Standard Operating Procedures

The NIMH Data Archive (NDA) is a protected resource for research data contributed by investigators, funded by the NIH and other organizations. NDA contains detailed research data derived from consenting human subjects. Operational procedures have been established to ensure that the data contained in NDA are efficiently made available to qualified researchers according to the protections defined for NDA and other federal policies. These procedures apply to NDA generally and all research clusters operated within the NDA infrastructure.

The Standard Operating Procedures (SOPs) described below are to be followed by the NIH, their designees, and NDA users. Note that these procedures may require an investigator to upload a document into their NDA user account profile and possibly associate these documents with an NDA Collection or NDA Study. Only the investigator and NDA staff will have access to these documents unless indicated otherwise. For any other questions or feedback, please contact the NDA Help Desk.

^ top of page

SOP-01 NDA Account Creation

Revision 2
Effective 3/1/16

Purpose

The purpose of this SOP is to define the steps for requesting a user account to use in accessing shared data in an NDA repository, assisting a project contribute data to NDA, create GUIDs using participant PII, or any other purpose. A request for an NDA user account is the first step in obtaining access privileges in the NDA system.

Scope

This procedure applies to all account requests and the users who request them. This procedure requires 1-3 business days for accounts. Account requests that involve access to shared data or data submission privileges will take longer.

Procedure

Account Request Initiation
  1. The user creates an NDA account by:
    1. Logging into NDA with one of three Research Authentication Service (RAS) Identities (eRA Commons, Login.gov, NIH Smart Card)
    2. Once authenticated with RAS, complete the Create an Account form by filling in the required information.
  2. NDA staff are notified that the account is awaiting review.
Account Review and Verification
  1. NDA staff review the account information provided.
  2. NDA staff may contact the user for more information about the intended use of their NDA account depending on the information provided and the privileges requested.
  3. Based on the information provided and results of the review, the NDA Data Access Committee has delegated to NDA staff the ability to approve user accounts for privileges required to work on projects submitting data (SOP-02), or initiate the process to request access to shared data (SOP-03).
  4. An email is sent to the user with instructions on using the account or taking further steps to obtain approval.

Related Procedures

^ top of page

SOP-02 Data Submission Privilege Request

Revision 2

Effective 3/1/16

Purpose

The purpose of this SOP is to define the steps necessary to request, review, and approve data submission privileges in NDA.

Scope

This procedure applies to all investigators and data managers who will submit descriptive data, analyzed data, and supporting documentation associated with a research study to an NDA Collection, or a point of contact responsible for acting on behalf of the investigator and/or data manager. This procedure should only be completed once per grant, contract, project, or once for each NDA Collection. This procedure typically requires 5-7 business days.

Procedure

Data Submission Privilege Request Initiation
  1. After completing SOP-01 and obtaining a valid user account, the user downloads and completes the Data Submission Agreement .
    1. The agreement must be signed by two parties:
      • The Principal Investigator or person responsible for collecting the data
      • The NIH-recognized business official at the investigator's affiliated institution. This is someone listed as a Signing Official in the institution's eRA Commons profile.
  2. The user creates an Adobe PDF file of the signed agreement.
  3. The investigator uploads the PDF file to his/her NDA account or emails the document to the NDA Help Desk .
  4. The NDA system notifies NDA staff that the request is awaiting review.
Review and Approval
  1. NDA staff review the Data Submission Agreement for completeness.

    1. NDA staff ensure that the signing business official is recognized by the NIH as having the appropriate authority
  2. NDA staff set an appropriate agreement expiration date based on the lifespan of the project. The agreement may be extended as necessary by contacting The NDA Help Desk .
  3. NDA staff provide the agreement and a summary of the request to the NDA Data Access Committee (DAC) for decision. The DAC reviews these requests and makes a decision based on the expectations outlined in the NDA Policy, or delegates this authority to NDA staff. The user may be contacted for additional information to support the decision.
  4. Once the request is approved, NDA staff update the NDA Collection and the associated account privileges, permitting the investigator to submit data and supporting documentation.
  5. An email is sent notifying the investigator of these changes.

Related Procedures

^ top of page

SOP-03 NDA Certification and Assurance to Operate

As a Federal Information System, NDA will follow NIH Security Certification and Accreditation. NDA is rated at a Security Objective of Confidentiality and a Potential Impact Level of Moderate. This level of security is defined by NIST publication 800-18 Guide for Developing Security Plans for Federal Information Systems:

"The unauthorized disclosure of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals."

Related Procedures

^ top of page

SOP-04A Data Access Permission Request – Institutional Sponsorship (Broad Use and Controlled Access)

Revision 5
Effective 1/28/2021

Purpose

The purpose of this SOP is to establish the steps for requesting new or continued access to a subset of shared broad use or Controlled Access data available in the NIMH Data Archive (NDA).

