Skip to main content

Data Use Policy

I. Introduction

The National Institutes of Health (NIH) has supported data collection from participants in numerous clinical trials and epidemiologic studies as part of approved protocols under the Rare Diseases Clinical Research Network (RDCRN). These data from well-characterized population samples constitute an important scientific resource. It is the view of the NIH that their full value can only be realized if they are made available, under appropriate terms and conditions consistent with the informed consent provided by individual participants, in a timely manner to the Rare Diseases Community and the largest possible number of qualified investigators. Accordingly, the RDCRN has adopted a Data Sharing Policy (Appendix A) establishing the criteria and mechanisms for data sharing among investigators within the Rare Diseases Network (RDN) and with the general scientific community.

The Brittle Bone Disorders Consortium (BBD) created this document as a companion piece to the RDCRN Data Sharing Policy. It establishes policies and procedures that the BBD will follow when sharing data within and outside of the Consortium.

II. Scope

This policy addresses how data generated by the Brittle Bone Disorders Consortium (BBD) is to be used.

III. Definitions

Commercial Purpose–Data will be considered as being for a commercial purpose if they are to be used by an investigator who is an employee of a for-profit organization, if they are to be used by an investigator as the basis for a consulting relationship with a for-profit organization. Data will also be considered as being for a commercial purpose if the investigator(s) take any affirmative steps to facilitate commercial use of results derived from data.

Data–In this policy, the term data refers to data generated by the BBD and maintained by the Data Management and Coordinator Center at the University of South Florida.

Data Use Agreement (DUA)- HIPAA allows a researcher who wishes to use a limited data set to enter into an appropriate "data use agreement" with a covered entity providing the limited data set without an authorization or a waiver of authorization from an IRB or Privacy Board. The agreement must list the permitted use and disclosures of the PHI being used and require that the researcher will:

  • Use appropriate safeguards for the information.
  • Not use or further disclose the information other than as agreed or as required by law.
  • Report any uses/disclosures that were not permitted.
  • Ensure that anyone who has access to the data also agrees to these restrictions.
  • Not identify the information or contact the individuals

A researcher using de-identified data, where the information cannot be traced to a particular individual or protected health information disclosed by a covered entity in a limited data set under an appropriate data use contract, is exempt from the disclosure accounting requirements. The DUA may be part of a Services Agreement (see section D) or a stand-alone agreement.

De-identified Data–De-identified data excludes certain identifying information in accordance with certain regulatory standards set forth in the Privacy Rule so that it no longer contains Protected Health Information (PHI) and is exempt from the requirements applicable to PHI under the Privacy Rule. De-identified health information neither identifies nor provides a reasonable basis to identify an individual. Data shall be considered de-identified only when all 18 PHI items are removed from the data in accordance with 45CFR164.5144.

External Investigator–An Investigator who is not a BBD Member (defined below) who has expressed an interest in using BBD data and/or BBD research generally for an academic purpose or for a commercial purpose.

Internal investigator–An Investigator who is a BBD Member (defined below).

“Other Use”–Use of data other than for publication purposes, such as for a grant application, presentation, to determine the feasibility of a data mining project or study, or to support an IND or NDA application.

Limited Data Set -A limited data set is an exception to the HIPAA Privacy Rule requirement for authorization from the subject for research use of protected health information. A limited data set lacks 16 of the 18 identifiers itemized by the Privacy Rule. A limited data set may contain dates of birth, admission, discharge and death and it may contain geographical information such as town/city, state, and zip code.

BBD Member/Members–Includes all members of the Brittle Bone Disorders Consortium, such as principal investigators, co-investigators, study coordinators, study neuropsychologists, biostatisticians and program administration.

BBD Leadership–Consortium principal investigator (director), co-principal investigator (co-director), and associate director.

IV. Policies

A. Data Use
All data generated by the BBD consortium is available to all BBD members for analysis. These participating individuals and institutions are listed below:

  • V. Reid Sutton, MD, Sandesh Nagamani, MD, Brendan Lee, MD, PhD – Baylor College of Medicine
  • David Eyre, PhD – University of Washington (Mass Spectrometry Core)
  • Eric Orwoll, MD – Oregon Health and Science University
  • Deborah Krakow, MD – University of California at Los Angeles
  • Cathleen Raggio, MD – Hospital for Special Surgery
  • Frank Rauch, MD, Jean-Marc Retrouvey, MD, & Francis Glorieux, MD – Shriners Hospital for Children, Montreal
  • Emily Germain-Lee, MD – Kennedy-Kreiger Institute
  • Peter Smith, MD, & Gerald Harris, PhD, PE – Shriners Hospital for Children, Chicago/Marquette University
  • Laura Tosi, MD – Children’s National Medical Center
  • Eric Rush, MD – University of Nebraska Medical Center
  • Jeff Krischer, PhD – University of South Florida (Data Collection & Analysis Core)

