Standard Operating Procedures

The NIMH Data Archive (NDA) is a protected resource for research data contributed by investigators, funded by the NIH and other organizations. The NDA contains detailed research data derived from consenting human subjects. Operational procedures have been established to ensure that the data contained in the NDA are efficiently made available to qualified researchers according to the protections defined for the NDA and other federal policies. These procedures apply to the NDA generally and all research clusters operated within the NDA infrastructure.

The Standard Operating Procedures (SOPs) described below are to be followed by the NIH, their designees, and NDA users. Note that these procedures may require an investigator to upload a document into their NDA user account profile and possibly associate these documents with an NDA Collection or NDA Study. Only the investigator and NDA staff will have access to these documents unless indicated otherwise. For any other questions or feedback, please contact the NDA Help Desk.

^ top of page

SOP-01 NDA Account Request

Revision 2
Effective 3/1/16

Purpose

The purpose of this SOP is to define the steps for requesting a user account to use in accessing shared data in an NDA repository, assisting a project contribute data to the NDA, create GUIDs using participant PII, or any other purpose. A request for an NDA user account is the first step in obtaining access privileges in the NDA system.

Scope

This procedure applies to all account requests and the users who request them. This procedure requires 1-3 business days for accounts. Account requests that involve access to shared data or data submission privileges will take longer.

Procedure

Account Request Initiation
  1. The user requests an account:
    1. Navigate to an account request page on an appropriate website operated by the NDA.
    2. Complete the form by filling in the information required.
  2. NDA staff are notified that the request is awaiting review.
Account Request Review and Approval
  1. NDA staff review the information provided in the request.
  2. NDA staff may contact the user for more information about the intended use of their NDA account depending on the information provided and the privileges requested.
  3. Based on the information provided and results of the review, the NDA Data Access Committee has delegated to NDA staff the ability to approve user accounts for privileges required to work on projects submitting data (SOP-02), or initiate the process to request access to shared data (SOP-03)
  4. An email is sent to the user with instructions on using the account or taking further steps to obtain approval.

Related Procedures

^ top of page

SOP-02 Data Submission Privilege Request

Revision 2
Effective 3/1/16

Purpose

The purpose of this SOP is to define the steps necessary to request, review, and approve data submission privileges in the NDA.

Scope

This procedure applies to all investigators and data managers who will submit descriptive data, analyzed data, and supporting documentation associated with a research study to an NDA Collection, or a point of contact responsible for acting on behalf of the investigator and/or data manager. This procedure should only be completed once per grant, contract, project, or once for each NDA Collection. This procedure typically requires 5-7 business days.

Procedure

Data Submission Privilege Request Initiation
  1. After completing SOP-01 and obtaining a valid user account, the user downloads and completes the Data Submission Agreement
    1. The agreement must be signed by two parties:
      • The Principal Investigator or person responsible for collecting the data
      • The NIH-recognized business official at the investigator's affiliated institution. This is someone listed as a Signing Official in the institution's eRA Commons profile.
  2. The user creates an Adobe PDF file of the signed agreement. 
  3. The investigator uploads the PDF file to his/her NDA user account profile or emails the document to the NDA Help Desk.
  4. The NDA system notifies NDA staff that the request is awaiting review.
Review and Approval
  1. NDA staff review the Data Submission Agreement for completeness.
    1. NDA staff ensure that the signing business official is recognized by the NIH as having the appropriate authority.
  2. NDA staff set an appropriate agreement expiration date based on the lifespan of the project. The agreement may be extended as necessary by contacting The NDA Help Desk.
  3. NDA staff provide the agreement and a summary of the request to the NDA Data Access Committee (DAC) for decision. The DAC reviews these requests and makes a decision based on the expectations outlined in the NDA Policy, or delegates this authority to NDA staff. The user may be contacted for additional information to support the decision.
  4. Once the request is approved, NDA staff update the NDA Collection and the associated account privileges, permitting the investigator to submit data and supporting documentation.
  5. An email is sent notifying the investigator of these changes.

Related Procedures

^ top of page

SOP-03 NDA Certification and Assurance to Operate

As a Federal Information System, the NDA will follow NIH Security Certification and Accreditation. The NDA is rated at a Security Objective of Confidentiality and a Potential Impact Level of Moderate. This level of security is defined by NIST publication 800-18 Guide for Developing Security Plans for Federal Information Systems:

"The unauthorized disclosure of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals."

