Update on New NIH Data Security Requirements Taking Effect January 25, 2025

The National Institutes for Health (NIH) has significantly updated its policy related to data security requirements. Effective January 25, 2025, users and developers of controlled-access genomic data will be required to manage that data in compliance with NIST SP 800-171 cybersecurity requirements. For more information on the requirements and how Penn is implementing them, including the list of the 20 impacted databases, see: NIH Data Management and Access Requirements for Sharing Genomic Data.

More information on the NIH data management and access requirements for sharing genomic data can be found on the Office of Research Services (ORS) website.