Office of Research Data Governance and Privacy

NIH Data Management and Sharing Policy - FAQ's

* Additional guidance : See "6 Things You Need to Know" at the bottom of this page

What is the NIH Data Management and Sharing Policy?

The Final NIH Policy for Data Management and Sharing (DMSP) (NOT OD- 21013) is a set of requirements and guidelines related to the management and sharing of research data generated by work funded wholly or partially by the National Institutes of Health. This policy applies to all proposals received after January 25th, 2023 that result in the generation of scientific data.

Core requirements are:

  1. The inclusion of a Data Management and Sharing Plan (also called a DMSP) in proposals that result in the generation of scientific data.
  2. Compliance with the terms of the DMSP as approved by the appropriate NIH institute, center, or office (ICO), which the policy designates as responsible for monitoring compliance.

The DMSP is foundational. Individual NIH Institutes and Centers may add additional requirements.  Researchers should monitor ICO's for supplemental guidance, forms, and templates.

NIH strongly encourages the use of established repositories secondary uses by the research community and general public and to maximize such uses where appropriate subject to considerations associated with privacy, security and ELSI (Ethical, Legal, and Social Implications).

There is an expectation that data management and institutional processes adhere to FAIR (Findable Accessible Interoperable Reusable) data principles over the lifecycle of data --from acquisition to final disposition.

And the policy expresses a preference for use of persistent identifiers or other standard indexing to track data. 

Read More: The Final NIH Policy for Data Management and Sharing

What is a Data Management and Sharing Plan (DMSP)?  And what does it say about privacy?

A DMSP is a two-page document included in applicable NIH proposals that prospectively describes how a research team intends to manage, preserve, and share the scientific data associated with the proposed work. Researchers are advised to

  1. take a lifecycle view of data from acquisition to final disposition
  2. curate data for deposit in an appropriate repository for secondary uses
  3. and incorporate by design any applicable privacy, security and ELSI (Ethical, Legal and Social Implications) principles.

Read More: Implementation Details for the NIH Data Management and Sharing Policy

What are the essential elements of a Data Management Plan (DMP)?

The following six elements should be addressed in a data management and sharing plan.

  1. Data Types: A description of the types and estimated amount of scientific data that will result from NIH-funded or conducted research, which scientific data will be preserved and shared, and the rationale for these decisions.
  2. Related Tools, Software and/or Code: An indication of whether specialized tools are needed to access or manipulate shared data to support replication or reuse, and name(s) of the needed tool(s) and software.
  3. Data Standards: An indication of what standards, if any, will be applied to the scientific data and associated metadata to be collected. This including data formats, data identifiers, definitions, unique identifiers, and other data documentation.
  4. Data Preservation, Access, and Associated Timelines: An indication of the timelines for data preservation and access.
  5. Data Sharing Agreements, Licenses, and Other Use Limitations: NIH encourages the broadest use of scientific data resulting from NIH-funded or conducted research, consistent with privacy, security, informed consent, and proprietary issues.
  6. Oversight of Data Management: An indication of the individual(s) who will be responsible for executing various components (e.g., data collection, data analysis, data submission) of the Plan over the course of the research project and the roles of the individual(s) in data management, and a description of the appropriate expertise for oversight.

Please note that individual centers, offices, and calls for proposals may have specific requirements about how these elements should be addressed such as the use of specific repositories for secondary uses.

While a specific format is not required, the Stanford DMP Service recommends describing each of the six elements above in discrete sections if possible.

Read More: Elements of an NIH Data Management and Sharing Plan

What data needs to be shared under the DMS Policy?  And what does the policy say about privacy?

While there is no specific requirement to share share data, NIH expects prospective planning for appropriate secondary uses.  Specifically, NIH has stated that researchers should “maximize the appropriate sharing of scientific data generated from NIH-funded or conducted research, consistent with privacy, security, informed consent, and proprietary issues.”

Please refer to the definitions of “scientific data” and “data sharing” below for additional context. The policy does not state that all data needs to be shared openly, meaning without restriction on who can reuse the data and for what purpose. However, restrictions on data sharing need to be outlined in the data management and sharing plan.

Regarding privacy, NIH recommends

  1. that research participants be told in plain language "what is expected to happen to their data" and "any limitations of subsequent use of data" in the informed consent process;
  2. that "any limitations on the subsequent use of data (which may apply to non-human data as well) should be communicated to those individuals and entities preserving and sharing the scientific data" so that factors affecting subsequent use may travel with the data
  3. and researchers are advised to consider how data derived from humans should be controlled, even if de-identified and lacking any specific limitations on subsequent use.

NIH also views privacy as closely related to security controls protecting data, especially sensitive data types.  Therefore, researchers should consult the IRB, Information Security Office and apply MinSec and MinPriv controls corresponding to research data's risk classification per Stanford policy.

Read More: Protecting Privacy When Sharing Human Research Participant Data 

What costs can be included/not included in a funding application?

NIH will allow researchers to add reasonable costs related to data management and sharing in their proposals.  These costs should be budgeted over the course of the award, including deposit in a repository for secondary uses or final destruction or archiving.

Allowable costs include the following categories:

  1. Curating data and developing supporting documentation
  2. Local data management considerations
  3. Preserving and sharing data through established repositories

Read More: Allowable costs for data management and sharing

What help is available?

