Data Submission Request
cdRNS Data Science Platform Data Submission Request
The cdRNS Operations team and NINR Program staff approves submission of data to the cdRNS Data Science Platform. The cdRNS Operations team will review the Data Science Platform Data Submission Request and will decide whether to permit the submission based on the expectations outlined in the cdRNS policy. In the event that submissions raise concerns related to privacy and confidentiality, risks to populations or groups, or other concerns, the cdRNS Operation team and the NINR Program staff will consult with other experts as appropriate. In unusual circumstances, when people are denied approval to submit data, appeals may be sent to the cdRNS Policy Committee.
Submitters may use this Data Science Platform Data Submission Request to submit data to cdRNS and for subsequent analysis with cdRNS tools by the Submitter. The request document is subject to approval by the cdRNS Operations team and the NINR Program staff. Completing this Data Science Platform Data Submission Request is a necessary step to submit data to cdRNS. Access to other data within cdRNS for analysis purposes may be subject to the cdRNS Data Science Platform Data Access Request and procedures.
Steps to Request to Submit Data to cdRNS
- Contact NIH through NINR-BRICS-OPS@mail.nih.gov to set up an introductory phone call to begin planning for data submission. The cdRNS staff will discuss with investigators a) data submission expectations; b) supporting materials submission expectations; c) data access preferences; d) technical specifications; and e) data accuracy as it relates to cdRNS. To provide ample time to resolve technical and other issues, grantees should contact the cdRNS Operations team at least one month before the start of data collection for the research project.
- Review the capabilities of cdRNSat https://cdrns.nih.gov/policies
- If cdRNS can accommodate the data per discussions with the cdRNS staff, read the cdRNS Data Science Platform Data Submission Agreement (SA) and complete and sign the SA on the Submitter Information and Certifications form (below).
- Request a cdRNS portal account under the “Request an Account” tab. W hen creating an account, request access to submit data to cdRNS (Study Privilege). Requests for access to the Global Unique Identifier (GUID) client software may be submitted at this time.
- When requesting to create a Study in cdRNS, submit the Data Submission Agreement (SA).
- Data submission review: The cdRNS operations and NINR Program staff will review requests to submit data to the cdRNS Data Science Platform. Such reviews are generally completed within 10 business days.
- The cdRNS operations and NINR Program Staff will notify cdRNS staff if the submission request has been approved and an account will then be provided.
Once a Submitter has permissions to submit data to cdRNS, he or she should follow the steps for data submission as defined at https://cdRNS.nih.gov.
Data Submission Agreement for the Common Data Repository for Nursing Science
I request approval to submit data to the Common Data Repository for Nursing Science (cdRNS) Data Science Platform for the purpose of sharing data for research purposes. I agree to the following terms:
- Research Project. These data will be submitted solely in connection with the "Research Project", specifically indicated and described in the Submitter Information and Certifications section.
Data submitted to cdRNS may be made available by NIH and NINR for either collaborative research (i.e., to accelerate research on ongoing studies) or general research purposes (i.e., meta-analyses and other secondary uses of the data).
This Submission Agreement (SA) covers only the Research Project as contemplated in the Submitter Information and Certifications section. Submitter will submit a completed SA (this document) for each research project for which submission is requested.
- Non-transferability of Agreement. This SA is not transferable. Submitter agrees that substantive changes Submitter makes to the Research Project requires execution of a new SA, in which the new Research Project is designated. If the Submitter changes institutions and wishes to retain submission privileges to cdRNS, a new SA in which the new institution acknowledges and agrees to the provisions of the SA is necessary.
- Use of NIH Global Unique Identifier Client and NINR Common Data Elements. Submitter has used the software program provided free-of-charge by NIH to assign GUIDs to each participant as described in the Policy for the cdRNS Data Science Platform (cdRNS Policy) (https://cdrns.nih.gov/) and have re-sorted the data according to the GUID. Submitter also agrees to use the cdRNS Common Data Elements as appropriate for their research. NINR program staff will work with researchers to map their study variables to specific CDEs. NINR Program will also work with PIs to ensure that the forms they use are correct. See page 6 for more information on the generation of GUID and the tool used.
