Skip to Main Content

Creating an NIH Data Management and Sharing Plan

This guide presents information on the NIH Data Management and Sharing Policy, which requires submission of a Data Management and Sharing Plan (DMSP) for all NIH-supported research.

Describe Plans to Protect Privacy and Participant Confidentiality

There are multiple ways in which study participant privacy and confidentiality should be protected throughout the life of a project. Protective measures can be described in the Data Management and Sharing Plan (DMSP), including informed consent procedures, data de-identification procedures, and plans to respect applicable federal, Tribal, state, and local laws, regulations, and policies.

  • The informed consent process can be designed with data sharing as part of the consent, hence eliminating the need for re-consenting for data sharing. The NIH has released a new resource on developing informed consents to facilitate data/biospecimen storage and sharing for future use. 
  • The plan can outline that Northwestern templates for informed consent will be used, with data sharing clauses included
  • Note any Certificates of Confidentiality or Data Use Agreements that you anticipate will be involved in the project
  • Note restrictions that will be placed on data sharing in order to respect applicable federal, Tribal, state, and local laws, regulations, and policies

Data De-Identification:

For data involving human subjects, DO NOT deposit or share data that contains personal identifiers, or that can be re-identified based on triangulation or other methods. If you plan to share a subset of data that originally contained PII (personally identifiable information), outline how you will undertake to de-identify the data and prevent re-identification in your Data Management and Sharing Plan (DMSP). Data de-identification plans are ultimately the responsibility of the Primary Investigator (PI).

Data Protection Practices throughout the Research Data Lifecycle

This image, based on DataONE's Data Lifecycle, shows the data confidentiality, de-identification, and legal and regulatory considerations surrounding research data sharing and re-use, and the key points in research projects when these considerations should be addressed.