A constellation of expert service providers is available to help researchers at Stanford navigate the data-related policies and expectations that apply to them and their data, including the NIH Data Management and Sharing Policy.

The Stanford DMP Service provides a single point of entry for getting assistance writing data management and sharing plans and, when necessary, referring questions to other services available on campus, such as those within the libraries, the Quantitative Sciences Unit (QSU), and the Stanford Program on Rigor and Reproducibility (SPORR).

Read More: Preparing for the NIH Data Management and Sharing Policy


Terms and Definitions

Scientific Data - NIH defines 'Scientific Data' in the DMSP as:

  • The recorded factual material commonly accepted in the scientific community as of sufficient quality to validate and replicate research findings, regardless of whether the data are used to support scholarly publications.
  • Scientific data do not include laboratory notebooks, preliminary analyses, completed case report forms, drafts of scientific papers, plans for future research, peer reviews, communications with colleagues, or physical objects, such as laboratory specimens.
  • NOTE: Stanford University’s definition of research data can be found in the Research Policy Handbook (RPH 1.9), which notably includes laboratory notebooks.

Data Management - The process of validating, organizing, protecting, maintaining, and processing scientific data to ensure the accessibility, reliability, and quality of the scientific data for its users.

  • NOTE: Data management encompasses strategies and practices related to ensuring the usability of datasets. These can be as basic as backing up datasets (and related materials) so they are not lost or as complex as efforts to ensure a research workflow is fully reproducible.

Data Sharing - The act of making scientific data available for use by others (e.g., the larger research community, institutions, the broader public), for example, via an established repository.

  • NOTE: Not all data sharing is “open”, where data is made available without restriction. Sharing data via established repositories is recommended. But other mechanisms for making data available may be more appropriate, depending on the characteristics of the dataset.

FAIR - A set of guiding principles that state that data should be findable, accessible, interoperable, and reusable. These principles address the usability of datasets that are ostensibly available to others.

Open Science - An umbrella term that covers a variety of efforts focused on making scientific research more transparent and accessible.


What is DMPTool?

DMPTool is a platform for writing effective data management plans, including NIH data management and sharing plans. Available free of charge, DMPTool includes templates, guidance, and links that have been created by data management experts at and beyond Stanford.

Researchers are not required to use DMPTool to create data management and sharing plans, however, the tool is recommended by Stanford DMP Service.

After the policy is implemented (and with the requisite permissions), the Stanford DMP service may share selected DMSPs from funded proposals with the Stanford community through the DMPTool.

Do I need to share all of my data openly?

Not necessarily. In writing their DMSPs, researchers are expected to “maximize the appropriate sharing of scientific data generated from NIH-funded or conducted research, consistent with privacy, security, informed consent, and proprietary issues.”

This is not an explicit requirement to share data openly, meaning without restriction on who it is shared with and for what purpose. Rather, it is an acknowledgment that, because of certain ethical, legal, and social issues, not all data can be shared openly or even shared at all.

Any restrictions on data sharing should be reflected in the data management and sharing plan.

NIH has given the following as examples of why data may not be shared.

  1. Informed consent will not permit or will limit the scope or extent of sharing and future research use. 
  2. Existing consent (e.g., for previously collected biospecimens) prohibits sharing or limits the scope or extent of sharing and future research use. 
  3. Privacy or safety of research participants would be compromised or place them at greater risk of re-identification or suffering harm, and protective measures such as de-identification and Certificates of Confidentiality would be insufficient. 
  4. Explicit federal, state, local, or Tribal law, regulation, or policy prohibits disclosure. 
  5. Datasets cannot practically be digitized with reasonable efforts.
How does the DMS policy affect other data-related policies at NIH?

The DMS policy provides a foundation for which individual institutes, centers, and calls for proposals can develop more specific policies.

In general, the DMS policy is complementary to other data-related policies at NIH. For example, researchers doing work covered by the Genomic Data Sharing Policy do not have to complete parallel GDSPs and DMSPs. Instead, the material previously covered by the GDSP will not be included in the DMSP.

Read More: NIH Institute and Center Data Sharing Policies


What about data policies at different funders?

As of now, the DMS policy applies to only research funded by NIH. However, as outlined in a memo in August 2022 from the Office of Science and Technology Policy (OSTP), other federal agencies will be proposing and adopting policies and requirements related to the sharing of the products of federally funded research (e.g. peer-reviewed articles, datasets) in the coming years.

Read More: Ensuring Free, Immediate, and Equitable Access to Federally Funded Research

Do I need to write broad or unrestricted data sharing into informed consent documentation?

Not necessarily. The DMS policy encourages researchers to plan for how data management and sharing will be reflected in informed consent documents but does not expect that informed consent given by participants will be obtained in any particular way.

NIH is currently developing resources to assist in drafting consent language for the sharing of research participants’ data. Researchers at Stanford should check in with the Institutional Review Board and Office of…

What happens in the case of a no-cost extension?

In the case of a no-cost extension, data management and sharing-related requirements are extended to the end of the extended performance period.

Read NIH FINAL Data Management and Sharing Policy- 6 Things You Need To Know!

Contact Us


408 Panama Mall
Stanford ,CA  94305
United States