- Subtopic
-
Guidance for sharing research data
Need assistance with sharing research data?
Duke is dedicated to the preservation, safeguarding, and responsible sharing of research data in alignment with academic, scientific, and legal standards. These standards account for the evolving expectation from research funders and scientific journals that researchers will maximize their data sharing. Below are some considerations to help guide investigators looking to publicly share research data.
The following information outlines fundamental principles pertaining to the sharing and/or dissemination of research data conducted within or under the auspices of Duke University. These guidelines should be reviewed alongside relevant laws, regulations, and standards, contractual terms, and University policy.
Jump to:
Considerations for data sharing
The following considerations should inform your method of data sharing, including: the use of open access repositories, controlled access repositories, or entering into formal Data Transfer or Data Use Agreements with an institution or group.
Scenarios can vary widely, so researchers seeking guidance should consult with datamanagement@duke.edu for assistance in 1) developing data management and sharing plans or 2) identifying potential repositories to share their data in and the processes associated with the various options.
When devising a research data sharing strategy, investigators should consider the following factors first:
- Prerequisites and stipulations from sponsors and funding agencies.
- Terms delineated in specific existing research agreements and proposed research agreements.
- Any applicable regulations, standards and laws (e.g. FERPA, HIPAA, etc).
- Ensuring the protection of privacy and ethical treatment of research participants and the appropriate management of research materials.
- Ensuring the conscientious and secure management of research data.
- Safeguarding and upholding of Duke and third-party data protected under copyright and/or intellectual property rights.
Assuming the previous considerations have been taken into account, investigators should next consider the following aspects when deciding where and how to share data:
- How the data were collected, from/about whom (participant population), by whom, and when, and the process by which it was obtained.
- Nature of the data (description, specific variables).
- Data classification under the Duke Data Classification Standard.
- Any conditions or restrictions on the use of the data by the data provider and/or sponsor.
- Any agreement or statement a researcher or institution must sign/has signed to obtain access to the data.
- Any conditions by the funder, the journal, or by the repository that may impact the way data can be shared.
- For example, if the funder approved a Data Management and Sharing Plan (DMSP), data may be required to be shared per the DMSP.
- For Human Participants Research, proper consent for data sharing should be included. The Campus IRB and DUHS IRB can assist with this type of language.
- The identifiability or re-identifiability of the data (and to whom they may be identifiable). Even de-identified data can pose a risk to research participants. When there is more than a minimal risk to research participants, a controlled access repository should be used.
- For example, does the data set and documentation provided with it contain information that could be used to identify individuals (e.g., extensive life history markers, other unique characteristics, verbatim text responses, geographic information)? Has the possibility that an individual could be identified due to being in a small set of persons with specific attributes been adequately mitigated (e.g., by collapsing or combining of data)? Are there variables that could be readily linked to identifiers by secondary users?
Find the right repository for sharing your data
Use the tool below to determine the most suitable choice(s) for depositing data at a project's completion. The list includes several repositories that are either owned or supported by Duke University. There are many disciplinary repositories that may be appropriate for a project's data not included in this list, consider consulting Duke University Libraries or access this database of external repositories from FAIRsharing.org, for other repository options.
Please note: Some funders, such as the NIH Institutes and Centers, may require researchers to use a particular repository. Details on whether a repository requirement is present can be found in the funding announcement.
- Access a list of NIH-supported Scientific Data Repositories
Types of data
If you are not clear about your legal rights or institutional rights to share data from your project, please contact ORC or ORS to gain formal approval for sharing data (contact information below).
