PROWL LASIK Data Sharing Policy


The Biomedical Research Informatics Computing System, or BRICS, is a comprehensive but customizable bioinformatics system designed for every stage of your research. A modular, web-based system, BRICS makes the performance of research studies and clinical trials faster, simpler, and more collaborative. It was developed to promote collaboration, accelerate research, and advance knowledge on the characterization, prevention, diagnosis and treatment of various diseases. BRICS provides a common platform and standardized format for data collection, retrieval and archiving, while allowing for flexibility in data entry and analysis. 

Approval to access PROWL data from the Biomedical Research Informatics Computing System (BRICS) is for research purposes only. Although Personally Identifiable Information (PII) is not included in this dataset, patient level data is included. Therefore, approved users are expected to protect data privacy, confidentiality, and security. Approved users agree not to share data with others unless those users also sign the Data Use Agreement (DUA). Approved users also agree to not release the data onto other public websites. In the event that requests, or data usage raise concerns or violate the DUA with respect to privacy and confidentiality, risks to populations, groups or study participants, or other relevant concerns, the NEI will consult with other experts as appropriate and take steps appropriate to the violation of the DUA.

Expectations Defined in the Data Sharing Policy for Investigators

The detailed expectations are enumerated in the individual sections of this data sharing policy, and summarized as follows:

Investigators submitting BRICS data are expected to:

  • Submit a Data Submission Form, providing assurance that all data are submitted in accord with applicable laws and regulations, and that the identities of research participants will not be disclosed to the BRICS Informatics System; and
  • Upload ALL data to BRICS on a regular basis.

Investigators requesting and receiving BRICS data are expected to:

  • Submit a Data Use Agreement;
  • Protect data confidentiality;
  • Ensure that data security measures are in place;
  • Not share with individuals or make accesible via public websites any of the data from datasets obtained from the BRICS Informatics System;
  • Notify the Data Access and Quality Committee of policy violations;
  • Submit progress reports if requested; and
  • Include acknowledgements of the BRICS Informatics System in all publications and presentations.


Oversight and Governance of BRICS

BRICS Data Sharing Policy addresses (1) data sharing procedures, (2) data access principles, and (3) issues regarding the protection of research participants during the submission of, storage of, and access to data within the BRICS Informatics System. The goal of the policy is to advance science for the benefit of the public through the creation of a centralized Federal data repository for research information. The principles contained in this policy were developed by the BRICS Policy Committee and are consistent with existing NIH polices on data sharing. The NIH recognize that scientific, ethical, and societal issues relevant to this policy are evolving, and have established a Policy Committee to oversee implementation and data use practices. The agencies will revisit and revise the policy and related practices as appropriate.

Data Management

Protecting Research Participants

The potential for public benefit to be achieved through sharing research data is significant. However, the broad data distribution goals of BRICS highlight the importance of protecting the privacy of the research participants and the confidentiality of their data. BRICS Data Sharing Policy includes steps to protect the interests and privacy concerns of individuals, families, and identifiable groups who participate research. The informed consent process is a critical step and subject consent forms in prospective studies should include language similar to the following:

“All links with your identity will be removed from the data before they are shared. Only de- identified data which do not include anything that might directly identify you will be shared with BRICS users and the general scientific community for research purposes.”

For retrospective studies conducted before the development of BRICS, the agencies anticipate considerable variation in the extent to which data sharing and future research have been addressed within the informed consent documents. The submitting institution will determine whether a study is appropriate for submission to BRICS (including an Institutional Review Board (IRB) and/or Privacy Board review of specific study elements, such as participant consent). Some studies may require additional consent of the research participants. To ensure the security of the data held in the Informatics System, the CIT will employ multiple tiers of data security based on the content and level of risk associated with the data. BRICS will establish and maintain operating policies and procedures to address issues including, but not limited to, the privacy and confidentiality of research participants, the interests of individuals and groups, data access procedures, and data security mechanisms. These will be reviewed periodically by the BRICS oversight bodies as appropriate.

Non-Research Use of Data

As agencies of the Federal Government, the NIH are required to release Government records in response to a request under the Freedom of Information Act (FOIA), unless they are exempt from release under one of the FOIA exemptions. Although the BRICS-held data will be coded, and the NIH will not hold direct identifiers to individuals within the BRICS Informatics System, the agencies recognize the personal and potentially sensitive nature of the genotype-phenotype data. The NIH believe that release of un-redacted BRICS datasets in response to a FOIA request would constitute an unreasonable invasion of personal privacy under FOIA Exemption 6, 5 U.S.C.§ 552 (b)(6). Therefore, among the safeguards that the agencies foresee using to preserve the privacy of research participants and confidentiality of genetic data are the redaction of individual-level genotype, phenotype, and other clinical data from disclosures made in response to FOIA requests and the denial of requests for un-redacted datasets.

In addition, the NIH acknowledge that legitimate requests for access to data made by law enforcement offices to BRICS may be fulfilled. The NIH will not possess direct identifiers within the BRICS Informatics System, nor will the agencies have access to the link between the data code and the identifiable information that may reside with the primary investigators and institutions for particular studies. The release of identifiable information may be protected from compelled disclosure by the primary investigator’s institution if a Certificate of Confidentiality is or was obtained for the original study. The NIH explicitly encourage investigators to consider the potential appropriateness of obtaining a Certificate of Confidentiality ( as an added measure of protection against future compelled disclosure of identities for studies planning to collect genome-wide association data. These confidentiality provisions may not apply to military subjects’ chains of command.