Related Procedures

^ top of page

SOP-04A Data Access Permission Request: Controlled Access

Revision 2
Effective 3/27/19

Purpose

The purpose of this SOP is to establish the steps for requesting new or continued access to the shared data available in a controlled-access repository in the NIMH Data Archive (NDA).

Scope

This procedure applies to all individuals interested in gaining access to shared research data in one of NDA’s controlled-access data repositories. This procedure must be completed after SOP-01 NDA Account Request.

Procedure

Data Access Permission Request Initiation

  1. The user completes a Data Use Certification (DUC) form via the Data Access Request workflow that is initiated from the Data Permissions Dashboard. The user inputs information regarding which controlled-access Collection they are requesting to access, the lead investigator’s contact information, names and contact information for all other data recipients who will be accessing and working with the data, a Research Data Use Statement, and an agreement to follow the NDA data use terms and conditions.  Additional data recipients should be affiliated with the same sponsoring institution as the lead investigator.  If an additional data recipient is not affiliated with the same sponsoring institution as the lead investigator, the business official who signs the DUC must email NDA and acknowledge signing for an NDA user who is not at their institution. The Data Permissions Dashboard is available to users with an NDA account and lists each of the controlled-access research data repositories available in NDA.
  2. The user downloads the completed DUC, which is then signed by 2 parties:
    • The investigator who will be the lead recipient of the data.  This is the user who has initiated the Data Access Request.
    • The NIH-recognized business official at the investigator's sponsoring institution. This signature must be from an individual who is listed as having signing authority in the eRA Commons system. Contact the NDA Help Desk for a list of authorized business officials at your institution.
  3. The user uploads the signed DUC to their open Data Access Request on their dashboard, completing the process. Those unable to complete the workflow electronically can also complete the PDF manually and email it to the NDA Help Desk.

Data Access Permission Request Review and Approval

  1. NDA staff review the Data Use Certification for completeness. This includes verifying that the FWA of the investigator's sponsoring institution is active, the signing official is recognized as having this authority by the NIH, and that all required fields on the DUC form have been completed.
  2. The request is sent to the appropriate Data Access Committee (DAC).
  3. The DAC reviews requests for access based upon research subject protection and adherence to the data use limitations consented to by the research subjects, and not on scientific merit or availability of data. Decisions to approve access are typically made within 10 business days from receipt of a completed Data Use Certification.
  4. Once approved, NDA staff notify the individuals requesting access and update account privileges.
  5. Access to NDA shared data is valid for one year.

Data Access Permission Renewal Request

NDA users can extend the term of an existing DUC by an additional year by completing a new Data Use Certification, indicating in the Access Request section that the DUC is a Renewal application type, and completing section 4 to describe research outcomes generated with the data thus far.   The renewal DUC is submitted through the Permissions Dashboard using the same procedure as for a new DUC. 

Adding Data Recipients to an existing Data Use Certification

Lead investigators should add data recipients to a DAR before the institutional business official has signed the DUC and before the request has been reviewed by the NDA DAC.  In order to add new data recipients after a DAR has been approved, the lead investigator should submit via email to the NDA helpdesk a new DUC that includes the name and contact information for the new data recipient(s) and is signed by the lead investigator and the institutional business official.

Data recipients added to existing DUCs will be subject to the current expiration date for that DUC.

SOP-04B Data Access Permission Request: Open Access

Purpose

The purpose of this SOP is to establish the steps for requesting new or continued access to the shared data available in an open-access repository in the NIMH Data Archive (NDA).

Scope

This procedure applies to all individuals interested in gaining access to shared research data in one of NDA’s open-access data repositories. This procedure must be completed after SOP-01 NDA Account Request.

Procedure

  1. The user initiates the Data Access Request through the Data Permissions Dashboard, selecting a single open-access data repository.
  2. The user reviews the Terms of Conditions for access for the selected repository, which outline expectations for responsible data use.
  3. Upon accepting the Terms and Conditions for accessing NDA data, the user is granted access to the selected open-access repository and receives a confirmation email.
  4. Access to NDA shared data is valid for one year.

Data Access Permission Renewal Request

NDA users can extend the term of access by an additional year by completing a new Data Access Request – repeating the steps in this procedure up to 60 days prior to the expiration date of the access. 

