Several videos currently available on the YouTube may help you with the data access application, project renewal and closeout processes. The titles and links of the videos are:

• dbGaP Data Access Application
• Application Renewal
• Project Closeout

Please also see here for a brief overview of the process.

The dbGaP controlled-access data are available only through the dbGaP Authorized Access System. For NIH researchers (intramural researchers), in order to obtain access to genomic data in dbGaP that is available through controlled-access, eligible NIH Institute and Center (IC) intramural scientists and IC extramural program scientific staff must first obtain the approval of their IC. Please see here for more details. For non-NIH researchers (extramural researchers), the Principal Investigator (PI) must be a tenure-track professor, senior scientist, or equivalent, to be able to submit a data access request (DAR) and have a valid eRA Commons account for logging in to the dbGaP system. Please see here for more about how to setup a new eRA Commons account or how to make changes to an existing eRA Commons account. The dbGaP data access request procedures are summarized in this document. Once you have your account ready, please see here for more about how to make data request. If you have any further questions, please contact the dbgap-help at vog.hin.mln.ibcn@pleh-pagbd.

The dbGaP and eRA Account What is the relationship between my dbGaP account and eRA account? How to setup a new eRA account and make changes to an existing eRA account? The dbGaP Authorized Access System authenticates non-NIH users using the information registered in the NIH eRA Commons. Once your eRA account is setup, you are ready to login to the dbGaP system using the eRA Commons account login credentials. If you have just setup a new eRA Commons account or made changes to an existing eRA Commons account, please allow one or two days for the new account information to be propagated from the eRA to the dbGaP system. With your dbGaP account, you can create dbGaP projects, select datasets of your interest, complete application forms, and finally submit your data requests for approval first by the Signing Official (SO) of your institution and then by the Data Access Committee (DAC) at NIH. Once the requests are approved, you can download the data through your dbGaP account. If it is the first time for your institution to setup an eRA Commons account, please see here for the information related to institutional eRA account. The eRA Commons account is not limited to US researchers. Many foreign organizations have already registered with eRA. You may want to first check with your institution to see if there is an institutional standing account. If there is one, the eRA Commons account administrator of your institution should be able to help you. The eRA system is not operated by the National Center for Biotechnology Information (NCBI) that oversees dbGaP. To get a new eRA Commons account or make any changes to an existing eRA Commons account, such as resetting the login password or changing the email address, please visit the eRA website or directly contact the eRA help desk. The eRA Commons How-To and FAQ sites are often found to be useful.

Yes, your institution will need to register at NIH eRA Commons before you can apply for an eRA Commons account that is necessary to access dbGaP. Institutions are usually registered by someone in the business office, since it requires financial information (such as the DUNS number). Once registration is complete, the eRA Commons account administrator of the institution should be able to assist individual investigators under the institution to setup their own eRA Commons account.

DUNS stands for "Data Universal Numbering System”. It is a unique nine-digit numbering system that is used to identify a business. The DUNS numbers are assigned by Dun and Bradstreet and are a part of an institution's account in the NIH eRA electronic record system. The DUNS number is not used in the data access requests generated by dbGaP, although it is required for establishing an institution's eRA Commons account. Please refer to D&B online DUNS request service for more details. The DUNS Number Search page may also be useful.

To access the dbGaP data, you need to be registered as a Principal Investigator (PI) by your institution with your eRA account. There may be three situations in which you are a PI in your institution but have no privilege to make data request in the dbGaP system.

1. You have just created a new eRA Commons account, or the role of the account is just changed to PI. In this case, please allow one to two days for the updated information to be propagated from the eRA to the dbGaP system before trying to login to the dbGaP Authorized Access System.
2. Your eRA Commons account is not new and the role with the account is not newly updated. In this case, we would like you to login to your eRA Commons account directly from eRA Commons to double check the role associated with the account. If the PI role is confirmed, it may suggest problems with the dbGaP system. Please contact dbgap-help at dbgap-help@ncbi.nlm.nih.gov.
3. You have confirmed that your eRA account has no PI role. In this case, you would need to contact the eRA Commons account administrator of your institution for help. The administrator can change the role of your eRA Commons account. Once the role is changed, please allow one to two days for the update to become effective in the dbGaP system.

To obtain access to genomic data in dbGaP that is available through controlled-access, eligible NIH Institute and Center (IC) intramural scientists and IC extramural program scientific staff must first obtain the approval of their IC. After completing the form and obtaining the necessary signatures, please scan the form and email the pdf document to the attention of the Genomic Data Sharing Policy Staff at Authorized Access System. More instructions about how to access dbGaP data can be found here. If you have any further questions, please contact the dbgap-help at dbgap-help@ncbi.nlm.nih.gov.

The new account information or any changes to an existing eRA Commons account, such as username, password, and email address changes, may take one to two days to be propagated from the eRA to the dbGaP system. After one or two days, please attempt to log in to the dbGaP Authorized Access System again.

The "Login" link on the dbGaP Authorized Access System login page is supposed to redirect you to a NIH login page where you can use the login credentials of your eRA Commons account to access the dbGaP system.

The dbGaP Authorized Access System authenticates users using NIH eRA Commons account information. Your dbGaP login only works if your eRA Commons account login works. Most of dbGaP account login problems are due to issues related to eRA Commons account login. If you have problems logging in to your eRA Commons account, please seek assistance from the eRA Commons help page before trying to login to the dbGaP system again. If your eRA login succeeds but dbGaP login fails, please contact the dbgap-help at vog.hin.mln.ibcn@pleh-pagbd.