Scope

This procedure applies to all individuals and their institutions submitting a Data Access Request (DAR) to access shared research data in one of NDA’s Broad Use or Controlled Access Permission Groups. This procedure must be completed after SOP-01 NDA Account Request.

Key Terms

Access to shared NDA data is provisioned at the level of an NDA Permission Group. NDA Permission Groups consist of one or multiple NDA Collections that contain data with the same subject consents.

An NDA Collection is a virtual container for data and other information related to a project/grant. It provides important information about the project, funding amounts, reported enrollment, data sharing schedule, and results. Each NDA Collection contains data with the same subject consents and is associated with one NDA Permission Group.

NDA hosts three types of Permission Groups:

Broad Use Permission Groups consist of one or multiple NDA Collections that contain data that all have consented for broad research use.

Controlled Access Permission Groups consist of one or multiple NDA Collections that contain data with the same subject consent-based data use limitations. SOP-04A (Data Access Permission Request – Institutional Sponsorship) describes the Data Access Request (DAR) procedure for Broad Use and Controlled Access Permission Groups in NDA.

Open Access Permission Groups consist of one or multiple NDA Collections that contain data that have all been consented for broad research use and for which the submitting investigator and their research institution have agreed in their NDA Data Submission Agreement (DSA) that access to qualified individuals is available without the need for Institutional Sponsorship. SOP-04B describes the Data Access Request (DAR) procedure for Open Access Permission Groups in NDA.

Policies

Users with NDA credentials must submit Data Access Requests (DAR) for one NDA Permission Group at a time. Each DAR requires an NDA Data Use Certification (DUC) signed by the lead recipient and an authorized Signing Official from the recipient’s research institution. All recipients on a Data Access Request/Data Use Certification must be affiliated with the lead recipient’s research institution.

Recipients who change institutional affiliation will be removed from an existing active DUC and they must submit a new DUC from their new institution in order to retain access. If the Lead Recipient on a DUC changes institutions, they may identify another Recipient on the DUC as a replacement.

Data Access Requests for a given NDA Permission Group are reviewed by one NIH-staffed Data Access Committee (DAC).

Procedure

New Data Access Requests
  1. The authenticated user initiates a Data Access Request (DAR) for an NDA Permission Group by selecting to “request access” in the NDA Data Permissions Dashboard.
    • The NDA Data Permissions Dashboard lists each of the Permission Groups for all shared data in NDA.
    • Each DAR is for one NDA Permission Group.
  2. The user enters a Research Data Use Statement, the lead recipient’s contact information, and names and contact information for all other recipients who would access and work with the data. The user identifies a Signing Official (SO) at their research institution who will review and sign the Data Use Certification (DUC) and then agrees to follow the NDA data use terms and conditions.
    • Data Access Requests (DAR) for Controlled Access Permission Groups should include a Research Data Use Statement that appropriately addresses consent-based data use limitations for that Permission Group.
    • The recipient’s research institution must have an active Federal-Wide Assurance ( https://www.hhs.gov/ohrp/federalwide-assurances-fwas.html).
    • All recipients listed on a DAR must be affiliated with the lead recipient’s research institution. Collaborators at different research institutions may submit a DAR with the same Research Data Use Statement, sponsored by their affiliated research institution.
  3. The user downloads the Data Use Certification (DUC) PDF, which is then signed by 2 parties: (1) The investigator who will be the lead recipient of the data, who is also the user who has initiated the Data Access Request, and (2) The NIH-recognized Signing Official (SO) at the investigator's sponsoring institution.
    • This SO should be listed as having signing authority in the eRA Commons system. Contact the NDA Help Desk for a list of authorized business officials at your institution.
    • Other recipients cannot be added by editing the downloaded DUC PDF. All other recipients must be added to the NDA DAR software.
  4. The authenticated user uploads the signed DUC to the appropriate “active request” on their NDA Permissions Dashboard, completing the access request process.
  5. NDA staff review the DUC for completeness. This includes verifying that the FWA of the recipient institution is active, the signing official is recognized as having this authority by the NIH, that all required fields on the DUC form have been completed, and that no other recipients have been manually added to the DUC.
  6. The request is sent to the appropriate Data Access Committee (DAC).
  7. The DAC reviews data access requests based upon research subject protection and adherence to the data use limitations consented to by the research subjects, and not on scientific merit or availability of data.
    • Decisions to approve access are typically made within 10 business days from receipt of a completed Data Use Certification.
  8. NDA notifies the requester and all recipients on the DAR of the outcome of the DAC decision. NDA data access privileges are updated accordingly. All recipients must agree to the DUC terms and conditions before gaining data access.
  9. Recipients on approved data access requests will have valid access to the shared data in a given permission group for one year. Access will be revoked one year from the DAC approval if a renewal request has not been approved
  10. Recipients on denied data access requests have the option to submit a new data access request that addresses the DAC reason for denial.
Data Access Request Renewal
  1. The authenticated user initiates a Data Access Request (DAR) renewal for an NDA permission group to which they are already authorized to access by selecting to “renew access” in the NDA Data Permissions Dashboard.
    • DAR renewals should be submitted 60 days prior to access expiration to avoid any lapse in access. All recipients must delete all NDA data immediately upon expiration of a DUC.
  2. The user enters a progress report that lists any publication, computational pipeline, or other public disclosure of results from the analysis of NDA data accessed during the previous access period. The user is expected to create an NDA Study for these outcomes and to include the NDA Study ID in the progress report (https://nda.nih.gov/nda/manuscript-preparation.html). The user may also update the Research Data Use Statement, the lead recipient’s contact information, and names and contact information for all other recipients who will be accessing and working with the data. The user identifies a Signing Official (SO) at their research institution who will review and sign the Data Use Certification (DUC) and then agrees to follow the NDA data use terms and conditions.
    • A DAR renewal must be associated with the same lead recipient and research institution. If the lead recipient has changed or if the lead recipient’s research institution affiliation has changed, a new DAR must be submitted.
    • The recipient’s research institution must have an active Federal-Wide Assurance ( https://www.hhs.gov/ohrp/federalwide-assurances-fwas.html).
    • All recipients listed on a DAR must be affiliated with one research institution. Collaborators at different research institutions may submit a DAR with the same research data use statement, sponsored by their affiliated institution.
Adding Data Recipients to an existing Data Use Certification

