NIH Requests Public Input on New Human Data Protection Policies

The National Institutes of Health (NIH) is seeking public comment on a proposed update to its human research data policies, including a new NIH Controlled-Access Data Policy and revisions to the NIH Genomic Data Sharing (GDS) Policy. According to the request for information (RFI), the goal is to strengthen privacy and security protections, clarify requirements, and reduce duplicative burdens across NIH programs.

The proposed Controlled-Access Data Policy would define which human participant data must be shared through controlled-access systems, including personal identifiers, genomic and other “omics” data, health and financial information, facial imaging, and individual-level clinical trial data. It would also establish consistent security and operational standards for repositories managing these data.

NIH also proposes updates to the GDS Policy to better align it with newer NIH data sharing rules. Key changes include limiting the policy to human genomic data, simplifying the definition of “large-scale” studies (100 or more individuals), standardizing requirements across NIH, streamlining data sharing timelines, and modernizing consent, de-identification, and repository practices.

NIH invites feedback on the proposed policies by March 18, 2026.