The only Protected Health Information (PHI) available to all internal investigators are dates of birth, admission, discharge, and death. All other identifying information such as name, address, phone number, fax number, email address, social security number, medical record number, health plan beneficiary number, and account numbers are only available to investigators at the enrolling site. Certificate/license numbers, vehicle identifiers, device identifiers, web URLs, IP address numbers, biometric identifiers, full face photographic images, and other unique identifying numbers or codes are not collected as part of BBD research.

External investigators will specify whether de-identified data or a limited data set is requested. If a limited data set is requested, only data from subjects that have consented to share a limited data set will be shared. To ensure that the confidentiality and privacy of study participants are protected, all external investigators seeking access to data from BBD studies must execute and submit an appropriate standard data use agreement form prior to obtaining BBD data.

B. General Data Released to the Scientific Community

Data will be shared with the scientific community as is required for all NIH-funded studies and will follow NIH Data Sharing Policy and Implementation Guidance and the RDCRN Data Sharing Policy (see Appendix A). The general release of data will not include customized data reports or analysis but will include a data dictionary.

C. Specific Data Requests

External commercial and non-commercial investigators interested in using data generated by the BBD prior to its general release to the scientific community or who would like customized data reports and/or analysis have several options as described below.

  • Collaboration with a BBD member on analysis and publication (or other use) - External investigators (commercial or non-commercial/academic).
  • Independent analysis
  • Services agreement

D. Data Request Process

Individuals and institutions participating in the BBD consortium, as well as, non-participating persons should submit a concept sheet for executive committee review. This concept sheet should be submitted to the BBD project manager. Please see Appendix B. This concept sheet will be reviewed by the BBD executive committee for feasibility and scientific merit within 1monthof submission of all materials. The executive committee is comprised of all BBD PIs listed above. If the concept sheet is submitted by a member or the executive committee, then they must recuse themselves from the evaluation.

Approval will be determined by taking a majority vote. If a proposal is rejected, then written documentation must be issued within four weeks of the decision. Rationale must be provided along with the determination. An appeal can be made, and the concept sheet can be resubmitted to the executive committee. This resubmission must occur within two months of the rejection documentation being received. Once a concept has been approved, the BBD project manager will forward this request to the Data Management and Coordinating Center (DMCC). The DMCC will then ensure that this request is processed in a timely manner.

Once data requests have been completed the DMCC will send the data reports to the executive committee for review. This information will be transmitted via email unless requested otherwise. It is the executive committee’s responsibility to approve this information before it is sent out to the requestor(s) listed on the approved concept sheet.

E. Services Agreements and Contracts

A service agreement needs to be executed for any data mining project involving external investigators. This template incorporates the following elements: statement of work, fee schedule, invoicing instructions, nondisclosure and trade secrets terms, ownership and use of work product arrangements, publication and presentation rights and other standard legal terms. Services Agreements will also set forth a project cost and budget and will contain a data use agreement. I fit is anticipated that data will be requested more than once or will require complex analyses, a BBD infrastructure fee will be assessed for support provided.

Service agreements will be executed by a designated representative of the executive committee or by the consortium PI.

F. BBD Site Responsibilities

BBD sites agree to submit data in a timely manner so that it is available for analysis. Sites are routinely audited by the Data Management and Coordinating Center. Sites also may be audited by federal funding agency or other governmental agencies with oversight over federally funded research or clinical trials. In addition, industry trials may also require the sites to accept additional monitoring or auditing. If additional audits or other requests for access to data and records result from sharing data (eg, with a company that submits it to the FDA as part of a drug filing), BBD sites will comply with the audits and make source documents and other records available as necessary.

G. Intellectual property

Each site owns the data collected at their own site. The Brittle Bone Disorders Consortium owns the complete set of data collected at all sites (collective ownership). Data will be entered into dB Gap, therefore, the NIH will also own the data set. At the completion of the study, the Osteogenesis Imperfecta Foundation will have ownership of the data set.

H. Conflict of Interest, Data Release & Publication Agreement

Please see appendix C.