Why data sharing is important
Rare disease registries hold irreplaceable data. Hoarding it is not just bad for science, it is at odds with the fundamental mission of advocacy. Data that could benefit participants should be shared.
At the same time, sharing without governance, without consent coverage, security protections, and use restrictions, can harm participants and expose your organization to legal and reputational risk.
The goal is a principled sharing framework: maximally open within appropriate protections.
Data sharing frameworks
Federated analysis (no data transfer)
Researchers submit an analysis code that runs on your data behind your firewall; only aggregate results are returned. No individual-level data leaves your system.
Tools: OHDSI distributed network studies, PCORnet, TriNetX
Best for: Large queries where individual data transfer would be impractical; reduces privacy risk
Deidentified data sharing
Individual-level records, stripped of identifying information per HIPAA Safe Harbor or Expert Determination standards, are shared under a data use agreement.
Best for: Most registry research uses; wide applicability
Limitations: Some reidentification risk with rare diseases and rare variants; "deidentified" rare disease data is not as anonymous as common disease data
Controlled access (identified data)
Identified or potentially re-identifiable data shared only with approved researchers under strict DUA, subject to Data Access Committee review.
Best for: Genomic data; linkage studies; longitudinal matching
Implementation: Use access control systems like dbGaP or GA4GH Passport/Visa
Data repositories and sharing platforms
NIH repositories
-
dbGaP (Database of Genotypes and Phenotypes): NIH's primary controlled access repository for genomic and phenotypic data from human studies. NIH funded studies are increasingly required to deposit data here.
ncbi.nlm.nih.gov/gap -
NCBI BioProject / BioSample: For genomic sequence data
-
ClinVar: For variant-disease assertions
Global repositories
-
EGA (European Genome-phenome Archive): European equivalent of dbGaP; GDPR-native
ega-archive.org
Open data platforms
-
Synapse (Sage Bionetworks): Supports both open and controlled access sharing; widely used by participant led research
synapse.org -
Zenodo: General open data repository; appropriate for fully deidentified summary data
zenodo.org
Data sharing agreements
Every data sharing arrangement needs a Data Use Agreement (DUA) covering:
- Permitted uses of the data
- Prohibition on reidentification
- Data security requirements (encryption at rest and in transit, access controls)
- Prohibition on data redistribution without separate approval
- Publication notification requirements
- Data retention period and destruction upon expiration
- Reporting requirements (annual reports to your DAC)
FAIR data principles
FAIR stands for Findable, Accessible, Interoperable, and Reusable, a framework for maximizing the value of shared scientific data.
| Principle | What it means for your registry |
|---|---|
| Findable | Data is registered in a searchable repository; metadata is published |
| Accessible | Clear process for requesting access; metadata accessible even when data requires controlled access |
| Interoperable | Uses standard vocabularies (SNOMED, LOINC, HPO) and formats (FHIR, OMOP) |
| Reusable | Data use license is clear; provenance is documented |