Data Recipients

Data Access Requests for open-access repositories can be submitted by the individual who is responsible for maintaining the data and that data cannot be shared with unauthorized users. Individuals cannot submit or sponsor a request for access to shared data on behalf of others under this procedure.

^ top of page

SOP-05A Contributor Quality Assurance and Quality Control

Effective: 03/27/19

Purpose

The high quality of data within NDA is crucial for ensuring its usefulness and reliability for research. Therefore, the NIH has implemented a multi-tiered quality control procedure for data contributed to NDA. SOP-05A establishes the quality control steps NDA contributors are expected to perform as part of the standard process for submitting and sharing data through NDA.

Scope

This SOP applies to all users submitting and sharing data through NDA.

Procedure 1: Ensuring data do not contain Personally Identifiable Information

Prior to submitting data, contributing users and their institutional business officials will sign an NDA Data Submission Agreement in which they certify that the data do not contain any Personally Identifiable Information. Data submitters also agree to verify post-submission that submitted data lack identifying information.  NDA requires that all submitted data do not contain any information that even resembles PII.   NDA provisions data to authorized users for secondary analysis and thus masked PII may appear to secondary users as true PII. 

Information considered Personally Identifiable Information includes but is not limited to:

  1. Names (Patient, Operator, Physician, Relative, Employer, etc.);
  2. Birth dates;
  3. Initials;
  4. All geographic subdivisions smaller than a state, including street address, city, county, precinct, ZIP code, and their equivalent geocodes, except for a three digit zip code.
  5. Telephone numbers;
  6. Fax numbers;
  7. Email addresses;
  8. Social Security numbers;
  9. Medical record numbers;
  10. Health plan beneficiary numbers;
  11. Account numbers;
  12. Certificate or license numbers;
  13. Vehicle identifiers and license plate numbers;
  14. Device identifiers and serial numbers;
  15. URLs associated with an individual;
  16. IP addresses;
  17. Biometric identifiers;
  18. Full-face photographs and any comparable images; and
  19. Full-face videos unless actor or actress.

NDA maintains a Best Practices document to help contributing users locate and remove Personally Identifiable Information from datasets prior to submission to NDA. Please consult the most recent version of this document for more information.

Datatsets that contain information with any of these 19 characteristics will be handled on a case by case basis by NDA staff, investigators, and the appropriate institutional points of contact.

Procedure 2: Validation of Datasets Prior to NDA Submission

Contributors to NDA will use the NDA’s Validation and Submission Tools to perform a pre-submission Quality Control check on their datasets. This Quality check is a service provided by NDA and validates that data elements and data values within the dataset are consistent with the NDA Data Dictionary.  The full Validation and Submission of Data procedure is described in SOP-18 Validation and Submission of Data.

NDA contributors must correct all errors identified by the Validation Tool prior to submitting a data package.

Procedure 3: Correction of Errors within Datasets Submitted to NDA

NDA contributors are responsible for ensuring their data submissions are free of errors. The NIMH Data Archive provides an additional Quality Assurance service as part of its ingestion and sharing processes (SOP-05B NDA Quality Assurance and Quality Control). NDA contributors will correct any errors identified in this NDA QA/ QC process and update their data in a timely manner, as described in the following procedure.  

  1. The contributor receives an automated Quality Assurance/Quality Control notification from NDA that describes all errors identified in the post-submission QA/QC procedure.  The notification includes details on which records and datasets are affected by the identified errors
  2. The contributor determines which, if any, of the NDA-identified records constitute true data errors.
  3. The contributor resolves the errors within their version of the dataset(s).
  4. The contributor resolves the errors within the NDA version of the dataset in one of the following ways depending on data type:
    1. For cumulative datasets that do not include associated files (e.g. clinical assessments or other tabulated data), any dataset containing errors will be re-submitted in its entirety, through the Validation and Submission Tool.
    2. For non-cumulative dataset including associated files (e.g. imaging, EEG, etc.), Contributors will notify NDA Staff, who will resolve the errors.

SOP-05B NDA Quality Assurance and Quality Control

Purpose

The purpose of this SOP is to establish the steps NDA takes to promote the high quality of data made available through its infrastructure. Although ensuring the quality of shared data is the responsibility of the contributors, NDA provides a set of Quality Assurance/Quality Control services as part of its ingestion and sharing processes.

Scope

This SOP applies to NDA Staff.