The dbGaP Authorized Access System authenticates users using NIH eRA Commons account information. If you have a problem with logging into the dbGaP system, it could be simply because the login credentials (username or password) that you are using are incorrect. The login credentials for dbGaP login are the same as those of your eRA Commons account. Please see the eRA Commons help page for more details.

Please see here for the answer.

The information related to the Authorized Access can be found from the “Authorized Access” section on study page of the dbGaP public website. From the study page (such as this one), there is a link named “Authorized Access” right under the “Variables” tab on top of the page. The link is a shortcut to the section. Please see the screenshot of the section below. The following information can be found from the section:

1. Email address of Data Access Committee (DAC) of the study
2. Data Use Certificate (DUC) of the study.
3. The name of the consent group.
4. Data use restriction of the consent group.
5. IRB requirement of the consent group.
6. The link to study-report and data manifest for the data available through the Authorized Access System.

Here is a real example of the section. You need mouse over the help ('?') icon to see the consent language of each consent group.

Please see here for the answer.

The dbGaP data are organized into consent groups which consist of all the data from study participants who have agreed to the same data use as specified in the informed consent for the study. Data access is only approved in unit of consent group, and, therefore data requestors should understand the Data Use Limitations (DULs) of a consent group prior to applying for dbGaP data access. DULs of a dbGaP study is listed in the “Authorized Access” section on the study page of dbGaP public website. From the study page (such as this one), there is a link named “Authorized Access” right under the “Variables” tab on top of the page.The link is a shortcut to the section. The DULs of each consent group is listed in the section. A screenshot of the section can be found here.

The terms and conditions of using dbGaP data vary by study. A link to the Data Use Certification (DUC) of a particular study can be found in the “Authorized Access” section on the study page of dbGaP. From the study page (such as this one), there is a link named “Authorized Access” right under the “Variables” tab on top of the page. The link is a shortcut to the section. A link to the DUC is included in the section. A screenshot of the section can be found from here.

A detailed description of distributed files can be found from the Study Configuration Report and Data Manifest available on the dbGaP public FTP site such as here. The FTP folder can be found through the link named “List of components” in the “Authorized Access” section of the study page. A screenshot of the section can be found here. Please note that the information of SRA (Short Read Archive) data files is currently not included in the study report and data manifest. The SRA data here is a general term for the Next-Gen sequence raw data, BAM files, or other high throughput data. You may have to directly check the SRA or Biosample websites for the information.

The sequencing data (including Next-Gen sequence raw data, BAM files, or other high throughput data.) distributed through the dbGaP are subject to frequent real time updates, the information of which, therefore, is not included in the study report and manifest available on the dbGaP FTP site. The information of all data files available for download through the dbGaP Authorized Access System, including that of sequencing data files, however, can be found from a manifest file inside of the Authorized Access System. It can only be accessed through an approved Data Access Request (DAR). The following is how to locate it: Login to the dbGaP account, go to “My Request” tab, and click on the “Request data” link in the “Actions” column of respective table row. There is a link named “Dataset Manifest” right above the “Create new data request for download” section. Clicking on the link allows saving or opening of a spreadsheet file. All the phenotype, genotype, and sequencing files are listed along with their sample ID information in the file.

The following is a general overview of how the dbGaP data access request (DAR) process works:

1. Applicants log in to the dbGaP Authorized Access System as a Principal Investigator (PI) using the username and password of the applicant's eRA Commons account. The applicant creates a project and follows multiple steps to complete and submit the online application. Note: requests for several consent groups from different dbGaP studies can be included in the same project. The application then is forwarded to an Institutional Signing Official (SO) for approval.
2. The SO approves the requests and they move into the queue of a NIH Data Access Committee (DAC) to review. The review is to confirm that the proposed research use(s) is consistent with the data use limitations (DULs) of the requested dataset(s). These restrictions are established by the language in each study's informed consent materials, and therefore vary across studies in dbGaP.
3. Once the DAC review is complete, the PI and SO is notified by email of approval or disapproval of the data access request (DAR).
4. Once the approval email notification is received, the PI can download the data by logging in to the same dbGaP account used for making the DAR.

A more detailed explanation of the DAR process can be found on the “How does one apply” section in the dbGaP Authorized Access system. It can also be found on this archive here. Additional information about NIH policies and procedures for Genomic Data Sharing (GDS) Policy can be found on the NIH Office of Science Policy (OSP) website or you can send an email directly to GDS@mail.nih.gov.

Phenotype variables and datasets can be browsed through the public dbGaP web pages. Here is how to find the study report and data manifest that include the information of the phenotype and genotype data files. Please note that the information of sequencing data (including Next-Gen sequence raw data, BAM files, or other high throughput data.) is not included in the study report and data manifest available from the public FTP site. That information, however, is available inside of the dbGaP Authorized Access System. Please see here for more information.

The dbGaP phenotype and genomic data are submitted and processed separately from the SRA data. The SRA data may include the Next-Gen sequence raw data, BAM files, or other high throughput data. It is quite common that the data submitter submits phenotype and genomic data of a study while publishing the paper, but holds on to the submission of SRA data due to either technical or other reasons. The dbGaP often goes ahead and releases the study as soon as the phenotype and genomic data are ready independent of the SRA data. Once the study is released, the study page is published on the dbGaP website and the individual level phenotype and genomic data are made available through the dbGaP Authorized Access System. The SRA data release may fall behind either because the Principal Investigator (PI) may not have submitted the SRA data or the National Center for Biotechnology Information (NCBI) has not completed the data processing.. In cases where the SRA data lags as a result of the PI, the delay of SRA data release could be significant and sometime indefinite. The SRA data submission and processing are handled by NCBI's SRA group. If the dbGaP study has been released and the SRA data have not yet been made, it is suggested to directly contact the hin.mln.ibcn@ars for any questions regarding the status of SRA data release. They are in a better position to give you an update. As the last resort, you may want to directly contact the PI of the study for more information. For most of studies, the PI's contact information is posted on the “Study Attribution” section at the bottom of the study page on the dbGaP website.