Lead recipients should add data recipients to a DAR before the institutional business official has signed the DUC and before the request has been reviewed by the NDA DAC. In order to add new data recipients after a DAR has been approved:

  1. The lead recipient submits via email to the NDA Helpdesk an updated version of the original, active DUC that includes the name and contact information for the new data recipient(s). The updated DUC must be newly signed by the lead recipient and the institutional Signing Official (SO).
  2. NDA will review the updated DUC to ensure that no other changes have been made to the DUC, the two required signatures are present, and the new data recipient(s) are affiliated with the lead recipient’s research institution.
  3. NDA staff will notify the lead recipient that the data recipients have been added to the existing active DUC.
    • Newly added other recipients will be subject to the original expiration date for that DUC.
Removing Data Recipients to an existing Data Use Certification

The lead recipient on a DUC must notify NDA if a recipient is no longer affiliated with the research institution on the DUC. That recipient will be removed from the DUC and access revoked. In order to remove data recipients after a DAR has been approved:

  1. The lead recipient submits via email to the NDA Helpdesk a request to remove a recipient from an active DUC.
  2. NDA will revoke that recipient’s access to the permission group on the DUC.
  3. NDA staff will notify the lead recipient and other recipients that the data recipient has been removed from the existing active DUC and access is revoked.

SOP-04B Data Access Permission Request - Individual Sponsorship (Open Access)

Revision 2
Effective 12/08/2020

Purpose

The purpose of this SOP is to establish the steps for requesting new or continued access to a subset of shared, open-access data available in the NIMH Data Archive (NDA).

Scope

This procedure applies to all individuals and their institutions submitting a Data Access Request (DAR) to access shared research data in one of NDA’s Open Access Permission Groups. This procedure must be completed after SOP-01 NDA Account Request.

Procedure

New Data Access Requests
  1. The authenticated user initiates a Data Access Request (DAR) for an NDA Open Access Permission Group by selecting to “request access” in the NDA Data Permissions Dashboard.
    • The NDA Data Permissions Dashboard lists each of the Permission Groups for all shared data in NDA.
    • Each DAR is for one NDA Permission Group.
    • Each recipient must log in to the NDA Data Permissions Dashboard to submit a DAR for an Open Access Permission Group. Users may not submit Data Access Requests on behalf of other NDA users.
  2. The user is presented with the NDA Data Use Certification Terms and, which outline expectations for responsible data use.
  3. The user clicks to accept the Terms and Conditions for accessing NDA data.
  4. NDA adds the user as an approved user to the given Open Access Permission Group.
  5. The approved receives a confirmation email from NDA.
  6. Access to NDA shared data is valid for one year and will be revoked one year from the DAC approval if a renewal request has not been approved.
Data Access Request Renewal
  1. The authenticated user initiates a Data Access Request (DAR) renewal for an NDA Open Access Permission Group to which they are already authorized to access by selecting to “renew access” in the NDA Data Permissions Dashboard.
    • DAR renewals should be submitted 60 days prior to access expiration to avoid any lapse in access. All recipients must delete all NDA data immediately upon expiration of a DUC.
  2. The user enters a progress report that lists any publication, computational pipeline, or other public disclosure of results from the analysis of NDA data accessed during the previous access period. The user is expected to create an NDA Study for these outcomes and to include the NDA Study ID in the progress report (https://nda.nih.gov/nda/manuscript-preparation.html).
  3. The user is presented with the NDA Data Use Certification Terms and, which outline expectations for responsible data use.
  4. The user clicks to accept the Terms and Conditions for accessing NDA data.
  5. NDA extends the approved user’s access to the given Open Access Permission Group.
  6. The approved receives a confirmation email from NDA.
  7. Access to NDA shared data is valid for one year and will be revoked one year from the DAC approval if a renewal request has not been approved.