Procedure

Reviewing for Personally Identifiable Information

NDA Staff will review newly submitted data to detect any Personally Identifiable Information, focusing primarily on data types that are generally most at-risk for containing direct identifiers.   If PII are identified, NDA staff will immediately mark the data as containing PII, making it unavailable to all users. NDA Staff will then generate a report on the location and type(s) of PII found, and an automated notification including this report will be sent to the Contributor.  If no PII are identified, NDA will certify that the data does not contain any Personally Identifiable Information

Validation of Data Files

NDA staff will use automated procedures or file-type specific tools to validate that the data can be opened and that the files that which is specified by their extension or in the data structure.

Validation of Documents within an NDA Collection or NDA Study

NDA contributors regularly upload supporting documentation for NDA Collections and NDA Studies.  NDA Staff validate those files according to the following procedure.

  1. A user with appropriate privilege uploads a document into an NDA Collection or NDA Study.
  2. The account holder certifies that the information contained in the document contains no identifying information.
  3. The NDA portal performs a virus scan of the document and accepts it.
  4. NDA Staff are notified of the uploaded document and performs a review of the document to verify that it contains no identifying information associated with research subjects, contains no research data, and its contents are consistent with its title and designated document type.
  5. The owner of the Collection or Study requests that the document be shared.
  6. The NDA Data Access Committee has delegated the authority to NDA Staff to determine the document may be shared with others.

Validation of NDA-compliant Data Elements in New Data Structures

Prior to the creation of a new structure in the NDA Data Dictionary or the establishment of a federated data resource whereby NDA users can access data in an external database, NDA Staff will review each data field and certify that the fields defined do not appear to include any information that can be reasonably used to identify a research subject or another individual associated with the research. See SOP-05A Contributor Quality Assurance and Quality Control for a list of identifiers.

Identification of Errors within Datasets Submitted to NDA

This procedure establishes how NDA identifies potential issues within submitted datasets and notifies contributors. SOP-05A Contributor Quality Assurance and Quality Control describes the procedure for contributors to resolve these issues. NDA maintains a description of errors that can be identified by this check.

  1. Within four months of each biannual submission period, NDA Staff use an automated process to assess each dataset. Where applicable cumulative datasets are compared to previous uploads of the same dataset and datasets are checked for internal consistency.
    1. NDA maintains a document describing these checks and the issues potentially identified.
  2. NDA Staff compile the results of this assessment into a single report for each Collection.
  3. NDA Staff send a single notification to the Principal Investigator or other Owner of each affected Collection, and responsible NIH Program and Grants Management staff.
  4. Contributors are asked to respond as described in SOP-05A Contributor Quality Assurance and Quality Control.

^ top of page

SOP-06 Establishment of a Federated Data Resource

Revision 2
Effective 3/1/16

Purpose

The purpose of this SOP is to outline the steps required to establish a federated resource. Data federation provides investigators with a single point of access to multiple data sources in addition to the shared data stored in the NDA.

Scope

This procedure applies to NDA staff and the NDA Data Access Committee (DAC).

Procedure

  1. NDA staff request DAC approval to pursue data federation with a specific data resource.
  2. NDA staff work with the prospective federated data resource and resolve issues associated with data definition, translation, security, and access.
  3. The NDA Director, working with NDA staff, will develop a data federation agreement between the prospective data resource and the NDA. The agreement will define the specific views of data to be made available and the persons or groups the federated resource has determined to have authority to grant access to those views.
  4. The DAC and federated data resource approve the data federation agreement.
  5. NDA staff perform data validation steps associated for each of the views established by the federated data resource.
  6. The DAC authorizes the data resource (or specific views into that resource) to be available through the NDA as defined by the agreement.

^ top of page

SOP-07 Data Dictionary Definition

Revision 2
Effective 3/1/16

Purpose

The purpose of this SOP is to outline the steps for adding a data structure to the NDA Data Dictionary.

Scope

This procedure applies to all investigators and data managers submitting data who wish to create a data structure. Duplication of data structures and data elements is to be avoided as much as possible. However, if no data structure exists for a given type of assessment or measure, we encourage the community to define the data structure.

Procedure

Investigators are encouraged to extend the Data Dictionary. To use an existing definition as a starting point for submitting changes or a new structure, download the definition file you wish to change, or one to use as an example, from the structure's definition page. This will be a CSV file that can be opened and edited in Microsoft Excel. After making your desired changes, email the updated spreadsheet and documentation of the changes made to the NDA Help Desk. The NDA will then curate the definition and if no changes are needed, publish it in the NDA Data Dictionary. Please note that for all NDA data definitions, the data elements subjectkey, src_subject_id, interview_age, interview_date, and sex are required.