There are several videos available on YouTube that demonstrate the dbGaPdata access equest (DAR) process. The links to them are listed here.

The following is a brief step-by step guide to the dbGaP Authorized Access application process:

Visit the dbGaP Authorized Access System. When you get there, you will find that you will need an NIH eRA Commons account username and password to log into the system ().

To get an eRA account and password, go to eRA Commons, and follow the directions for online account registration. Please also see here for more about an eRA Commons account; For NIH researchers, in order to obtain access to genomic data in dbGaP that is available through controlled-access, eligible NIH Institute and Center (IC) intramural scientists and IC extramural program scientific staff must first obtain the approval of their IC. Please see here on additional information.

When you login for the first time, you will be asked to provide and save your contact information. This contact information will be used by the system to complete the cover page forms of your DAR. Once this is complete, you will not have to fill it out again in order to access the system in the future. Should your contact information change in the future, you can click on the “My Profile” tab located near the top of the page and update the information accordingly.

Click on the "My Projects" tab. Once you are on the “My Projects” page, click the "Create a new project" button to start a ata ccess equest. Please be aware that the name of a new project cannot be the same as that of any existing projects, including closed projects. After entering the information, move on to the next step using the “Begin New Research Project” button.

.

Choosing Datasets
All datasets available for download are listed under “Choose Datasets” sub-tab.

(Note: For a newly created project, this is the first sub-tab. After the first time, you will see this sub-tab before the “Confirm Dataset” sub-tab)

With hundreds of datasets listed on this page, it is difficult to find anything specific by browsing through the page. It is suggested to search the page using the web browser’s search function (Control-F) to find related datasets. For example you will find Framingham datasets by searching for “phs000007” (no quotes) or by “Framingham”.

Please note that study participants are partitioned according to their informed consent restrictions on use. Select only those participant sets that have consent restrictions consistent with your proposed research. Please also be aware that if there is more than one consent group in a study, the participants of different consent groups do not overlap, which means that you would have to get the data of all consent groups to cover all participants of the study.

Before including the datasets in the project you are creating, please read the “Data Use Limitations” of each dataset to make sure it matches the Research Use Statement that is required in a later step.

Select all the datasets you have decided to include using the checkbox and move to the next step by clicking on “Add Selected and Continue” button at the bottom of the page.

Research Project
On this page you will enter the following information

a.

A title for the research activity

b.

Type of research

c.

A research use statement (limited to 2000 characters)

d.

A non-technical summary (limited to 1100 characters)

e.

The name of your Institutional Signing Official (SO)

f.

The organization information of data requester or the Principal Investigator (PI).

g.

Create decryption password for the project. The password is used to create dbGaP repository key that is required for configuring the NCBI decryption tool and SRA-toolkit. The decryption password and dbGaP repository key are shared among all download packages created under the project.

Note: after being created for the first time, the decryption password can be reset from the page under the “Data Security” sub-tab. Reset password will only affect the download packages created after the reset, which means that the download package created before the reset will still use the old dbGaP repository key for decryption.

Move to the next step by clicking on “Save and Continue” button.

Collaborators
On this page, you will enter the names and contact information of your collaborator(s). The collaborators within your institution (if any) should be provided. The degree of detail for your list of collaborators is decided by your DAC (Data Access Committee) reviewers, but generally speaking, a “collaborator” is meant to include staff with an official appointment at your institution, and not supervised students and technical staff. Use the “add another collaborator” button if you have more than one local collaborator. The data downloaded from the dbGaP can be shared between listed internal collaborators through a secured computer system.

If investigators plan to collaborate with investigators outside their own institution, the investigators at each external site must submit an independent DAR using the same project title and Research Use Statement, and if using the cloud, Cloud Computing Use Statement. The “Research Use Statements” section of each application should also mention the respective external collaborators and the fact that this is a joint research project so that the Data Access Committee (DAC) can review the requests together. These are important for an expedited review of separately submitted requests from all external collaborators.

Information Technology (IT) Directors
On this page you will enter the name(s) and contact information for your IT Director(s). Generally, a senior IT official with the necessary expertise and authority to affirm the IT capacities at an academic institution, company, or other research entity. The IT Director is expected to have the authority and capacity to ensure that the NIH Security Best Practices for Controlled-Access Data Subject to the NIH GDS Policy and the institution’s IT security requirements and policies are followed by the Approved Users.

Choose Datasets
This is the same sub-tab mentioned early in this instruction. When the dataset is selected for the first time, this is the first sub-tab. After that it is placed to the middle before the “Confirm Datasets” sub-tab. Please see the early “Choose Datasets” section in this instruction for details.

Confirm Datasets
On this page, the datasets you selected in the “Choose Dataset” step are listed. This is your first chance to review the “Data Use Limitations” (DUL) of each selected datasets. Please make sure it matches the data uses described in the Research Use Statement.

For each listed dataset, if you want to remove it from the list, you can use the dropbox on the right side of the dataset name to select “Remove”, and then use the “Remove Selected” button to remove it from the list. Please note that a datasets is no longer removable if it has ever been approved.

Review the Data Use Certification
On this page, you are given a chance to review the Data Use Certificate (DUC ) and the Dataset Manifest (look for PDF icons in the right most column) for each of the datasets you have requested.

