The Health and Human Services Office of Inspector General (OIG) wants the world’s largest public funder of biomedical research to tighten the screws for handling sensitive biomedical research data, according to a report released on Feb. 13. NIH disagreed with all but one of the of the OIG’s recommendations.
The security of these data is critical for the agency as most of NIH’s $39 billion annual budget goes toward funding projects that generate data. NIH transmits almost two petabytes of data across its network—eight times all the material in the Library of Congress, according to NIH’s Center for Information Technology.
The agency also is in the beginning stages of crafting an agency-wide policy that aims to get more scientists to share their data.
“NIH should improve its controls when permitting access to sensitive NIH data,” the OIG said. “OIG has identified risks related to the sharing of sensitive data.”
The OIG only released a one-page summary of its findings and not the complete report because it “contains restricted information for official use only.”
The summary did not define what constituted sensitive data or how much of the data NIH oversees would be considered sensitive.
According to the OIG summary, NIH disagreed that it needs to:
- develop a security framework,
- conduct a risk assessment,
- implement additional controls for sensitive data, or
- ensure training and security plan requirements have been fulfilled.
The agency agreed it needed to ensure security policies keep current with emerging threats and to make training and security plans a requirement.
In a Feb. 13 statement, NIH told Bloomberg Law it is carefully reviewing the report. It said the agency will respond to the OIG with a final management plan by the Aug. 5 deadline.
Read more in the OIG’s report and the Proposed Provisions for a Draft NIH Data Management and Sharing Policy.
Selected information in the "Pharmaceutical Science Update" is compiled from summaries and articles from Bloomberg BNA.