| Data Source/Type | Data sharing considerations/limitations | Office(s) to contact prior to sharing | Help contact |
|---|---|---|---|
| Non-human data with no sensitivities or restrictions, per Duke’s Data Classification Standard, and no associated contract or agreement | May be deposited in a publicly accessible repository | datamanagement@duke.edu | |
| Non-human data with no sensitivities or restrictions, but has an associated contract or agreement | May be deposited in a publicly accessible repository, but a consultation with ORC/ORS is required | ORC/ORS | Schools of Medicine and Nursing: Office of Research Contracts (ORC) Campus/Provost Area Schools: Office of Research Support (ORS) |
| Data in which health systems, clinics, or individual providers may be participants in embedded research (e.g., comparing clinics across the health system on specific outcomes) | If the data are to be shared in a publicly accessible repository, they must be de-identified or masked prior to deposit | IRB approval needed if the project is research – manuscripts written, data shared, conference presentations, etc. | datamanagement@duke.edu |
| Duke participant data (not part of patient care at Duke) with affirmative written consent | Provided that the affirmative consent contains language about data sharing (or alternatively does not limit data sharing in public repositories in the case of older projects), can be shared without a review by a certified Honest Broker following the best practices for de-identification. The individual doing the de-identification should have a comprehensive understanding of the principles of de-identification and HIPAA and should be considering both direct and indirect identifiers. Honest Broker services are available under the PACE Service Center to teams who do not have the expertise within their team to de-identify their data. Data in this category that has been combined with public data that may result in an increased risk of identifiability should be reviewed with an expert to determine the associated level of risk. | Duke University Libraries Relevant IRB | |
| Duke health participant data (part of patient care at Duke) with affirmative written consent | Provided that the affirmative consent contains language about data sharing (or alternatively does not limit data sharing in public repositories in the case of older projects), can be shared following the de-identification by a certified Honest Broker. | DOCR | Data Front Door |
| Duke patient data with no written consent – this includes electronic health record data, administrative data, and claims data for Duke patients | Data in this category should primarily be shared under limited access rather than open access. This allows for appropriate stipulations and licensing terms to be attached to the data use and allows for an accounting of where this data has been shared. Duke Health data should be reviewed by a certified Honest Broker prior to being deposited into Zenodo. Exceptions would include -omics data generated by researchers without associated PHI (data elements such as race, sex or gender, ethnicity, or age in years provided that age is less than 90 is allowable). Other clinical data elements should be reviewed. | DOCR | Data Front Door |
| Data containing individual-level protected health information (PHI), not obtained from DUHS | Any data that has not been completely de-identified according to the HIPAA “Safe Harbor” or “Expert Determination” regulation cannot be shared without formal agreements such as a DTA* or DUA* between Duke and the data recipient. Data that has been de-identified either according to HIPAA “Safe Harbor” or “Expert Determination” may be deposited in a publicly accessible repository under open or controlled access pending disclosure risk review. | ORS/ORC Duke University Libraries Relevant IRB | Schools of Medicine and Nursing: Office of Research Contracts (ORC) Campus/Provost Area Schools: Office of Research Support (ORS) |
| Non-medical research on human participants with written affirmative consent | Provided that the affirmative consent contains language about data sharing (or alternatively does not limit data sharing in public repositories in the case of older projects), can be shared following the best practices for de-identification. The individual performing the de-dentification should have a comprehensive understanding of the principles of de-identification and should be considering both direct and indirect identifiers. Data in this category that has been combined with public data that may result in an increased risk of identifiability should be reviewed with an expert to determine what level of risk is associated with this. | Duke University Libraries Relevant IRB | |
| Non-human data with potential sensitives based on geographic information (such as the location of endangered species, etc.), etc. | May be deposited in a publicly accessible repository under controlled access. | Duke University Libraries | datamanagement@duke.edu |
| Secondary analysis of data from public datasets | May be deposited in a publicly accessible repository. Carefully review any license terms, privacy policy or other conditions that may limit the ability to share. | Duke University Libraries | datamanagement@duke.edu |
| Secondary analysis of data from contracted datasets | Carefully review contracts/licenses for terms that could prohibit sharing either in a repository or from one researcher to another. If sharing is desired or required, contact ORS/ORC to discuss if any amendments can be made to the original contract/license to allow sharing. If data cannot be shared, discuss with data provider what can be shared (analysis plan, aggregate stats, file list, variables used, etc.)* | ORC/ORS | Schools of Medicine and Nursing: Office of Research Contracts (ORC) Campus/Provost Area Schools: Office of Research Support (ORS) |
| Data with potential commercial value | If a researcher would like to commercialize their data, they should discuss this with the Office of Translation & Commercialization (OTC). | OTC | If Duke Health data: Data Front Door |
| Export Control Data | Contact the Duke Office of Export Controls (OEC) to discuss whether data may or may not be shared and under what conditions. | OEC | OEC help |
| Data gathered in an international setting or with international partners | Review any existing agreements with the international partners to see if data sharing is allowable. (If agreements limit data sharing, Contact ORS/ORC to discuss if any amendments can be made to the original agreements. Duke Privacy can assist with the international data collection and transfer language. Consult applicable data privacy laws (i.e., GDPR) to ensure compliance prior to sharing data | Relevant IRB Duke University Libraries ORC/ORS | Schools of Medicine and Nursing: Office of Research Contracts (ORC) Campus/Provost Area Schools: Office of Research Support (ORS) |