• At this point you can use the “Back” button to go back to the previous step if you want to remove datasets or go back to the “Choose Datasets” step if you want to add datasets.
• Review the DUCs and the Dataset Manifests to make sure everything is correct.
• If any of the datasets included requires IRB approval, go to the “Program-specific required attachments” section at the bottom of the page

(Please note that the “Upload” or “Delete” button may not be shown if no dataset is selected at the “Choose Dataset” Step).

The IRB requirement is imposed by the data submitter. For the datasets marked as IRB required, the IRB approval document has to be provided in order for the system to go through. There are no other alternatives.

Review the Data Use Limitation
On this page, you are given a final opportunity to review the Data Use Limitation (DUL) of each selected dataset and make sure it matches the data uses described in the Research Use Statement. If the DUL of any of selected dataset doesn’t match intended data use, you would need to go back to previous “Confirm Datasets” step to remove it. If you agree the DUL are consistent with your intended use as described in your Research Use Statement, make sure all the checkboxes are checked and move to the next step by “I agree the Data Use Limitation(s)” button.

Review Applications (& Electronic Signature)
On this page, you can find links to your completed application(s). You may want to review your application(s) as a whole before the final submission. If you need to revise any portion of your applications, use one of the sub-tabs to return to a previous step and make changes.

Once you have thoroughly reviewed the application,, you will need to click the checkboxes labeled “I agree …”. Checking these two checkboxes constitutes an electronic signature, which affirms the accuracy of the application. After clicking the two check boxes, click the "Submit Application to Signing Official" button to route the request to your Institutional Signing Official (SO) for their signature.

After the application being submitted, under “My Requests” tab, you can see that selected data requests of the project are under “SO review” status. In the meanwhile, an automatically generated email notification will be sent to the designated SO for reviewing the application. Once being approved by the SO, each DAR under the project will be in queue for review by the respective Data Access Committee (DAC). The status of the request is changed to “DAC review”.

After the application is submitted and before being pick up from the SO queue, you can use the “Recall Application” button to withdraw the submission. After the recall, you can revise and submit it again.

Please see here for how to check the status of submitted DARs.

You will be notified once DAC review is done. You will be allowed to download requested data once the DAR gets approved by the DAC.

You can track the progress of your submitted data access requests (DARs) through the dbGaP Authorized Access System. After logging in, click on "My Requests" tab located near the top of the page, which takes you to the “My Requests” page. The progress of your DAR is indicated in the “Status” column of the request table. The following are a few commonly seen statuses:

• SO review: After the dbGaP project is submitted, the DAR(s) under the project will be under “SO review” status. In the meanwhile, an automatically generated email will be sent to notify the Signing Official (SO) to review the data requests. You may want to directly contact the SO to expedite this process.
• DAC review: After being approved by the SO, the DAR is put in the queue for an NIH Data Access Committee (DAC) to review. The time required for DAC review varies depending on many factors, however, average DAC review is two weeks. Please directly contact the respective DAC for an update if necessary.
• Approved: Once the request is approved by the DAC, you will receive an email notification about the status of the request. The status of the request will be shown as “Approved”. Once approved, you can immediately start to assemble download packages by going to the DAR page through “My Requests” tab and download the data through “Downloads” tab.
• Approved Expired: Through submission of the DAR, the Principal Investigator (PI) agrees to submit either a project renewal or close-out request prior to the expiration date of the 1-year data access period. Failure to submit a renewal or to complete the close-out process, including confirmation of data destruction by the Institutional Signing Official, may result in termination of all current data access and/or suspension of the PI and all associated personnel and collaborators from submitting new DARs for a period of time..
• Rev. Requested: If the DAR is under “Rev Request” status, please go to the data request page through “My Request” tab and read DAC comment. You may need to revise the project accordingly and resubmit it through your dbGaP account. Please see here for more about how to revise and resubmit an existing dbGaP project.
• Rejected: If your DAR is rejected by the DAC, it often means that stated data use does not match the data use limitation of selected datasets. Please go to the DAR page through “My Request” tab and read the DAC comment for more details. You may need to reselect datasets, change your Research Use Statement, or make other necessary changes, then resubmit the project through your dbGaP account. Please see here for more about how to revise and resubmit an existing dbGaP project.
• To review: After a project is submitted for “SO Review,” if by some reasons the application is returned back to the PI by the SO for revision, or the PI has chosen to withdraw the application using “recall from SO” link, or “Recall Application” button, all the DARs under the project will be under “to review” status.

The length of time for processing an application request depends on:

1. How fast the Signing Official (SO) signs the application.
   Through an automatically generated email, the SO of the dbGaP project should be notified to review the data access requests (DARs) when a project is submitted. You may want to directly contact the SO to expedite this process.
2. How fast the Data Access committee(s) DAC approves the application.
   The time required for DAC review varies depending on many factors, however, average DAC review is two weeks

Since dbGaP is not directly involved in the review and approval process of DARs, you may have to directly contact respective DACs to check on the progress of your application. You will find that your application includes the email address for the DAC of each study. The DAC email address can also be found from the “Authorized Access” section of respective study page on dbGaP public website (see here for the screenshot).