^ top of page

SOP-05A Contributor Quality Assurance and Quality Control

Revision 4
Effective 12/2/2021

Purpose

The high quality of data within NDA is crucial for ensuring its usefulness and reliability for research. Therefore, the NIH has implemented a multi-tiered quality control procedure for data contributed to NDA. SOP-05A establishes the quality control steps NDA contributors are expected to perform as part of the standard process for submitting and sharing data through NDA.

Scope

This SOP applies to all users submitting and sharing data through NDA.

Procedure

1. Ensuring data do not contain Personally Identifiable Information

Prior to submitting data, contributing users and their institutional business officials will sign an NDA Data Submission Agreement (DSA) in which they certify that the data do not contain any individual identifiers. Data submitted to the NIMH Data Archive (NDA) should be stripped of all individual identifiers. However, the unique and intrinsically personal nature of clinical data, genomics data, brain imaging data, and other derivative data of which are included in these repositories, combined with new analytical methodologies and decreasing computing and storage costs, has altered the framework through which “identify-ability” can be defined. To protect and assure the confidentiality and privacy of all participants, all requests to access data in the NIMH Data Archive require acceptance of the Data Use Terms and Conditions contained in the NIMH Data Archive Data Use Certification (DUC), which is a separate document. That document requires that those accessing the data make no attempt to reidentify research participants. The nature of data types accepted into NDA is carefully considered before release to approved researchers who have agreed to protect the data.

Investigators who are submitting data that may be sensitive in some way (for example, raw data from personal tracking devices) should contact the NDA Help Desk prior to submitting data to NDA. Such sensitive data will be separated from the rest of the data in the NDA Collection and will only be open to investigators who provide proof that their IRB has approved the research they plan to do with the data.

2. Validation of Datasets Prior to NDA Submission

Contributors to NDA will use NDA’s Validation and Upload Tool to perform a pre-submission Quality Control check on their datasets. This Quality check is a service provided by NDA and validates that data elements and data values within the dataset are consistent with the NDA Data Dictionary. The full Validation and Upload of Data procedure are described in SOP-18 Validation and Submission of Data.

NDA contributors must correct all errors identified by the NDA Validation and Upload Tool prior to submitting a data package.

3. Correction of Errors within Datasets Submitted to NDA

NDA contributors are responsible for ensuring their data submissions are free of errors. The NIMH Data Archive provides an additional Quality Assurance service as part of its submission and sharing processes SOP-05B NDA Quality Assurance and Quality Control. NDA contributors will correct any errors identified in this NDA QA/ QC process and update their data in a timely manner, as described in the following procedure.

  1. The contributor receives an automated Quality Assurance/Quality Control notification from NDA that describes all errors identified in the post-submission QA/QC procedure. The notification includes details on which records and datasets are affected by the identified errors.
  2. The contributor determines which, if any, of the NDA-identified records constitute true data errors.
  3. The contributor resolves the errors within their version of the dataset(s).
  4. The contributor resolves the errors within the NDA version of the dataset(s) by re-submitting them through the NDA Validation and Upload Tool.
4. NDA Collection and NDA Study

An NDA Collection is a virtual container that is, at first, empty of research data. The NDA Collection owner/Principal Investigator (PI) will define the contents of their own NDA Collection based on their Data Expected list. NIMH Common Data Elements will also be added to each NDA Collection.

An NDA Study links a finding, data release, or publication directly to the underlying subject-level records for the data defined. Automatically, the NDA Study provides attribution (i.e., credit) for those that contributed the data. Data in an NDA Study can come from more than one NDA Collection.
Each NDA Study is issued a Digital Object Identifier (DOI), which is expected to be referenced in the publication as a persistent link to the supporting dataset. NDA Studies should be created before a publication is submitted to allow the dataset to be directly referenced in the publication.

The NDA website makes general information such as the project title, contributing investigators, and funding source available to the public for each NDA Collection and NDA Study. Users need authorization from NDA to access subject-level data beyond this summary information. Sharing an NDA Collection or NDA Study only makes general information available to others. The documentation contained in an NDA Collection or NDA Study must follow specific data sharing procedures, defined below.