^ top of page

SOP-08 GUID Generation Permission Request

Revision 2
Effective 3/1/16

Purpose

The purpose of this SOP is to define the steps for using the free GUID Tool software. This includes GUID Tool request initiation, review, approval, and verification.

Scope

This procedure applies to all investigators and data managers who need to generate GUIDs and pseudo-GUIDs for data submission, or researchers who have been approved to use the GUID Tool to generate identifiers for their non-NDA supported projects.

Procedure

GUID Tool Request Initiation
  1. When completing SOP-01, the user has an option to request access to the GUID Tool concurrent with their general account. If this was requested, the request is initiated through SOP-01. If not, the user initiates the request by emailing the NDA Help Desk
  2. NDA staff are notified that the request is awaiting review.
GUID Request Review and Approval
  1. NDA staff verify the information provided by the user and if appropriate, approve the request by updating the user's NDA account privileges. This allows the user to login to the GUID Tool software with their NDA account credentials.
  2. NDA staff notify the user of this approval.

Related Procedures

^ top of page

SOP-09 Request for Ongoing Study (Data Enclave) 

Revision 2
Effective 3/1/16

Purpose

The purpose of this SOP is to outline the steps for receiving the Ongoing Study capability, allowing a lab or group of investigators to establish a data enclave using the NDA for their use. This includes request initiation, review, and approval of the data enclave as defined by the NDA Policy, Section VI

Scope

The procedure applies to the Principal Investigators, Co-Investigators, and collaborators interested in this capability. This procedure is typically completed within10 business days after receiving a completed Ongoing Study Request.

Procedure

Ongoing Study Request Initiation

The PI sends the reason they would like to use the NDA's Ongoing Study capability including a description of the data that will be held by the NDA, the Co-Investigators, and the duration the data will be available only to the group. Note that the Principal Investigator must have a current Data Submission Agreement on file.

Ongoing Study Request Review and Approval
  1. NDA staff provide the ongoing study abstract and any related data access agreements to the NDA Data Access Committee (DAC).
  2. The DAC reviews the request and makes a decision based on the expectations outlined in the NDA Policy. NDA staff may contact investigators for additional information to support the decision.
  3. Once approved, NDA staff send an email to the Principal Investigator with the decision.
  4. Co-Investigators are then given accounts or their accounts are associated with the collection defined for the ongoing study.

Related Procedures

^ top of page

SOP-10 Request Time Extension for Sharing

Revision 2
Effective 3/1/16

The purpose of this SOP is to outline the steps for requesting a delay in the transition of submitted data from its initial private state to a shared state beyond the NDA prescriptive timelines. These requests may be made if there are reasons for which the release of data would be considered premature. Extensions are not granted for the sole purpose of delaying QA/QC activities.

Scope

This procedure applies to investigators who have submitted data to the NDA. This procedure is typically completed within 10 business days after receiving a completed Time Extension for Sharing Request.

Procedure

Time Extension Request Initiation
  1. The investigator develops a written request to extend the sharing of data associated with a specific NDA Collection or NDA Study which includes the following:
    1. The title of the NDA Collection or NDA Study for which the extension is requested.
    2. The scientific rationale for the extension.
    3. A description of the data requiring the extension.
    4. A schedule for the release of the data.
    5. A description of data that will be released in the original timeframe.
  2. The investigator emails the NDA with the reason for the time extension.
Time Extension Request Review and Approval
  1. If the data are associated with NIH-funded research, the NDA Data Access Committee or its representatives will consult with the NIH Program Officer to decide whether to support the request.
  2. NDA staff will update the status of the request in the NDA based upon the decision.

Related Procedures

^ top of page

SOP-11 Deviations to Data Sharing Terms

Revision 2
Effective 3/1/16

Purpose

The purpose of this SOP is to outline the steps necessary to change the data-sharing terms associated with NIH-funded research. Over the course of research, circumstances may arise that necessitate a change in the terms.

Scope

This procedure applies to all investigators who submit data, or may be expected to submit data, to NDA.