A list of the Signing Official (SO) at a Principal Investigator (PI's) institution registered with the NIH eRA Common is available under the “Project details” page. To find the page, go to “My Projects” tab, click on the project name, and click on “Project details” sub-tab. The SO registration with the eRA is often handled by institution's eRA administrator. Please see here for more about institutional Signing Official (SO). The IT Director is generally, a senior IT official with the necessary expertise and authority to affirm the IT capacities at an academic institution, company, or other research entity. The IT Director is expected to have the authority and capacity to ensure that the NIH Security Best

The dbGaP data are organized into consent groups which consist of all of the data from study participants who have agreed to the same data use limitations as specified in the informed consent for the study. When applying for dbGaP data, the data available are grouped in unit of consent groups. Data access is only approved in unit of consent group, the data requesters therefore should understand the Data Use Limitations of a consent group prior to applying for dbGaP data access. Data Use Restriction of a dbGaP study is listed in the “Authorized Access” on study page. Here is how to find it. Please note that, for a given study, participants in different consent groups do not overlap, which means that you would have to get the data of all consent groups to cover all participants of the study.

Yes, you can complete some sections of the application and return to finish in one or more additional sessions, as the data access request application system will save your application at each step when you click the green "Next Step" button at the bottom. Note: the text of the green button may be slightly different depending on the context of the button.

NIH Data Access Committees (DACs) review research use statements to make sure the proposed research is consistent with the data use limitations on the requested datasets in the data access request(s) (DAR).the RUS should include the following components:

1. Objectives of the proposed research
2. Study design
3. Analysis plan, including the phenotypic characteristics that will be evaluated in association with genetic variants
4. Explanation of how the proposed research is consistent with the data use limitations for the requested dataset(s)
5. A brief description of any planned collaboration with researchers at other institutions, including the name of the collaborator(s) and their institution(s).

Additional guidance to how to write a research use statement can be found on the Office of Science Policy website. Some studies have additional instructions that are required in their applications for controlled-access. If you have study-specific questions, you may wish to contact the Data Access Committee (DAC) for that study. The email address for each study's DAC is provided in the “Authorized Access” section of the study page (see screenshot here ).

All research statements of approved data access requests (DARs) are posted on the respective study page of the dbGaP public website. There is a link named “Authorized Requests” on top of the study page (see screenshot below). The link leads to “Authorized Data Access Requests” section that contains research use statements of approved datasets. You may need to use “Show/Hide” next to “Research Use Statement” on each requester's section to view text. The “Public Research Use Statement” and “Technical Research User Statement” are both included.

An Institutional Review Board (IRB), privacy board, and/or equivalent body is a committee that reviews and monitors research involving human subjects. The group serves an important role in the protection of the rights and welfare of human subjects research. Some datasets require IRB, privacy board, and/or equivalent body approval for use, as noted on the dbGaP study page displayed in the “Authorized Access” section.. Please see here for more about how to locate it.. Other types of documentation may be required as described on the study page and/or Data Use Certification for the study. Evidence of IRB approval and other documentation can be uploaded as a PDF during the application process.

Any questions about IRB approval should be directed to the Data Access Committee (DAC) for the study in question. The email address of the DAC for a specific study is in the “Authorized Access” section of the Study page. Please see the screenshot at here. (06/15/2011)

If any of the datasets included in a dbGaP project have an IRB requirement, the respective IRB approval documents in a PDF format will have to be uploaded in order to complete the application process. This needs to be done by the Primary PI of the data access request (DAR) through the dbGaP Authorized Access System. The instructions below will direct you on how to add or update IRB documents. After logging in to the dbGaP system, please do the following:

1. Click on the “My Projects” tab and click on the project name.
2. For new projects or for existing projects that wish to add datasets, make sure datasets are selected under “Choose Datasets”.
3. Confirm selected datasets by hitting “Next” button until you reach, “Review DUC”.
4. On the “Review DUC” page, if any of the datasets included in the project have an IRB requirement, you will see the “Program-specific Required Attachments” section at bottom of the page. Use the “Upload” button to upload IRB approval documents for the datasets shown in the table.
5. To update previously uploaded IRB approval documents for an existing project, go to the “Review DUC” page, in the “Program-specific Required Attachments” section at bottom of the page. Use the “Delete” button to remove existing IRB approval documents and use the “Upload” button to upload new ones.

If you don't see the “Upload” button, please be aware that the “Upload” button is visible only if the dataset that requires an IRB approval document is selected. You may want to go back to the “Choose datasets” page to select the dataset first.

A dbGaP data request is organized by project. A project could contain multiple data access requests (DARs) from one or more dbGaP studies. Thus, any change made to one or more DARs under the project necessitates that the entire project has to be revised.

Most steps of project revision are simply repeating those that occurred while creating a new project creation. Revised and resubmitted projects will go through SO review and subsequently be in the DAC queue for review again.

Please note that approved DARs will stay as approved during the re-review process, unless the revision is ultimately rejected by the DAC(s).

The following are some common situations where revision and re-submission of a completed project is needed:

1. Change user profile
   Note: the profile items include phone number, position/title, and user address. Principal Investigator's (PI's) email can only be changed directly through the eRA.
2. Change project information or data use statement.
3. Change collaborator or IT Director.
4. Change Signing Official (SO).
5. DAR is rejected or sent back for revision by the Data Access Committee (DAC).
6. Add or delete datasets from project.
7. Add or update IRB documents.

The following is a detailed instruction.

Log on to the dbGaP Authorized Access System as a Principal Investigator (PI).

Go to the “My Projects” tab if you are not already there.

Note: If any DAR under the project is currently under “SO Review”, the project has to be recalled from the SO first before the revision can be made. The status of the DAR can be found under the “My Requests” tab and here is how to recall a project from the SO.

Go to the project page by clicking on the “Revise Project” link from the “Actions” column of the project that needs to be revised. Another way of getting to the project page is to simply click on the project name under “My Projects” tab.