^ top of page

SOP-05B NDA Quality Assurance and Quality Control

Purpose

The purpose of this SOP is to establish the steps NDA takes to promote the high quality of data made available through its infrastructure. Although ensuring the quality of shared data is the responsibility of the contributors, NDA provides a set of Quality Assurance/Quality Control services as part of its ingestion and sharing processes.

Scope

This SOP applies to NDA Staff.

Procedure

Reviewing for Personally Identifiable Information

NDA Staff will review newly submitted data to detect any Personally Identifiable Information, focusing primarily on data types that are generally most at-risk for containing direct identifiers. If PII are identified, NDA staff will immediately mark the data as containing PII, making it unavailable to all users. NDA Staff will then generate a report on the location and type(s) of PII found, and an automated notification including this report will be sent to the Contributor. If no PII are identified, NDA will certify that the data does not contain any Personally Identifiable Information

Validation of Data Files

NDA staff will use automated procedures or file-type specific tools to validate that the data can be opened and that the files that which is specified by their extension or in the data structure.

Validation of Documents within an NDA Collection or NDA Study

NDA contributors regularly upload supporting documentation for NDA Collections and NDA Studies. NDA Staff validate those files according to the following procedure.

  1. A user with appropriate privilege uploads a document into an NDA Collection or NDA Study.
  2. The account holder certifies that the information contained in the document contains no identifying information.
  3. The NDA portal performs a virus scan of the document and accepts it.
  4. NDA Staff are notified of the uploaded document and perform a review of the document to verify that it contains no identifying information associated with research subjects, contains no research data, and its contents are consistent with its title and designated document type.
  5. The owner of the NDA Collection or Study requests that the document be shared.
  6. The NDA Data Access Committee has delegated the authority to NDA Staff to determine the document may be shared with others.
Validation of NDA-compliant Data Elements in New Data Structures

Prior to the creation of a new structure in the NDA Data Dictionary or the establishment of a federated data resource whereby NDA users can access data in an external database, NDA Staff will review each data field and certify that the fields defined do not appear to include any information that can be reasonably used to identify a research subject or another individual associated with the research. See SOP-05A Contributor Quality Assurance and Quality Control for a list of identifiers.

Identification of Errors within Datasets Submitted to NDA

This procedure establishes how NDA identifies potential issues within submitted datasets and notifies contributors. SOP-05A Contributor Quality Assurance and Quality Control describe the procedure for contributors to resolve these issues. NDA maintains a description of errors that can be identified by this check.

  1. Within four months of each biannual submission period, NDA Staff use an automated process to assess each dataset. Where applicable cumulative datasets are compared to previous uploads of the same dataset and datasets are checked for internal consistency.
    1. NDA maintains a document describing these checks and the issues potentially identified.
  2. NDA Staff compile the results of this assessment into a single report for each NDA Collection.
  3. NDA Staff send a single notification to the Principal Investigator or other Owner of each affected NDA Collection, and the responsible NIH Program and Grants Management staff.
  4. Contributors are asked to respond as described in SOP-05A Contributor Quality Assurance and Quality Control.

^ top of page

SOP-06 Establishment of a Federated Data Resource

Revision 3
Effective 09/11/18

Purpose

The purpose of this SOP is to outline the steps required to establish a federated resource. Data federation provides investigators with a single point of access to multiple data sources in addition to the shared data stored in NDA.

Scope

This procedure applies to NDA staff and the NDA Data Access Committee (DAC).

Procedure

  1. NDA staff request DAC approval to pursue data federation with a specific data resource.
  2. NDA staff work with the prospective federated data resource and resolve issues associated with data definition, translation, security, and access.
  3. The NDA Director, working with NDA staff, will develop a data federation agreement between the prospective data resource and NDA. The agreement will define the specific views of data to be made available and the persons or groups the federated resource has determined to have authority to grant access to those views.
  4. The DAC and federated data resource approve the data federation agreement.
  5. NDA staff perform data validation steps associated with each of the views established by the federated data resource.
  6. The DAC authorizes the data resource (or specific views into that resource) to be available through NDA as defined by the agreement.

^ top of page

SOP-07 Data Dictionary Definition

Revision 3
Effective 09/12/18

Purpose

The purpose of this SOP is to outline the steps for defining Data Expected and specifically adding a data structure to the NDA Data Dictionary.

Scope

This procedure applies to all investigators and data managers submitting data who wish to create a data structure. Duplication of data structures and data elements is to be avoided as much as possible. However, if no data structure exists for a given type of assessment or measure, we encourage the community to define the data structure.

Procedure

Investigators are encouraged to extend the Data Dictionary. To use an existing definition as a starting point for submitting changes or a new structure, download the definition file you wish to change, or one to use as an example, from the structure's definition page. This will be a CSV file that can be opened and edited in Microsoft Excel. After making your desired changes, email the updated spreadsheet and documentation of the changes made to the NDA Help Desk. The NDA will then curate the definition and if no changes are needed, publish it in the NDA Data Dictionary. Please note that for all NDA data definitions, the data elements subjectkey, src_subject_id, interview_age, interview_date, and sex are required.