Procedure

  1. The investigator defines the scientific need to deviate from the established terms and conditions.
  2. The investigator emails the concern to the NDA Help Desk or edits the Data Expected schedule in the relevant NDA Collection.
  3. NDA staff will forward the request to the DAC and appropriate NIH Program Officer.
  4. The Data Access Committee (DAC) or its representatives and the Program Officer will approve the request or consult with the investigator for clarification/modification.
  5. Once approved, the investigator makes the appropriate changes to the Data Expected schedule, and NDA staff will update their records on when the specified data will be submitted.

Related Procedures

^ top of page

SOP-12 Administrative Access to NDA

Revision 1

Effective 3/1/16

Purpose

The purpose of this SOP is to outline the steps for receiving administrative access to NDA systems. Administrative access is defined as user account privileges needed to perform tasks associated with administering the system, rather than for research purposes.

Scope

This procedure applies to all NDA technical staff, NDA operational staff, and extramural program staff who must have the ability to query and review data within NDA or access NDA-maintained tools in order to perform their job. NIH Intramural staff who wish to request access to NDA shared data should follow SOP-04.

Procedure

NDA Staff

The NDA Director is responsible for granting individual access to those administering the NDA. The Director may choose to delegate the responsibility of granting access to other NDA staff.

Extramural Program Staff

Requests for such access will be approved by the Data Access Committee (DAC) or delegated to NDA staff. Requests should be addressed to the NDA Help Desk and must provide the reason that access to data in the NDA is needed.

Related Procedures

^ top of page

SOP-13 Request to Submit Data to an NDA Federated Repository

Purpose

Federation with a repository is used when the data source wishes to retain greater control over the access of data and not directly submit the data to the NDA.While most data are expected to be submitted directly into the NDA, there may be valid scientific and/or operational reasons for submitting data, either descriptive and/or experimental, into another repository and not the NDA. However, to ensure that data remains available to the research community, only repositories that are federated with the NDA, make the data generally available to the research community, and have a Memo of Understanding (MOU) in place with the NDA ensuring such data deposited remain available to the research community in perpetuity, will be considered.

The following procedure should be followed for such cases.

Procedure

An investigator who wishes to use another repository for data sharing should first consult with his/her Program Officer. If the Program Officer believes that it is appropriate for the investigator to submit to another repository, the investigator should provide the following information to the NDA Help Desk:

  • NIH grant information (title, PI, grant number, etc.)
  • Background and reason for submitting into another repository
  • Submission and data sharing schedule, if different from the terms of award
  • Name of the federated repository proposed for data submission where the data will be made available.

NDA Staff will provide the request to submit and share data through a federated repository and any related information to the NDA Data Access Committee (DAC) for a decision. NDA Staff may contact investigators and/or the Program Officer for additional information, if required. The DAC reviews the request and makes a decision based on the information provided in the request. Final approval of the request to submit to another repository instead of the NDA is contingent upon approval from both the Program Officer and the DAC. Once approved, NDA Staff will send an email to the lead investigator with the decision. The entire procedure typically requires 10 business days.

^ top of page

SOP-14 Removal of Subject Data from the NDA

Revision 1

Effective 3/1/16

Purpose

The purpose of this SOP is to outline the steps to request removal of participant data from the NDA.

Scope

SOP-14 applies to all investigators who have submitted data to the NDA and who have received a request from a previously consented participant to have their data removed from the NDA.

Procedure

In the event that a research participant withdraws his/her consent, please email the NDA Help Desk with the request referencing this procedure and the GUID(s) associated with the subject(s) requiring removal. As per NDA policy, data that have been distributed for approved research use will not be retrieved.

^ top of page

SOP-15 Discovery of Personally Identifiable Information (PII) within NDA Protected Data

Purpose

Investigators submitting data to the NDA must certify that all data is de-identified as defined in the NDA Data Submission Agreement. While NDA reviews all data submitted for PII (see SOP-5), the potential still exists for PII to be found. If this happens, the following procedure applies.

Scope

SOP-15 applies to individuals with access to NDA protected data that may have discovered potential PII in the NDA or one of its federated repositories. This includes NDA staff, program staff, an individual at the submitting lab, or a user with permission to access data in the NDA.

Procedure

Persons discovering potential PII should contact the NDA Help Desk ideally including the lab, data structure, elements, and GUIDs that potentially contain the PII. Within 1 business hour, NDA staff will review and make a determination if the data is PII.

