The goal of the Final NIH Policy for Data Management and Sharing is to “maximize the appropriate sharing of scientific data.” Shared data should be of sufficient quality to validate and replicate research findings, regardless of whether the data are used to support scholarly publications.” The policy “does not create a uniform requirement to share all scientific data” in order to preserve “necessary flexibility,” but makes several key suggestions including that:

1. Any limitations on subsequent uses of data should be communicated to sharing platforms; and
2. Access to scientific data should be “controlled, even if de-identified and lacking explicit limitations on subsequent use” and the policy “strongly encourages the use of established repositories to the extent possible.”

It also emphasizes that nothing in the policy is intended to prevent sharing practices “consistent with consent practices, established norms, and applicable law” including open-sharing to speed scientific progress.

Under the NIH Pragmatic Trials Collaboratory Data Sharing Policy investigators must share, at a minimum, a final de-identified research data set upon which the accepted primary pragmatic trial publication is based. They must also choose the least restrictive method for sharing of research data that provides appropriate protection for participant privacy, health system privacy, and scientific integrity.

The goal of the HEAL Public Access and Data Sharing policy is to ensure that “underlying primary data should be made as widely and freely available as possible while safeguarding the privacy of participants and protecting confidential and propriety data.” Just like the Collaboratory policy, it defines “underlying primary data” as those used to support publications. Although not “proscriptive,” it suggests that primary data should be made “broadly available through an appropriate data repository…” It states that an “appropriate” data sharing plan includes that data should be de-identified (as defined by HIPAA), but that de-identified data that “contain sensitive information” be additionally deposited in controlled-access repositories. There is no definition included for sensitive information, but the goal of the requirement was to give an additional layer of protection for potentially stigmatizing information.