If the “revise project” link is not in the “Actions” column, it may suggest that the year-end renewal date of the project is approaching or passed. In this case, you should instead click on the link named “Renew Project” to start the project renewal process. Please see here for more about it.

Research Project
Make necessary changes to the information presented on the page. This may include data use change, new information related to revision and update etc. The change of the Signing Official (SO) can also be made on this page.

Collaborator
Change internal and external collaborators information if necessary. For external collaborators, the information of related dbGaP requests should be included. Please see here for more about it.

IT Director
Change IT Director information, if necessary.

Choose Datasets
You can add datasets not currently included in the project at this step. You may have to reselect the rejected datasets in the project if you want to include them again.

To navigate through hundreds of datasets listed on the page, it is suggested to search using the web browser's search function (Control-F) to find related datasets. For example, you will find Framingham datasets by searching for “phs000007” (no quotes) or by “Framingham”.

If any datasets are selected, use the “Add Selected and Continue” button to move to next step.

You would need to go through the rest of the steps listed below to re-submit the project.

1. Confirm Datasets
2. Review DUC
3. Review DUL
4. Review Applications (& Electronic Signature)

The detailed description of steps can be found in the creating a new project section.

The submission will go to the SO for re-review and an automatically generated email notification will be sent to the SO. If approved by the SO, the DAR will be in the DAC queue for reviewing again. You will be notified once the requests are approved by the respective DAC.

If a project contains any data access requests (DARs) under “SO Review”, in order to make changes to the project, the Principal Investigator (PI) will need to either contact the Signing Official (SO) with a request to return the application for revision or use the link named "Recall from SO" to withdraw the application from the SO queue. The following is how to make the recall.

1. Log in to the dbGaP Authorized Access System.
2. Go to the "My Projects" page (this is default page you are presented upon login).
3. Click on the link "Recall from SO" in the “Action” columns of the project. You should be redirected to the “Review Applications” sub-tab of the project page.
4. Click on the "Recall Application" button. A text box for a comment should be displayed.
5. Enter the comment and click the "Recall Application" button again.
6. At this point, you are ready to make any necessary revisions or reselect datasets through respective sub-tabs, and finally resubmit the project to the SO for review again. Please see here for a more detailed instruction of how to revise your project.

If any of the data access requests in the project is under “SO Review”, you need to recall the project from the Signing Official (SO). Please see here for more details. After being recalled from the SO or if the Data Access Request has been completed and approved by the current SO, you can change the SO of your project by the following steps:

1. Log into the dbGaP Authorized Access System. Click on the “My Projects” tab if you are not on the “My Research Projects” page.
2. For the project to which you need to change the SO, click on the project name, or from the “Actions” column of the project, click on the “Revise Project” link. This will take you to the project page.
3. Click on the “Research Project” sub-tab and choose from the list of SOs of your organization registered with eRA Commons.
4. Go through of the remaining steps and submit the change.

The new SO will be informed to review the submitted request. It often happens that the new SO intended to be designated for the project is not found from the SO list registered by the primary PI's organization in the steps described above. In this case, the PI's organization will have to first register the new SO with eRA Commons before the PI can make the SO change. Please beware that any changes made to the eRA system may take one or two days to become effective in the dbGaP system. Please contact the eRA administrator of your organization or visit the eRA Commons website for more about how to add an institutional SO. The eRA Commons How To and FAQ sites are often found to be useful.

Process for Transferring Principal Investigators Within the Same Institution:

1. Principal Investigator (PI) selects action transfer to another PI.
2. PI fills out online form to transfer application.
3. PI submits transfer application to Institutional Signing Official (SO).
4. SO certifies transfer application.
5. Email alert is sent to an NIH Data Access Committee(s) informing them of transfer
6. dbGaP Project application shows up in new PI's account and is removed from the previous PI's account.

The Signing Official (SO) and IT Director of the Principal Investigator's (PI's) institution are ultimately responsible for enforcing proper data use and data security. The dbGaP data applications therefore are not transferable to different institution. Prior to leaving a current institution, the PI needs to close out current dbGaP project and file a new application with the new institution (see here for more about project closeout). It may be helpful to directly contact the Data Access Committee (DAC) that approved the request to see if there is an expedited review given the situation.

The degree of detail for your list of collaborators is decided by your DAC reviewers, but generally speaking, a “collaborator” is meant to include staff with an official appointment at your institution, and not supervised trainees such as graduate students or postdoctoral fellows. The step-by-step process for adding collaborators to a data access request (DAR) is as follows:

1. Navigate to the "My Projects" page in the dbGaP authorized access system.
2. Click on the "Revise Existing Request form(s)" link for the project to which you need to add personnel (the link is located below the title of the project).
3. Select Step 2a (Collaborators) from the grey tabs at the top of the page.
4. Enter the name(s) and contact information for your new lab member(s) and press "Save" or "Next" button
5. Use the "Next" button at the bottom of each succeeding page until you get to Step 6.
6. At step 6, re-submit your application

Please see here for more about collaborators.

You can delete unwanted datasets included in your project before the data access request (DAR) is approved by the Data Access Committee (DAC). The dataset is no longer removable from the project once it is approved for access. Please refer to the project revision section at here for more details.

The user profile of the Principal Investigator's (PI's) dbGaP account can be changed through the “My Profile” tab. Please note that the grey field values are automatically filled in by pulling in the information from the PI's eRA Commons account. These fields include first and last names and email address. The eRA Commons account information can only be changed directly through the eRA system. Please visit eRA commons website for information. The eRA Commons How To and FAQ sites are often found to be useful. Please be aware that any changes to an eRA Commons account may take one to two days to be propagated from eRA to dbGaP system.

dbgap-help@ncbi.nlm.nih.gov is the correct email address for questions about the application process. General questions about the NIH Genomic Data Sharing (GDS) policy should be addressed to gds@mail.nih.gov.