- Non-Identification of Subjects. Submitter agrees the data have been ‘de-identified’ according to the following criterion: the identities of subjects cannot be readily ascertained or otherwise associated with the data by the repository staff or secondary data users. Submitter further agrees not to disclose the identities of research participants to cdRNS in the future and to verify that data lack identifiers after submission. Submitter agrees to notify cdRNS as soon as possible if, upon review of cdRNS data, the Submitter discovers identifying information in that data. Studies with 10 Subjects or less will be suppressed or aggregated according to the guidelines described in Federal Committee on Statistical Methodology (2005) Statistical Policy Working Paper 22 (2nd version). Washington: Office of Management and Budget, 128 pp, https://www.health.nsw.gov.au/hsnsw/Publications/privacy-small- numbers.pdf.
- Data Disclaimers. Submitter agrees that NINR and NIH do not and cannot warrant the results that may be obtained by using any data or data analysis tools included in cdRNS. NINR and NIH disclaim all warranties as to the accuracy of the data in cdRNS or the performance or fitness of the data or data analysis tools for any particular purpose.
- Supporting Materials. Submitter agrees to provide cdRNS with supporting information and documentation (“Supporting Materials”) to enable efficient use of the submitted data by investigators unfamiliar with the data. For example:
- Study title
- Estimated number of Subjects
- Estimated Start Date
- Estimated End Date
- Data Accuracy. Submitter certifies to the best of his/her knowledge and belief that the data submitted to cdRNS are accurate. Submitter also agrees to perform the specified quality control activities within a timeframe specified by the cdRNS Policy (see above). Submitter further agrees to notify cdRNS as soon as possible if, upon review of cdRNS data, the Submitter discovers data quality concerns.
- Data Access for Research. Submitter agrees that data and Supporting Materials submitted to cdRNS may be accessed and used broadly by qualified researchers for research and other activities as authorized by and consistent with law. This access may result in duplication of research data. Data will be shared after one (1) year of the research project end date.
- Non-Research Access. Submitter acknowledges that data and Supporting Materials submitted to cdRNS become U.S. Government records that are subject to the Freedom of Information Act (FOIA). NINR and NIH are required to release Government records in response to (FOIA) requests unless they are exempt from release under one of the FOIA exemptions. Submitter further acknowledges that data and Submitting Materials may be used or released consistent with law.
- Acknowledgments. In any and all publications based upon dataset(s) submitted to cdRNS, Submitter agrees to cite cdRNS, the relevant cdRNS dataset identifier (a serial number), and the Submitters’ federal research funding sources in each publication to which such datasets contribute (for abstracts, as space allows). The publication should include the following acknowledgement:
Data used in the preparation of this article reside in the National Institute for Nursing Research (NINR) and National Institutes of Health (NIH)-supported Common Data Repository for Nursing Science (cdRNS) in [dataset identifier]. This manuscript reflects the views of the authors and does not reflect the opinions or views of the NINR or the NIH.
Submitter agrees to acknowledge the contribution of the cdRNS data science platform in any and all oral and written presentations, disclosures, and publications resulting from substantive analyses of data using cdRNS tools. The manuscript should include the following acknowledgement or similar other language:
Data and/or research tools used in the preparation of this manuscript were obtained and analyzed from the controlled access datasets distributed from the NINR cdRNS collaborative data science platform.
Dataset identifier (DOI): [provide].This manuscript reflects the views of the authors and does not reflect the opinions or views of the NINR or NIH.
If the Research Project involves collaboration with Submitters or cdRNS staff then Recipient will acknowledge Submitters as co-authors, if appropriate, on any publication. In addition, Recipients agree to include a reference to cdRNS system datasets analyzed and to cite cdRNS and the federal funding sources in abstracts as space allows.
