions, the data elements subjectkey, src_subject_id, interview_age, interview_date, and sex are required.

^ top of page

SOP-08 GUID Generation Permission Request

Revision 3
Effective 1/01/20

Purpose

The purpose of this SOP is to define the steps for using the NDA GUID Tool software to securely generate a de-identified research participant identifier. This includes GUID Tool request initiation, review, approval, verification, and access expiration.

Scope

This procedure applies to all investigators and data managers who need to generate GUIDs and pseudo-GUIDs for data submission, or researchers who have been approved to use the NDA GUID Tool to generate identifiers for their non-NDA supported projects.

Procedure

Request GUID Tool Access

  1. NDA users with active accounts initiate a GUID Tool Access request by emailing the NDA Help Desk from the email account associated with their NDA user account.
  2. NDA staff are notified that the request is awaiting review.

GUID Request Review and Approval

  1. NDA staff verify that the user has submission privileges on an active NDA Collection. 
  2. Verified requests are approved and NDA staff will notify the user with instructions to access the GUID Tool with their NDA login credentials and to accept the GUID Tool terms of use.    
  3. Requests from users who are supporting NDA data submission but do not have submission permission to their respective NDA Collection will be marked as pending. NDA will notify the requester that the appropriate permissions are required prior to approval. 
  4. Requests from users who are not submitting data to NDA will be reviewed by NDA staff on a case-by-case basis. 

GUID Tool Access Expiration

  1. GUID Tool access for NDA data submitters expires when a user no longer has submission permissions on an active NDA Collection.
  2. GUID Tool access expires after one year for users who are not submitting data to NDA. These users may submit a new request to maintain access, which will be reviewed by NDA staff.

Related Procedures

^ top of page

^ top of page

SOP-10 Request Time Extension for Sharing

Revision 2
Effective 3/1/16

The purpose of this SOP is to outline the steps for requesting a delay in the transition of submitted data from its initial private state to a shared state beyond the NDA prescriptive timelines. These requests may be made if there are reasons for which the release of data would be considered premature. Extensions are not granted for the sole purpose of delaying QA/QC activities.

Scope

This procedure applies to investigators who have submitted data to the NDA. This procedure is typically completed within 10 business days after receiving a completed Time Extension for Sharing Request.

Procedure

Time Extension Request Initiation
  1. The investigator develops a written request to extend the sharing of data associated with a specific NDA Collection or NDA Study which includes the following:
    1. The title of the NDA Collection or NDA Study for which the extension is requested.
    2. The scientific rationale for the extension.
    3. A description of the data requiring the extension.
    4. A schedule for the release of the data.
    5. A description of data that will be released in the original timeframe.
  2. The investigator emails the NDA with the reason for the time extension.
Time Extension Request Review and Approval
  1. If the data are associated with NIH-funded research, the NDA Data Access Committee or its representatives will consult with the NIH Program Officer to decide whether to support the request.
  2. NDA staff will update the status of the request in the NDA based upon the decision.

Related Procedures

^ top of page

SOP-11 Deviations to Data Sharing Terms

Revision 2
Effective 3/1/16

Purpose

The purpose of this SOP is to outline the steps necessary to change the data-sharing terms associated with NIH-funded research. Over the course of research, circumstances may arise that necessitate a change in the terms.

Scope

This procedure applies to all investigators who submit data, or may be expected to submit data, to NDA.

Procedure

  1. The investigator defines the scientific need to deviate from the established terms and conditions.
  2. The investigator emails the concern to the NDA Help Desk or edits the Data Expected schedule in the relevant NDA Collection.
  3. NDA staff will forward the request to the DAC and appropriate NIH Program Officer.
  4. The Data Access Committee (DAC) or its representatives and the Program Officer will approve the request or consult with the investigator for clarification/modification.
  5. Once approved, the investigator makes the appropriate changes to the Data Expected schedule, and NDA staff will update their records on when the specified data will be submitted.

Related Procedures

^ top of page

SOP-12 Administrative Access to NDA

Revision 2

Effective 2/28/20

Purpose

The purpose of this SOP is to outline the steps for receiving administrative access to NDA systems. Administrative access is defined as user account privileges needed to perform tasks associated with administering the system or carrying out oversight prescribed by a project’s funding organization, rather than for research purposes.