The DAC email address can be found either in the dbGaP Authorized Access System or on the dbGaP website. For the former, once logging in to the dbGaP account, go to the “My Requests” tab, the DAC name (such as NHGRI, GAIN, TCGA …) is listed in the “Data set” column of the data request table. Click on the name, the email editor with the DAC email address will be opened. On the dbGaP website, the email address of the Data Access Committee (DAC) for a specific study is located in the “Authorized Access” section of the Study page (circled in red below):

If your question is about SRA data availability or release status, please see here for more information. The SRA data may include the Next-Gen sequence raw data, BAM files, or other high throughput data. The SRA data distributed through dbGaP is handled and processed by the National Center for Biotechnology Information's (NCBI's) SRA group. The SRA group, thus, is in a better position to answer most of the SRA-related questions, especially those about SRA data submission, availability, and quality. The SRA help email address is sra@ncbi.nlm.nih.gov.

The SRA toolkit can be downloaded from here. The best contact for any SRA toolkit related issues is sra-tools@ncbi.nlm.nih.gov, a mailing list documented in every README within the source downloaded by users.

All data access requests (DARs) are contained in a project, which manages administrative information of the requests under the project. The approval of a DAR is typically granted for a one-year period. After initial request are made, more requests can be added to the project. Different DARs under a project thus can have different expiration dates. Consequently, a Principal Investigator (PI) may receive multiple automatically generated email reminders for the expiration of different requests or for projects in a relatively short period of time. The status of a DAR is shown as “Expired” after the expiration date. Here is how to check status of dbGaP data requests. In addition to data request expiration date, there is also a project level year-end renewal date, through which the project information that governs all DARs in a project can be updated and reviewed once a year. When the year-end renewal date is approaching, the project needs to be renewed to stay as approved even there is no intention to make any changes. At the minimum, the “Data Use Statement” may be revised to indicate the future data use in the next approval period. The PI's dbGaP account will be suspended if the year-end-renewal or project closeout request is not submitted 42 days after the project expiration date. Automatically generated email reminders will be sent to the PI 30 and 14 days prior to each of expiration dates mentioned above. It is suggested to submit the renewal request as soon as the first email reminder is received, which gives the DAC ample time to review it. The year-end-renewal of a project will reset the expiration date of the project and that of all requests under the project to the same new date.

The renewal of data access requests (DARs) within a project requires the renewal of the entire project. The renewal process, however, will not affect currently approved requests. The approved requests will stay as approved during the renewal process.

(Note: It is no longer required to send a separate annual report directly to the Data Access Committee.).

Procedure for renewal

The following procedure is for the year-end renewal a dbGaP project.

1. Log on to the dbGaP Authorized Access System as a Principal Investigator (PI).
2. Click on the “My Projects” tab. From the project table, find the project that contains the data requests that you like to renew. Click on the link named “renew project” in the “Actions” column on right side. This leads you to the project renewal page, which starts from default sub-tab “Research Progress”.
3. If you don't see the “Renewal Project” link in the “Actions” column, it means that it is too early for you to make the year-end-renewal. In this case, you may consider user the “revise project” link to revise the project. Please see here for more about it.
4. If there is a need to make changes to the information under sub-tabs before the sub-tab of the default page you are seeing, this is an opportunity to do so. Otherwise, you can start from the sub-tab “Research Progress”, go through subsequent steps, and submit the renewal request at the end.

Research Progress

On this page you will enter the information about research progresses and intellectual properties resulting from analyzing requested data, and research plan for specified datasets. The datasets accessions and names of approved dataset pertaining to the research plan should be provided. Move to next page using “Save and Continue” button.

Presentation

On this page, you are required to provide information of presentations resulting from analyzing requested data. Please check the checkbox if you don't have any presentations. Move to next page using “Save and Continue” button.

Publications and Manuscripts

On this page, you are required to provide all publications resulting from analyzing requested data. Please check the checkbox if you don't have any publications. Move to next page using “Save and Continue” button.

Data Security

On this page, you are required to provide information related to data security. Please carefully follow the instructions on the page and provide the information as detailed information as possible. It is important for privacy protection of the individual level data. Move to next page using “Save and Continue” button.

The rest of steps are shown below, the instructions of which are identical to that of the respective steps of creating a new project.

1. Choose Datasets
2. Confirm Datasets
3. Review DUC
4. Review DUL
5. Review Applications

After project renewal is submitted, the status of the DAR will be changed to “SO Review”, and the Signing Official (SO) of the requests under renewal will be notified by an automatically generated email. You may want to directly contact the SO to expedite the process.

After being approved by the SO, the DAR will be in the DAC queue for review and the status is changed to “DAC Review”. Please check to make sure the status is changed. Here is how to check the status of dbGaP requests.

During the renewal process, approved requests will stay as approved unless the renewal of entire project gets rejected by DAC.

Please note that NCBI and dbGaP are not directly involved in DAR approval or the renewal process. For any questions concerning DAR approval or the renewal process, please directly contact the DAC(s) to get an update of the renewal status or to resolve any outstanding issues.

It is no longer required to send a separate annual report directly to the DAC. The project renewal process now is handled entirely through the web-interface from the Principal Investigator's (PI's) dbGaP account. Please see here for more details.

A dbGaP project can contain one or more approved datasets. If the research of the project is no longer active, it is a good idea to close the project, so that the Principal Investigator (PI) will not have to make yearly renewal of the project. The data access request (DAR) expiration or year-end-renewal reminder will not be sent to PI.