^ top of page

SOP-08 GUID Generation Permission Request

Revision: 4
Effective: 4/5/21

Purpose

The purpose of this SOP is to define the steps for using the NDA GUID Tool software to securely generate a de-identified research participant identifier. This includes the NDA GUID Tool and pseudoGUID (pGUID) request initiation, review, approval, verification, and access expiration.

Scope

This procedure applies to all investigators and data managers who need to generate GUIDs and pGUIDs for data submission or researchers who have been approved to use the NDA GUID Tool to generate identifiers for projects that are not submitting data to NDA (Third-party NDA GUID Tool users).

Procedure

Request GUID Tool Access
  1. NDA users with active accounts initiate the NDA GUID Tool Access request by emailing the NDA Help Desk from the email account associated with their NDA user account.
  2. NDA staff are notified that the request is awaiting review.
NDA GUID Tool Request Review and Approval (NDA Data Submitters)
  1. NDA staff verify that the user has submission privileges on an active NDA Collection.

  2. Verified requests are approved and NDA staff will notify the user with instructions to access the NDA GUID Tool with their NDA login credentials and to accept the NDA GUID Tool Terms of Use .

  3. Requests from users who are supporting NDA data submission, but do not have submission permission to their respective NDA Collection, will be marked as pending. NDA will notify the requester that the appropriate permissions are required prior to approval and provide instructions for assigning permissions.

NDA GUID Tool Request Review and Approval (Third-party users)
  1. Third-party NDA GUID Tool requests must be submitted by an NDA user with an active NDA account and an authorized Signing Official (SO) from that user’s institution. Requests should be emailed to the NDA Help Desk and include:
    1. A research use statement for the NDA GUID Tool and a requested access period.
    2. Indication if the research project is an NIH-funded study.
    3. A list of all users at the institution who will need access to generate GUIDs.
    4. Confirmation that the institution and users will adhere to the NDA GUID Tool Terms of Use. This includes but is not limited to adherence to terms for research use, appropriate use of GUIDs, security requirements, and acknowledgments.
  2. Requests are reviewed by NIMH on a case-by-case basis.
  3. If approved, NDA staff will notify the requesters with instructions to access the NDA GUID Tool with their NDA login credentials and to accept the NDA GUID Tool terms of use.
pseudoGUID (pGUID) Request Review and Approval
  1. NDA users must have both NDA GUID Tool access and must submit a justification request to the NDA Help Desk explaining why GUIDs are not able to be generated. The Principal Investigator should email the NDA Help Desk with a detailed explanation of why they are unable to generate real GUIDs for their research project. Email requests for pGUIDs should carbon copy (cc) the NIH Program Official and the institutional Signing Official (SO) and indicate the NDA Collection number associated with the request.
  2. NDA staff verify that the user has submission privileges on an active NDA Collection and has active NDA GUID Tool access.
  3. Requests are reviewed by NIMH on a case-by-case basis.
  4. If approved, NDA staff will provide the pGUIDs directly to the NDA user with submission permissions for the associated NDA Collection.
  5. NDA does not provision pGUIDs to third-party NDA GUID Tool users.
NDA GUID Tool Access Expiration
  1. NDA GUID Tool access for NDA data submitters expires when a user no longer has submission permissions on an active NDA Collection.

  2. NDA GUID Tool access expires after one year for users who are not submitting data to NDA. These users may submit a new request to maintain access, which will be reviewed by NDA staff, as outlined above.

Related Procedures

^ top of page

SOP-10 Request Time Extension for Sharing

Revision 2
Effective 3/1/16

Purpose

The purpose of this SOP is to outline the steps for requesting a delay in the transition of submitted data from its initial private state to a shared state beyond the NDA prescriptive timelines. These requests may be made if there are reasons for which the release of data would be considered premature. Extensions are not granted for the sole purpose of delaying QA/QC activities.

Scope

This procedure applies to investigators who have submitted data to NDA. This procedure is typically completed within 10 business days after receiving a completed Time Extension for Sharing Request.

Procedure

Time Extension Request Initiation
  1. The investigator develops a written request to extend the sharing of data associated with a specific NDA Collection or NDA Study which includes the following:
    1. The title of the NDA Collection or NDA Study for which the extension is requested.
    2. The scientific rationale for the extension.
    3. A description of the data requiring the extension.
    4. A schedule for the release of the data.
    5. A description of data that will be released in the original timeframe.
  2. The investigator emails NDA with the reason for the time extension.
Time Extension Request Review and Approval
  1. If the data are associated with NIH-funded research, the NDA Data Access Committee or its representatives will consult with the NIH Program Officer to decide whether to support the request.
  2. NDA staff will update the status of the request in NDA based upon the decision.

