NIH data security requirement updates go into effect January 25, 2025.

The National Institutes for Health (NIH) has made significant updates to its policy related to data security requirements for researchers wishing to access or renew access to human genomic data stored in certain NIH controlled-access data repositories, such as dbGaP. See the list of the 20 impacted databases.

Effective January 25, 2025, researchers and their institutions will need to "attest" that institutional IT systems used to access and/or store these data meet NIST cyber security standards (NIST SPT 800-171). 

If you have any questions about whether the data you are requesting or renewing are subject to enhanced data security requirements, please contact Sharon Taraska, Interim Associate Director of Contracts for OSP, at slt2ha@virginia.edu. 

Technical questions relating to your data storage and use in connection with any of these databases, can be directed to Andrew Strumpf, Data Manager, in Research Computing – Data Analytics Center, at as9qn@virginia.edu.