Pre-Submission: Meet Minimum Credentials to Apply For Access
NIH requires anyone interested in using controlled-access genomic data to meet minimum qualifications and to apply for access to the data. If the request is approved, the investigator will be allowed to access the dataset for one year, with the option to renew.
Those eligible to apply for data access must be a permanent employee of their institution and either:
- At a level equivalent to a tenure-track professor, or
- Senior scientist with responsibilities that may include laboratory or research program administration and oversight.
Laboratory staff and trainees such as graduate students and postdoctoral fellows are not permitted to submit data access requests in dbGaP. However, they may be part of projects using such data when the projects are overseen by an eligible user.
In addition, submitting a data access request through dbGaP requires the appropriate system credentials:
- Investigators not affiliated with NIH must have an eRA account to access dbGaP.
- NIH intramural investigators may use their NIH credentials to access dbGaP, but must first obtain permission from their Institute or Center. Investigators should follow the instructions contained in the Permission Form for NIH Staff Access to Controlled-Access Data in dbGaP to fill out and submit the form to the appropriate supervisors.
Step 2: Investigator Submits Data Access Request in dbGaP
Eligible investigators interested in obtaining a controlled dataset should watch the Instructional video on applying for controlled access data, and consult the Tips on Preparing a Successful Data Access Request.
- Note that for collaborations between multiple institutions, the investigator(s) at each institution must submit a separate data access request and receive approval before data may be accessed. Each institution is ultimately responsible for the oversight of its investigator's management and use of the data.
- Investigators wishing to access HeLa cell whole genome sequence data should review the Special Instructions for Preparing a Research Use Statement for Requesting Access to HeLa Cell Genome Sequence Data in dbGaP.
Step 3: Signing Official Reviews, Approves, and Co-signs Request
Once a data access request is submitted in dbGaP, it is automatically routed to the investigator's institutional Signing Official (SO) for review, approval, and co-signature.
Step 4: Data Access Committee Reviews Request
Once the SO approves and signs the data access request, the system forwards the data access request to the appropriate NIH Data Access Committee(s) (DAC) for review.
- See the NIH Data Access Committee(s) (DAC) contact list.
The DACs review all access requests for human genomic datasets distributed through dbGaP to ensure the data access request complies with the NIH GDS policy, any IC or program-specific requirements, and any limitations or restrictions on data use. Each dataset has an associated DAC.
Based on their review, DACs approve or reject data access requests, or return data access requests for revision.
The DAC may ask for more information from the investigator requesting data if the proposed research is inconsistent with any applicable data use limitations, if the research intent is unclear, or if there is concern about potential harm (e.g., stigmatization) to groups or populations.
If the data access request is approved, investigators will receive an email with instructions on accessing the data (for details on accessing data, see Step 5).
If a data access request is rejected, the DAC provides a comment to the investigator describing the reason for the rejection. The investigator will need to make any necessary changes and resubmit the project.
- Resubmitting: Investigators who wish to revise and resubmit a data access request should consult instructions on how to revise and resubmit an existing dbGaP project.
- Understanding Rejection: For more details on why a data access may have been rejected, read the Most Common Reasons for Rejection of Data Access Requests below for additional information.
Step 5: Access Data
Investigators and their institutions are responsible for safeguarding the accessed datasets. They must also adhere to the terms of access described in the Data Use Certification (DUC) Agreement and the Genomic Data User Code of Conduct that were signed as part of the data access request. Learn more about expectations for responsible data use for dbGaP approved users.
Once approved, investigators will be able to access the data for one year. Prior to the expiration of the one-year access period, investigators must submit a project renewal or close-out report, describing the progress made on the approved research project.
Users who wish to download data should consult the dbGaP Download Guide for instructions.
Step 6: Complete Annual Reporting and Renew Project (OPTIONAL)
After one year, an annual report on the project is expected. In addition, if an investigator anticipates needing access to data for more than one year from the date of approval, he or she will need to submit a renewal request. To learn more about how to submit a renewal request, view this dbGaP video tutorial on project renewals.
Step 7: Complete Annual Reporting and Close Out Project
After one year, an annual report on the project is expected. In addition, an investigator may close out their project at any time, but must do so at the end of the one-year access period unless they submit a renewal. Failure to submit a renewal or to complete the close-out process, including confirmation of data destruction by the Institutional Signing Official, may result in suspension of the PI and all associated personnel and collaborators from submitting new access requests for a period of time.
To learn how to properly close out a project, view this dbGaP video tutorial on project close-outs.
Understanding dbGaP Review Status Designations
During the submission process, investigators can track the status of their submitted data access request through the dbGaP Authorized Access Portal.
The following are commonly seen status designations:
|SO review||The data access request is with the investigator’s institutional signing official (SO) for review.|
|DAC review||The data access request is under review by the assigned DAC.|
|Approved Granted||DAC approval had been granted and dataset may be accessed.|
|Approved Expired||The approval period for an approved data request has expired (a project close out or renewal request should have been filed prior to expiration date).|
|Rev. Requested Granted||The DAC may request a revision if the data access request is incomplete or unclear. The investigator will need to revise the project accordingly and resubmit. See instructions on how to revise and resubmit an existing dbGaP project.|
|Rev. Requested Expired||The DAC may request a revision if the data access request is incomplete or unclear. The investigator will need to revise the project accordingly and resubmit. See instructions on how to revise and resubmit an existing dbGaP project.|
|Rejected||DAC approval has not been granted. Investigators will need to make appropriate revisions and resubmit the data access request.|
|To review||The institutional Signing Official has not approved and signed the data access request and is sending it back to the PI for revision and resubmission.|
Most Common Reasons for Rejection of Data Access Requests
The Institutional Review Board (IRB) approval letter does not satisfy requirements
- Some datasets require local IRB approval for use, as noted on the dbGaP study page. Check the study page carefully and follow all requirements.
The Research Use Statement in the request is not consistent with the data use limitations assigned to
- To understand data use limitations on datasets, please review the Restrictions on Data Access and Data Use that can be placed on datasets.
Personnel errors (for example: requestor is not the PI, collaborators are from different
information technology (IT) director is not identified; PI has identified him/herself as the signing official or
the IT director for the project)
- For all non-intramural investigators, dbGaP receives information on the signing official through eRA. Investigators should configure their eRA account accordingly.
- In addition, the signing official's and IT director's emails must be from their organization, instead of a personal email address (for example, a personal gmail address.)
- For more information on who may request data from dbGaP, check the minimum credentials to apply for access. For more information on dbGaP’s requirements for signing officials and IT directors, see How Can I Find the SO and IT Director for My dbGaP Project?