Related Procedures

^ top of page

SOP-11 Deviations to Data Sharing Terms

Revision 3
Effective 9/12/18

Purpose

The purpose of this SOP is to outline the steps necessary to change the data-sharing terms associated with NIH-funded research. Over the course of research, circumstances may arise that necessitate a change in the terms.

Scope

This procedure applies to all investigators who submit data or may be expected to submit data, to NDA.

Procedure

  1. The investigator defines the scientific need to deviate from the established terms and conditions.
  2. The investigator emails the concern to the NDA Help Desk or edits the Data Expected schedule in the relevant NDA Collection.
  3. NDA staff will forward the request to the DAC and appropriate NIH Program Officer.
  4. The Data Access Committee (DAC) or its representatives and the Program Officer will approve the request or consult with the investigator for clarification/modification.
  5. Once approved, the investigator makes the appropriate changes to the Data Expected schedule, and NDA staff will update their records on when the specified data will be submitted.

Related Procedures

^ top of page

SOP-12 Administrative Access to NIMH Data Archive (NDA)

Revision 2

Effective 09/12/18

Purpose

The purpose of this SOP is to outline the steps for receiving administrative access to NDA systems. Administrative access is defined as user account privileges needed to perform tasks associated with administering the system or carrying out oversight prescribed by a project’s funding organization, rather than for research purposes.

Scope

This procedure applies to all NDA technical staff, NDA operational staff, and extramural program staff who must have the ability to query and review data within NDA or access NDA-maintained tools to perform their job.

Procedure

For NDA Staff

The NDA Director is responsible for granting an individual access to those administering NDA. The Director may choose to delegate the responsibility of granting access to other NDA staff.

Administrative access is granted to NDA staff by system administrators on an as-needed basis when authorized by the NDA Director.

For Extramural Program Staff

NIH Extramural Program Staff automatically have access to research data and supporting information concerning their portfolio through the NDA infrastructure. To gain access for administrative purposes to other data, a member of NIH extramural staff can email NDAHelp@mail.nih.gov, specifying the type of data they are required to access.

Related Procedures

^ top of page

SOP-13 Request to Submit Data to an NDA Federated Repository

Review 2

Effective: 09/12/18

Purpose

Federation with a repository is used when the data source wishes to retain greater control over the access of data and not directly submit the data to NDA. While most data are expected to be submitted directly into NDA, there may be valid scientific and/or operational reasons for submitting data, either descriptive and/or experimental, into another repository and not NDA. However, to ensure that data remains available to the research community, only repositories that are federated with NDA, make the data generally available to the research community, and have a Memo of Understanding (MOU) in place with NDA ensuring such data deposited remain available to the research community in perpetuity, will be considered.

The following procedure should be followed for such cases.

Procedure

An investigator who wishes to use another repository for data sharing should first consult with his/her Program Officer. If the Program Officer believes that it is appropriate for the investigator to submit to another repository, the investigator should provide the following information to the NDA Help Desk

  • NIH grant information (title, PI, grant number, etc.)
  • Background and reason for submitting into another repository
  • Submission and data sharing schedule, if different from the terms of award
  • Name of the federated repository proposed for data submission where the data will be made available.

NDA Staff will provide the request to submit and share data through a federated repository and any related information to the NDA Data Access Committee (DAC) for a decision. NDA Staff may contact investigators and/or the Program Officer for additional information if required. The DAC reviews the request and makes a decision based on the information provided in the request. Final approval of the request to submit to another repository instead of NDA is contingent upon approval from both the Program Officer and the DAC. Once approved, NDA Staff will send an email to the lead investigator with the decision. The entire procedure typically requires 10 business days.

^ top of page

SOP-14 Removal of Subject Data from NDA

Revision 2

Effective 09/12/18

Purpose

The purpose of this SOP is to outline the steps to request the removal of participant data from NDA.

Scope

SOP-14 applies to all investigators who have submitted data to NDA and who have received a request from a previously consented participant to have their data removed from NDA.

Procedure

In the event that a research participant withdraws his/her consent, please email the NDA Help Desk with the request referencing this procedure and the GUID(s) associated with the subject(s) requiring removal. As per NDA Policy, data that have been distributed for approved research use will not be retrieved.

^ top of page

SOP-15 Discovery of Personally Identifiable Information (PII) within NDA Protected Data

Revision 1

Effective 09/12/18

Purpose

Investigators submitting data to NDA must certify that all data is de-identified as defined in the NDA Data Submission Agreement. While NDA reviews all data submitted for PII (see SOP-5), the potential still exists for PII to be found. If this happens, the following procedure applies.