Procedure for project closeout

Log on to the dbGaP Authorized Access System as a Principal Investigator (PI).
Click on “My Projects” tab. From the project table, find the project that contains the data request that you want to close. This leads to the “Project Details” sub-tab.

Read the project information carefully to make sure that it is the right project to closeout. Move the next page using “Begin Close Out Process”.

Research Progress
On this page you will enter the information about research progresses and intellectual property resulting from analyzing requested data. Move to next page using “Save and Continue” button.

Presentation
On this page, you are required to provide information of presentations resulting from analyzing requested data. Please check the checkbox if you don't have any presentations. Move to next page using “Save and Continue” button.

Publications and Manuscripts
On this page, you are required to provide all publications resulting from analyzing requested data. Please check the checkbox if you don't have any publications. Move to next page using “Save and Continue” button.

Data Security
On this page, you are required to provide information related to data security. Please carefully follow the instructions on the page and fill in as detailed information as possible. It is important to provide complete information and faithfully report any incidents or issues you consider to be relevant to data security. Move to next page using “Save and Continue” button.

Reasons for Project Closeout
On this page, please state the reason of the closeout by checking appropriate checkbox. More than one reason can be selected. You can also describe the reason or provide additional comments in the text box. Move to next page using “Save and Continue” button.

Review Closeout Application
Before completing this page, upon project close-out, the PI and all approved users agree to destroy all copies, versions, and derivations of the dataset(s) retrieved from NIH-designated controlled-access databases, on both local servers and hardware, and if cloud computing was used, delete the data and cloud images from cloud computing provider storage, virtual and physical machines, databases, and random access archives, except as required by publication practices, institutional policies, or law to retain them. The submitted closeout request is summarized in a PDF document provided as a link on the page. Please review the summary information and, if all is satisfactory, check the ‘I Agree' checkbox. Move to the next page using “File Report and the “Close Project” button.

The request will be submitted to the Signing Official (SO) of the project for approval. The SO is required to confirm the data destruction and insure retained data is encrypted, properly stored, and deleted at the appropriate time to comply with data security policies. If approved by the SO, the request will be sent to the Data Access Committee (DAC) for final approval. The project will be closed out after DAC approval is completed.

The dbGaP account could be suspended for many reasons, such as data use violation or late annual report. The most common reason is a result of overdue annual report. The primary PI's dbGaP account will be suspended if the year-end-renewal or project closeout request is not submitted 42 days after the project expiration date. Please see here for more information about the dbGaP project expiration date. When an account is suspended, the PI can still login to the account and review all the information in the account. The functions of making new data request and data download are disabled. The reason for account suspension is displayed in a prominent position in the account. The decision of suspending a PI's account can also made by the related Data Access Committees (DACs). If the suspension is because of an overdue year-end project renewal, the PI should renewal the project as soon as possible. Detailed instruction of project renewal can be found here. If the suspension is because of an overdue year end project renewal and the PI wishes to close out the project, detailed instruction of the close out process can be found here.

You would need to provide the full legal names and contact information for all additional investigators from your institution who will have access to the dataset(s). (Exclude trainees, who are covered under the NIH policy). By submitting names on this form, requestors and signing officials guarantee that these individuals have read and agreed to the terms, conditions, and statements of the respective Data Use Certification(s). Please note that collaborators from other institutions must submit a separate Data Access Request(s) for this project from their respective institution(s). All collaborators must be approved users before data can be shared. Coordinated requests by collaborating institutions should each use the same project title and should each complete this section in their respective applications.

Yes, you can. You would need to provide the full legal names and contact information for external collaborators (i.e., those employed outside Coprimary PI's institution). External collaborators should be listed in the external collaborator(s) section of the project request applications. Data exchange between all collaborators must be consistent with the NIH Security Best Practices for Controlled-Access Data Subject to the Genomic Data Sharing (GDS) Policy and GDS Policy. External collaborators must submit a project request with (1) the same project title and (2) a Research Use Statement and Cloud Use Statement, if applicable, that references the collaboration (for smaller collaborations, the name and institution of the collaborating PI(s) or for larger efforts, the consortium name).. You can revise your application to include such a statement if it hasn't been included. Please see here for more about how to revise and resubmit a dbGaP project.

The company that has contract with your institution is an external collaborator. They must submit a separate data access request since each data access request is specific to one institution: Please see here for more about external collaborators.

To add or remove collaborators from a dbGaP project, the Principal Investigator (PI) needs to revise and resubmit the project through the dbGaP system. Please see here for more details of how to revise and resubmit a dbGaP project.

The login passwords are managed directly through the NIH eRA system. Please see here for how to reset password.

1. Log into the dbGaP authorized access system using your eRA account login credentials.
2. As this will be your first time using the system, you will first be taken to a "Preferences" page where you will need to complete basic contact information (address, email address, etc.) needed by the dbGaP system. Once this is complete, you will not have to fill it out again to access the system in the future. Should your contact information change in the future, you can click on the “Preferences” link located in the cream-colored box located to the right of your “SO Projects” page, or click on the “My Profile” tab located near the top of the page.
3. After supplying the system with your contact information, you will be taken to the “SO Projects” page, which lists your queue of research applications needing review and approval.
4. To approve a request, simply click on the title of the request. You will then need to check the two boxes located in front of approval statements. Once this is done, click the "Approve and Submit to DAC" button. This will route the application to the appropriate NIH Data Access committee (DAC) for review.

The Signing Official (SO) for a dbGaP project can only be made by the Principal Investigator (PI). Please see here for more about how to make the change.