What are the NIH rules about data security with investigators from other countries having access to NIH funded research data?
- An agreement governing the data sharing may have data security requirements included.
- Federal export control rules also apply. These rules prohibit, without a license, access to export-controlled technologies, information, software or material by a non-U.S. person.
- However, most NIH research is considered “fundamental research” and the data generated on such projects would not be considered export controlled.
- Regulatory requirements (such as HIPAA and EU GDPR), that apply to certain types of data are still relevant no matter the source of funding or who is working with the data.
While there have been concerns about sharing data with foreign entities there are no prescriptive data security requirements regarding legitimate access to NIH funded data and foreign involvement.