If a determination is made that the data includes PII and those data have not been shared or downloaded, the NDA will immediately expunge the data.

If a determination is made that the data contains PII and those data have been downloaded from the NDA, the data will immediately be moved to a private state to prevent any further downloads. NDA staff will then work with the submitting lab to expunge the data. Resubmission of the data without PII is expected in a timely manner. NDA staff will then notify those users that have downloaded the data containing PII and instructing them to expunge the PII. NDA staff will notify the submitting lab that the users downloading the data have been contacted. An incident report will be maintained for a period of at least five years.

^ top of page

SOP-17 Informatics Access to the NDA

Purpose

Those needing access to the NDA to properly implement informatics approaches (e.g. for computational pipelines, integrating data submission/extraction tools, developing phenotypic constructs or other specific needs) may request an NDA account.

Scope

Informatics access to the NDA will be for very brief periods of time (not to exceed 30 days) and can only be used to exercise system functionality. Movement of data from the NDA or access to any data for research purposes is prohibited. The NDA Director is responsible for granting informatics access.

Procedure

Individuals requesting informatics access to the NDA may send requests to the NDA Help Desk providing a reason for the request, the length of time needed and provide an assertion that no data will be moved from the NDA or used for research purposes. 

The NDA Director will then make a decision on whether or not to grant informatics access for the time period requested.

Related Procedures

^ top of page

SOP-18 Validation and Submission of Data

Effective 3/27/19

Purpose

The purpose of this SOP is to establish the technical steps necessary for users contributing data to NDA to validate that their data are compatible with the NIMH Data Archive (NDA) Data Dictionary and to submit validated data to the NDA database.

Scope

This procedure applies to all individuals submitting data as described in the Terms and Conditions of the Data Submission Agreement. This procedure requires that users complete SOP-02 Data Submission Privilege Request, and they harmonize their data with the NDA Data Dictionary as described in SOP-05A Contributor Quality Assurance and Quality Control.

The NDA holds biannual submission periods between December 1 and January 15, and between June 1 and July 15 of each year. Data can be submitted at any time.

Procedure 1: Validation of Data

Prior to submission of data, contributing users will make use of a tool provided by NDA to validate that the data are consistent with the associated structures in the NDA Data Dictionary.

To validate through a web browser:

  1. The user visits the web location of the NDA’s Validation and Upload Tool.
  2. The user selects the data files intended for submission. Any number of files can be submitted in one submission package, and all files must be in a CSV or TXT formatted NDA Submission Template that is associated with a valid NDA Data Dictionary structure.
  3. The tool provides the user with a report of the validation results.
  4. The validation results report both errors and warnings for each affected data element and record number within the data files:
    1. Errors: Discrepancies between the Data Dictionary structure and the data file that must be resolved before data can be submitted.
    2. Warnings: Aspects of the file which may require attention, or do not conform to best practices, but will not affect the submission of the data.
  5. The user is responsible for resolving errors produced in the validation report by correcting the file or contacting NDA to resolve any issues in the Data Dictionary.
  6. If the user is uploading data with associated files (e.g. DICOM images), they will add those files to the tool, which will match them to associated records in the data.

To validate through a web service:

The NDA Validation Web Service used by the browser-based tool is also available to contributors for use with applications of their own. This is a RESTful interface for validating a data structure before submission to the NDA. Documentation is available here: https://ndar.nih.gov/api/validation/docs/swagger-ui.html.

Procedure 2: Submission of Data

Submitting through a web browser

  1. Once a set of files has passed validation, the browser-based tool will allow the user to proceed with the creation of a submission package for those validated files.
  2. The user must log in to the tool after a successful validation session.
  3. The user selects a destination for their submission package from a list of their available Collections or other endpoints.
  4. The user names the package. The name will appear in their Collection as the title of the Submission and is also what secondary data users will see when accessing the Collection data.  Users should name their submission packages as specifically as possible.
  5. The user provides a description of the package contents.  The description will be seen by NDA staff and not by secondary data users.
  6. The user confirms that no Personally Identifiable Information is included in the package.
  7. The user initiates the upload through the tool.

Submitting through a web service:

The submission web service used by the web browser-based tool is also available to contributors for use with their own applications. This is a RESTful interface for creating a submission package for multiple data files that have successfully passed validation. Documentation can be found here: https://ndar.nih.gov/api/submission-package/docs/swagger-ui.html.