Scope

SOP-15 applies to individuals with access to NDA-protected data that may have discovered potential PII in NDA or one of its federated repositories. This includes NDA staff, program staff, an individual at the submitting lab, or a user with permission to access data in NDA.

Procedure

Persons discovering potential PII should contact the NDA Help Desk ideally including the lab, data structure, elements, and GUIDs that potentially contain the PII. Within 1 business hour, NDA staff will review and make a determination if the data is PII.

If a determination is made that the data includes PII and those data have not been shared or downloaded, NDA will immediately expunge the data.

If a determination is made that the data contains PII and those data have been downloaded from NDA, the data will immediately be moved to a private state to prevent any further downloads. NDA staff will then work with the submitting lab to expunge the data. Resubmission of the data without PII is expected in a timely manner. NDA staff will then notify those users that have downloaded the data containing PII and instructing them to expunge the PII. NDA staff will notify the submitting lab that the users downloading the data have been contacted. An incident report will be maintained for a period of at least five years.

^ top of page

SOP-17 Development Access to NDA

Revision 1

Effective 2/28/2020

Purpose

The purpose of this SOP is to outline the steps for individuals to request access to NDA for software development purposes. This is defined as access to NDA to properly implement informatics approaches (e.g. computational pipelines, integrating data submission/extraction tools, developing phenotypic constructs, etc.).

Scope

This procedure applies to NDA contributors or participants in workshops or other projects affiliated with NDA, requiring short-term access to NDA.

Procedure

Individuals requesting development access to NDA may send requests to the NDA Help Desk providing a reason for the request and the length of time development access is requested, not to exceed 30 days. In this message, the requester must assert that no data will be moved from NDA or used for research purposes.

The NDA Director determines whether or not to grant development access for the time period requested.

Related Procedures

^ top of page

SOP-18 Validation and Submission of Data

Effective 3/27/19

Purpose

The purpose of this SOP is to establish the technical steps necessary for users contributing data to NDA to validate that their data are compatible with the NIMH Data Archive (NDA) Data Dictionary and to submit validated data to the NDA database.

Scope

This procedure applies to all individuals submitting data as described in the Terms and Conditions of the Data Submission Agreement. This procedure requires that users complete SOP-02 Data Submission Privilege Request, and they harmonize their data with the NDA Data Dictionary as described in SOP-05A Contributor Quality Assurance and Quality Control.

NDA holds biannual submission periods between December 1 and January 15, and between June 1 and July 15 of each year. Data can be submitted at any time.

Procedure 1: Validation of Data

Prior to submission of data, contributing users will make use of a tool provided by NDA to validate that the data are consistent with the associated structures in the NDA Data Dictionary.

To validate through a web browser:

  1. The user visits the web location of the NDA’s Validation and Upload Tool.
  2. The user selects the data files intended for submission. Any number of files can be submitted in one submission package, and all files must be in a CSV or TXT formatted NDA Submission Template that is associated with a valid NDA Data Dictionary structure.
  3. The tool provides the user with a report of the validation results.
  4. The validation results report both errors and warnings for each affected data element and record number within the data files:
    1. Errors: Discrepancies between the Data Dictionary structure and the data file that must be resolved before data can be submitted.
    2. Warnings: Aspects of the file which may require attention, or do not conform to best practices, but will not affect the submission of the data.
  5. The user is responsible for resolving errors produced in the validation report by correcting the file or contacting NDA to resolve any issues in the Data Dictionary.
  6. If the user is uploading data with associated files (e.g. DICOM images), they will add those files to the tool, which will match them to associated records in the data.

To validate through a web service:

The NDA Validation Web Service used by the browser-based tool is also available to contributors for use with applications of their own. This is a RESTful interface for validating a data structure before submission to NDA. Documentation is available here: https://ndar.nih.gov/api/validation/swagger-ui.html.

Procedure 2: Submission of Data

Submitting through a web browser

  1. Once a set of files has passed validation, the browser-based tool will allow the user to proceed with the creation of a submission package for those validated files.
  2. The user must log in to the tool after a successful validation session.
  3. The user selects a destination for their submission package from a list of their available NDA Collections or other endpoints.
  4. The user names the package. The name will appear in their NDA Collection as the title of the Submission and is also what secondary data users will see when accessing the NDA Collection data. Users should name their submission packages as specifically as possible.
  5. The user provides a description of the package contents. The description will be seen by NDA staff and not by secondary data users.
  6. The user confirms that no Personally Identifiable Information is included in the package.
  7. The user initiates the upload through the tool.

Submitting through a web service:

The submission web service used by the web browser-based tool is also available to contributors for use with their own applications. This is a RESTful interface for creating a submission package for multiple data files that have successfully passed validation. Documentation can be found here: https://ndar.nih.gov/api/submission-package/swagger-ui.html.

^ top of page