NIH Makes Initial Revisions to Guidelines for Genomic Data Analysis in the Cloud

NEW YORK (GenomeWeb) – The National Institutes of Health issued a position statement this week revising its existing polices on use of cloud computing services for storing and analyzing controlled access data stored in the Database of Genotypes and Phenotypes (dbGAP).

In response to repeated calls from the community, the NIH began reviewing its existing policies for accessing and using information contained in dbGAP to give biomedical researchers the option to use cloud infrastructure analyze data from the repository on. Under the existing policy, dbGAP data could not be analyzed using cloud compute because of concerns about the security of the data and to avoid risking the privacy of research participants.

Now, according to the newly issued position statement, the NIH will allow investigators to request permission to move dbGAP genomic and associated phenotype data from NIH repositories to public or private cloud systems for data storage and analysis. Data transfer will be subject to the dictates of the NIH's Genomic Data Sharing policy, and cloud computing systems will be required to meet the data use and security standards outlined in the NIH's best practices for controlled-access data as well as the requesting institution's own IT security requirements and policies.

The NIH's best practices document has been updated to provide specific guidance on the use of cloud computing infrastructure including audit and accountability requirements and it provides links to best practices from a number of commercial cloud service vendors.

Researchers who want to use the cloud for dbGAP data will need to make clear in their data access requests that they intend to use cloud compute and identify which vendors or providers they intend to use, the NIH said. They will also need to explain how they'll use the cloud computing service in their proposed research.

Source