Scope

This procedure applies to all NDA technical staff, NDA operational staff, and extramural program staff who must have the ability to query and review data within NDA or access NDA-maintained tools to perform their job.

Procedure

NDA Staff

The NDA Director is responsible for granting individual access to those administering the NDA. The Director may choose to delegate the responsibility of granting access to other NDA staff.

Administrative access is granted to NDA staff by system administrators on an as-needed basis when authorized by the NDA Director.

Extramural Program Staff

NIH Extramural Program Staff automatically have access to research data and supporting information concerning their portfolio through the NDA infrastructure. To gain access for administrative purposes to other data, a member of NIH extramural staff can email NDAHelp@mail.nih.gov, specifying the type of data they are required to access.

Related Procedures

^ top of page

SOP-13 Request to Submit Data to an NDA Federated Repository

Purpose

Federation with a repository is used when the data source wishes to retain greater control over the access of data and not directly submit the data to the NDA.While most data are expected to be submitted directly into the NDA, there may be valid scientific and/or operational reasons for submitting data, either descriptive and/or experimental, into another repository and not the NDA. However, to ensure that data remains available to the research community, only repositories that are federated with the NDA, make the data generally available to the research community, and have a Memo of Understanding (MOU) in place with the NDA ensuring such data deposited remain available to the research community in perpetuity, will be considered.

The following procedure should be followed for such cases.

Procedure

An investigator who wishes to use another repository for data sharing should first consult with his/her Program Officer. If the Program Officer believes that it is appropriate for the investigator to submit to another repository, the investigator should provide the following information to the NDA Help Desk:

  • NIH grant information (title, PI, grant number, etc.)
  • Background and reason for submitting into another repository
  • Submission and data sharing schedule, if different from the terms of award
  • Name of the federated repository proposed for data submission where the data will be made available.

NDA Staff will provide the request to submit and share data through a federated repository and any related information to the NDA Data Access Committee (DAC) for a decision. NDA Staff may contact investigators and/or the Program Officer for additional information, if required. The DAC reviews the request and makes a decision based on the information provided in the request. Final approval of the request to submit to another repository instead of the NDA is contingent upon approval from both the Program Officer and the DAC. Once approved, NDA Staff will send an email to the lead investigator with the decision. The entire procedure typically requires 10 business days.

^ top of page

SOP-14 Removal of Subject Data from the NDA

Revision 1

Effective 3/1/16

Purpose

The purpose of this SOP is to outline the steps to request removal of participant data from the NDA.

Scope

SOP-14 applies to all investigators who have submitted data to the NDA and who have received a request from a previously consented participant to have their data removed from the NDA.

Procedure

In the event that a research participant withdraws his/her consent, please email the NDA Help Desk with the request referencing this procedure and the GUID(s) associated with the subject(s) requiring removal. As per NDA policy, data that have been distributed for approved research use will not be retrieved.

^ top of page

SOP-15 Discovery of Personally Identifiable Information (PII) within NDA Protected Data

Purpose

Investigators submitting data to the NDA must certify that all data is de-identified as defined in the NDA Data Submission Agreement. While NDA reviews all data submitted for PII (see SOP-5), the potential still exists for PII to be found. If this happens, the following procedure applies.

Scope

SOP-15 applies to individuals with access to NDA protected data that may have discovered potential PII in the NDA or one of its federated repositories. This includes NDA staff, program staff, an individual at the submitting lab, or a user with permission to access data in the NDA.

Procedure

Persons discovering potential PII should contact the NDA Help Desk ideally including the lab, data structure, elements, and GUIDs that potentially contain the PII. Within 1 business hour, NDA staff will review and make a determination if the data is PII.

If a determination is made that the data includes PII and those data have not been shared or downloaded, the NDA will immediately expunge the data.