- Non-Endorsement; Liability. Submitter agrees not to claim, infer, or imply endorsement by the United States Government, the Department of Defense, the Department of Health & Human Services, or the National Institutes of Health of the Research Project, the entity, or personnel conducting the Research Project or any resulting commercial product(s). The United States Government assumes no liability except to the extent provided under the Federal Tort Claims Act (28 U.S.C. § 2671-2680).
- Submitter's Compliance with Institutional Requirements. Submitter acknowledges that these data were collected in a manner consistent with all applicable laws and regulations, as well as institutional policies. Submitter further acknowledges that the data were collected pursuant to an informed consent that is not inconsistent with the data submission, and that the data submitted were collected in accordance with NIH and NINR regulations, or applicable foreign law concerning the protection of human subjects, and other applicable U.S. federal and state laws, if any.
- Submitter’s Permission to Post Information Publicly. Submitter agrees to permit NINR and NIH to summarize and release for public use on the cdRNS Web site the Supporting Materials along with the Submitter’s name and organizations/institutional affiliation.
- Privacy Act Notification. The Submitter agrees that information collected from the Submitter, as part of the SA, may be made public in part or in whole for tracking and reporting purposes. This Privacy Act Notification is provided pursuant to Public Law 93-579, Privacy Act of 1974, 5 U.S.C. Section 552a.Authority for the collection of the information requested below from the Submitter comes from the authorities regarding the establishment of the National Institutes of Health, its general authority to conduct and fund research and to provide training assistance, and its general authority to maintain records in connection with these and its other functions (42 U.S.C. 203, 241, 289l-1 and 44 U.S.C. 3101), and Section 301 and 493 of the Public Health Service Act. These records will be maintained in accordance with the Privacy Act System of Record Notice 09-25-0200 (http://oma.od.nih.gov/ms/privacy/pa- files/0200.htm) covering “Clinical, Basic and Population-based Research Studies of the National Institutes of Health (NIH), HHS/NIH/OD.” The primary uses of this information are to document, track, and monitor and evaluate the submission of data from clinical, basic, and population-based research activities and to notify Submitters in the event a potential error in the dataset is identified or in the event of updates or other changes to the database.
The Federal Privacy Act (https://www.hhs.gov/foia/privacy/index.html) protects the confidentiality of the Submitter’s NIH and NINR records. NINR and NIH will use the data collected for the purposes described above. In addition, the Act allows the release of some information in the Submitter’s records without the Submitter’s permission; for example, if it is required for national security.
- Security. Submitter acknowledges the expectations set forth by the attached “cdRNS Information Security Best Practices” for the use and security of data.
- Amendments. Amendments to this SA must be made in writing and signed by authorized representatives of both parties.
- Termination. Either party may terminate this SA without cause when provided 30 days written notice to the other party. cdRNS will retain a copy of all data already submitted to cdRNS for which data quality activities have been completed, except in the event that research participants withdraw consent for sharing of their data through the cdRNS repository and NINR and NIH are informed by the Submitter to withdraw the data. Submitters agree to immediately report violations of cdRNS Policy to the cdRNS Operations and NINR Program staff. Additionally, NINR and NIH may terminate this agreement with 5 days written notice if the agencies determine, in their sole discretion, that the Submitter has committed a material breach of this SA. The agencies may, in their sole discretion, provide Submitter with 30 days’ notice to remedy a breach before termination. Closed accounts may be reactivated upon submission of an updated Submission Request and SA.
- One-Year Term and Access Period. Researchers who are granted permission to submit data to cdRNS receive an account that is valid for a period of one year. This SA will automatically terminate at the end of one year. An account may be renewed upon recertification of a new SA. Accounts that remain inactive for 12 consecutive months may be closed at the discretion of NINR and NIH.
cdRNS Information Security Best Practices
The purpose of these Security Best Practices, which are subject to applicable law, is to provide minimum security standards and best practices for individuals who use cdRNS to submit, access, and analyze data. Keeping cdRNS information secure through these best practices is important. Subject to applicable law, Submitters agree to immediately report breaches of data confidentiality to the cdRNS Operations and NINR Program staff.