Data Submission

NIH-supported human research studies—including both intramural and extramural studies—may be required to deposit data into the BRICS Informatics System. Research studies funded by other agencies and groups may also deposit data into the BRICS Informatics System, pending review by the BRICS Policy Committee in collaboration with the external funding source on a case-by-case basis, deferring to pre-existing policies, regulations, and constraints. Investigators applying for funding from participating agencies will be asked to include a data sharing plan consistent with BRICS policy as part of their application and are expected to use the CORE Common Data Elements (CDEs) at a minimum.

BRICS Operations team will work with researchers to map their study variables to specific CDEs. In addition, BRICS will consult with researchers to ensure the formats of the CDEs collected are compatible with the BRICS Informatics System. In addition to CDE variables, BRICS will accept raw data from imaging, biomarker, or physiologic studies, additional supporting documentation as follows:

  • the study protocols;
  • manual of operations;
  • variables measured;
  • case report forms; and
  • other relevant documents.

All data and information will be submitted to a high security network within the CIT through a secure transmission process, including the supporting documentation:

Data submitted to the BRICS Informatics System will be de-identified such that the identities of data subjects cannot be readily ascertained or otherwise associated with the data by the BRICS staff or secondary data users. In addition, de-identified data will be coded using a unique code known as a Global Unique Identifier (GUID). Use of the GUID minimizes risks to study participants because it keeps one individual’s information separate from that of another person without using names, addresses, or other identifying information. The unique code also allows BRICS to link together all submitted information on a single participant, giving researchers access to information that may have been collected elsewhere. The GUID is a computer-generated alphanumeric code [example: 1A462BS] that is unique to each research participant (i.e., each person’s information in BRICS—or each subject’s record—has a different GUID). BRICS will assist investigators in how to create the GUID, which is an essential requirement for uploading data to BRICS.

Investigators submitting datasets to BRICS are expected to certify that an appropriate IRB has considered such risks and that the data have been de-identified in accordance with NIH regulations before the data are submitted. In addition, in the event that requests raise questions or concerns related to privacy and confidentiality, risks to populations or groups, or other relevant topics, the BRICS Data Access and Quality Committee (DAQC) will consult with other experts as appropriate.

Submissions of data to BRICS shall be accompanied by a certification signed by the Principal Investigator to assure that:

  • The data submission is consistent with all applicable laws and regulations, as well as institutional policies;
  • The appropriate research uses of the data and the uses that are explicitly excluded by the informed consent documents are delineated;
  • The identities of research participants will not be disclosed to the BRICS Informatics System; and
  • An IRB of the submitting institution and/or Privacy Board, as applicable, reviewed and verified that:
    • The submission of data to the BRICS Informatics System and subsequent sharing for research purposes are consistent with the informed consent of study participants from whom the data were obtained;
    • The investigator’s plan for de-identifying datasets is consistent with the standards outlined above;
    • The risks to individuals, their families, and groups or populations associated with data submitted to the BRICS Informatics System have been considered; and
    • The genotype and/or phenotype data to be submitted were collected in a manner consistent with NIH regulations and policies.

While the agencies expect data sharing through this policy, circumstances beyond the control of investigators may preclude submission of research data to the BRICS Informatics System.

Applications submitted to these agencies for support of research in which the above expectations for data submission cannot be met will be considered for funding on a case-by-case basis by the relevant agency. Investigators are encouraged to submit a short list of planned papers on primary and secondary study objectives to their science officers when negotiating data sharing requirements.

Submitting investigators and their institutions may use the GUID as a means to request removal of data on individual participants from the BRICS Informatics System in the event that a research participant withdraws his/her consent. However, data that have been distributed for approved research use will not be retrieved.

BRICS Data Access

BRICS will provide descriptive summary information of submitted data for general public use. Investigators and institutions seeking  data from the BRICS Informatics System will be expected to meet data security measures (such as physical security, information technology security, and user training) and will be asked to submit a Data Access Request that is signed by the investigator. Users will agree, among other things, to:

  • Use the data only for their personal use;
  • Protect data confidentiality;
  • Follow appropriate data security protections;
  • Follow all applicable laws, regulations and local institutional policies and procedures for handling BRICS data;
  • Not attempt to identify individual participants from whom data within a dataset were obtained;
  • Not sell any of the data elements from datasets obtained from the BRICS Informatics System;
  • Not share with individuals any of the data from datasets obtained from the BRICS Informatics System;
  • Agree to report, in real time, violations of the BRICS Data Sharing Policy to the NEI;
  • Adhere to the BRICS Data Sharing Policy below with regard to publication; and
  • Provide progress reports on research using BRICS data if requested.



The NIH strongly encourage collaboration, but at a minimum all investigators who access BRICS data are expected to acknowledge the funding organization(s) that supported their work, the Contributing Investigator(s) who conducted the original study, and the BRICS Informatics System in all resulting presentations, disclosures, or publications of the analyses. Data Recipients should submit manuscripts to NEI for administrative review at least four weeks prior to submission for publication. This review is not a scientific review, but an administrative review to ensure that the terms of the user agreement have been met, the description of BRICS procedures are accurately identified, and BRICS and the original researchers are appropriately acknowledged. These administrative reviews will take no longer than two weeks.



Specific questions about this policy should be directed to: Office of BRICS Operations

National Institutes of Health, Center for Information Technology (CIT) Building 12A

12 South Dr. RM 2041

Bethesda, MD 20892