If a determination is made that the data contains PII and those data have been downloaded from the NDA, the data will immediately be moved to a private state to prevent any further downloads. NDA staff will then work with the submitting lab to expunge the data. Resubmission of the data without PII is expected in a timely manner. NDA staff will then notify those users that have downloaded the data containing PII and instructing them to expunge the PII. NDA staff will notify the submitting lab that the users downloading the data have been contacted. An incident report will be maintained for a period of at least five years.

^ top of page

SOP-17 Development Access to NDA

Revision 1

Effective 2/28/2020

Purpose

The purpose of this SOP is to outline the steps for individuals to request access to NDA for software development purposes. This is defined as access to the NDA to properly implement informatics approaches (e.g. computational pipelines, integrating data submission/extraction tools, developing phenotypic constructs, etc.).

Scope

This procedure applies to NDA contributors or participants in workshops or other projects affiliated with NDA, requiring short-term access to NDA.

Procedure

Individuals requesting development access to the NDA may send requests to the NDA Help Desk providing a reason for the request and the length of time development access is requested, not to exceed 30 days. In this message, the requester must assert that no data will be moved from the NDA or used for research purposes. 

The NDA Director determines whether or not to grant development access for the time period requested.

Related Procedures

^ top of page

SOP-18 Validation and Submission of Data

Effective 3/27/19

Purpose

The purpose of this SOP is to establish the technical steps necessary for users contributing data to NDA to validate that their data are compatible with the NIMH Data Archive (NDA) Data Dictionary and to submit validated data to the NDA database.

Scope

This procedure applies to all individuals submitting data as described in the Terms and Conditions of the Data Submission Agreement. This procedure requires that users complete SOP-02 Data Submission Privilege Request, and they harmonize their data with the NDA Data Dictionary as described in SOP-05A Contributor Quality Assurance and Quality Control.

The NDA holds biannual submission periods between December 1 and January 15, and between June 1 and July 15 of each year. Data can be submitted at any time.

Procedure 1: Validation of Data

Prior to submission of data, contributing users will make use of a tool provided by NDA to validate that the data are consistent with the associated structures in the NDA Data Dictionary.

To validate through a web browser:

  1. The user visits the web location of the NDA’s Validation and Upload Tool.
  2. The user selects the data files intended for submission. Any number of files can be submitted in one submission package, and all files must be in a CSV or TXT formatted NDA Submission Template that is associated with a valid NDA Data Dictionary structure.
  3. The tool provides the user with a report of the validation results.
  4. The validation results report both errors and warnings for each affected data element and record number within the data files:
    1. Errors: Discrepancies between the Data Dictionary structure and the data file that must be resolved before data can be submitted.
    2. Warnings: Aspects of the file which may require attention, or do not conform to best practices, but will not affect the submission of the data.
  5. The user is responsible for resolving errors produced in the validation report by correcting the file or contacting NDA to resolve any issues in the Data Dictionary.
  6. If the user is uploading data with associated files (e.g. DICOM images), they will add those files to the tool, which will match them to associated records in the data.

To validate through a web service:

The NDA Validation Web Service used by the browser-based tool is also available to contributors for use with applications of their own. This is a RESTful interface for validating a data structure before submission to the NDA. Documentation is available here: https://ndar.nih.gov/api/validation/docs/swagger-ui.html.

Procedure 2: Submission of Data

Submitting through a web browser

  1. Once a set of files has passed validation, the browser-based tool will allow the user to proceed with the creation of a submission package for those validated files.
  2. The user must log in to the tool after a successful validation session.
  3. The user selects a destination for their submission package from a list of their available Collections or other endpoints.
  4. The user names the package. The name will appear in their Collection as the title of the Submission and is also what secondary data users will see when accessing the Collection data.  Users should name their submission packages as specifically as possible.
  5. The user provides a description of the package contents.  The description will be seen by NDA staff and not by secondary data users.
  6. The user confirms that no Personally Identifiable Information is included in the package.
  7. The user initiates the upload through the tool.

Submitting through a web service:

The submission web service used by the web browser-based tool is also available to contributors for use with their own applications. This is a RESTful interface for creating a submission package for multiple data files that have successfully passed validation. Documentation can be found here: https://ndar.nih.gov/api/submission-package/docs/swagger-ui.html.