- Do not attempt to override technical or management controls to access data for which you have not been expressly authorized.
- Do not use your trusted position and access rights to exploit system controls or access data for any reason other than in the performance of the proposed research.
- Ensure that anyone directed to use the system has access to, and is aware of, cdRNS Information Security Best Practices and all existing policies and procedures relevant to the use of cdRNS, including but not limited to, the cdRNS policy at https://cdrns.nih.gov/
- Follow the cdRNS password policy which includes:
- Choose passwords of at least seven characters including at least three of the following types of characters: capital letters, lower case letters, numeric characters and other special characters.
- Change your passwords every six months.
- Protect your cdRNS password from access by other individuals—for example, store it electronically in a secure location.
- Notify cdRNS staff at NINR-BRICS-OPS@mail.nih.gov of security incidents, or any incidents of suspected fraud, waste or misuse of cdRNS or when access to cdRNS is no longer required.
- Protect the data, providing access solely to authorized researchers permitted access to such data by your institution.
- Neither store nor transmit links between personally identifiable information and GUIDs.
- When you download cdRNS data, download the data to a secured computer or server with strong password protection.
- For the computers hosting cdRNS data, ensure that they have the latest security patches and are running virus protection software.
- Make sure the data are not exposed to the Internet or posted to a website that may be discovered by Internet search engines, such as Google or MSN.
- If you leave your office, close out of data files or lock your computer. Consider the installation of a timed screen saver with password protection.
- Avoid storing data on a laptop or other portable medium. If storing data on such a device, encrypt the data. Most operating systems have the ability to natively run an encrypted file system or encrypt portions of the file system (Windows = EFS or Pointsec and Mac OSX = File Vault).
- When finished using the data, destroy the data or otherwise dispose of them properly.
Global Unique Identifier (GUID Tool)
The GUID Tool is a customized software application that generates a Global Unique Identifier for each study participant. The GUID is a subject ID that allows researchers to share data specific to a study participant without exposing personally identifiable information (PII). The GUID is made up of random alpha-numeric characters and is NOT generated from PII/PHI. As such, it has been approved by the NIH Office of General Counsel. GUID Generation complies with HIPPA regulations for the protection of PII/PHI.
In order to submit data to cdRNS, the system expects all prospective studies to include a GUID in the data submission. For retrospective studies, the cdRNS team understands that the participant data needed to generate a GUID may not be available. To account for this, cdRNS provides the capability to generate pseudo-GUIDs. However, submitting data with pseudo-GUIDs silos the associated research data from the other data associated with valid GUIDs.
The process for generating a GUID is listed below:
- User/Researcher executes the GUID tool client locally
- PII is entered (double data entered and checked)
- PII is combined and one-way hash codes are generated
o PII cannot be extracted from these hash codes, they are strictly one-way hash algorithms
- The one-way hash codes are sent to the GUID server
- If the hash codes match the server's hash codes for an existing GUID, then that GUID is returned
- If the hash codes do not match, then a new random GUID is generated and returned
The GUID process has two important attributes:
- PII is never sent to the cdRNS system
- The GUID is a random number not generated from PII/PHI
In order to generate a GUID for a subject, the following PII is required:
- Complete legal given (first) name of subject at birth
- Complete legal additional name of subject at birth (If the subject has a middle name)
- Complete legal family (last) name of subject at birth
- Day of birth
- Month of birth
- Year of birth
- Name of city/municipality in which subject was born
- Country of birth
In order to generate a GUID for a subject, the following PII is optional:
- Physical sex of subject at birth
- Government Issued or National ID Number
- Country issuing Government-Issued or National ID