AADOCR Response to Draft NIH Controlled-Access Data Policy and Proposed Revisions to NIH Genomic Data Sharing Policy

March 18, 2026
 

Lyric Jorgenson, PhD
Office of Science Policy,
National Institutes of Health,
6705 Rockledge Drive, Suite 630,
Bethesda, MD, 20817

Re: Request for Information on Draft NIH Controlled-Access Data Policy and Proposed Revisions to NIH Genomic Data Sharing Policy.

via website: https://osp.od.nih.gov/comment-form-draft-nih-controlled-access-data-policy-and-proposed-revisions-to-nih-genomic-data-sharing-policy/ 

The American Association for Dental, Oral, and Craniofacial Research (AADOCR) is the leading professional community for multidisciplinary scientists who advance dental, oral, and craniofacial research. We appreciate AADOCR appreciates National Institutes of Health (NIH)’s efforts to establish harmonized, transparent, and risk-proportionate requirements for protecting human participant research data while enabling responsible data sharing. To respond to this request for comments, AADOCR engaged its Science Information Committee.

We support the NIH’s goals to clarify which data types should be shared via controlled-access systems under NIH sharing policies, and to simplify and harmonize requirements by revising the NIH Genomic Data Sharing Policy. The dental, oral, and craniofacial (DOC) research ecosystem includes data modalities that carry unique privacy risks (e.g., high-dimensional imaging, facial morphology, longitudinal dental EHR data, oral microbiome paired with clinical phenotypes). Harmonized controlled-access expectations will be particularly valuable for DOC datasets where re-identification risk may be underestimated if decisions rely solely on de-identification labels rather than data type and context. NIH’s existing guidance on when data may warrant controlled access under the DMS framework is an important foundation; AADOCR supports NIH’s emphasis that privacy risk can remain even when data are de-identified.

1. Availability of established repositories for implementing the proposed Controlled-Access Data Policy
NIH has invested in controlled-access repository capacity and best practices. However, an expanded controlled-access requirement will likely strain capacity and introduce new operational burdens for disciplines that rely heavily on imaging and clinical systems data, including DOC research. AADOCR recommends the NIH (i). address repository capacity for high-volume, high-dimensional data, this is essential as DOC research increasingly relies on large imaging files and therefore controlled-access storage and compute must scale accordingly, (ii). provide standardized repository intake templates (metadata requirements, consent elements, IRB language examples) to reduce burden on smaller institutions, and (iii). fund training and implementation support for disciplines with less experience using controlled-access systems.

The National Institute of Dental and Craniofacial Research (NIDCR) Data-Driven Science (DDS) Hub serves as a centralized resource to scientific data, biospecimens and other experimental materials, and tools that support data science–driven research and training. AADOCR recommends NIH leverage the DDS Hub to: (i) help investigators identify appropriate data sources, repositories, and analytic resources; (ii) promote high-quality data generation and FAIR-aligned practices; and (iii) expand training and support for data science–enabled DOC research. Although the DDS Hub is not a controlled-access repository, it can play a critical role by helping the NIH community navigate repository options and evolving compliance expectations as controlled-access requirements expand.

2. Appropriateness of the protected data types designated to be controlled-access
AADOCR supports NIH’s approach of designating certain sensitive data types as controlled-access and recommends the explicit mention of facial/craniofacial and dental imaging as high-risk modalities. In DOC research, imaging often contains face-identifying or uniquely identifying anatomy, therefore, NIH should ensure that the Controlled-Access Data Policy clearly encompasses (i). facial photographs and 3D facial images, (ii). CT/CBCT imaging that includes facial structures, and (iii). longitudinal imaging series that can be linked across time. These modalities warrant controlled access due to re-identification potential and sensitivity, especially when linked with clinical histories and demographics.

AADOCR also supports clear definitions and examples for common gray areas. This may include terms such as:

i. Imaging data: differentiate low-risk derived measures versus high-risk raw images,
ii. Clinical trial data: clarify what can be open versus what should be controlled,
iii. High-dimensional molecular data: clarify boundaries between controlled-access “omics” and lower-risk summaries.

Additionally, AADOCR recommends NIH avoid thresholds that may quickly become obsolete as technologies evolve. AADOCR supports a risk-based, context framework that (i). considers identifiability, uniqueness, and linkage potential including whether the dataset is combined with clinical/demographic variables, imaging, geolocation, or rare disease status and (ii). provides decision support examples illustrating when smaller analyte sets still pose meaningful risk (e.g., rare variants, distinctive biomarker panels paired with clinical phenotypes).

3. Proposed updates to the GDS Policy for imputation servers: maintaining privacy of servers and reference panels
AADOCR supports NIH’s focus on maintaining privacy protections for imputation servers and reference panels while enabling responsible scientific use. AADOCR recommends NIH explicitly encourage and/or pilot validated privacy-enhancing and secure-compute strategies that reduce risk without compromising scientific utility. Additionally, AADOCR recommends NIH recommended minimum security controls for institutions accessing controlled-access data, consistent with NIH security best practices expectations.

AADOCR appreciates NIH’s commitment to harmonizing controlled-access designations and simplifying genomic data sharing requirements while strengthening participant protections. AADOCR would welcome continued engagement as NIH refines these policies and develops implementation guidance.

If you have any further questions, please contact Dr. Makyba Charles-Ayinde, Director of Science Policy, at @email.

Sincerely,