EpilepsyLive ✉ Suggest a correction
Demonstration and educational project by Danielle Boyce. Not medical, legal, or regulatory advice. Sample and template language is provided for illustration and must be reviewed and adapted before any real use. Not affiliated with, endorsed by, or representing any advocacy group, registry, company, or institution named.
Module 18 of 19Part 6 · Using Your Data

Data Sharing

Goal: Develop a data sharing framework that maximizes the scientific value of your registry while protecting participant privacy and your organization's interests.

Why data sharing is important

Rare disease registries hold irreplaceable data. Hoarding it is not just bad for science, it is at odds with the fundamental mission of advocacy. Data that could benefit participants should be shared.

At the same time, sharing without governance, without consent coverage, security protections, and use restrictions, can harm participants and expose your organization to legal and reputational risk.

The goal is a principled sharing framework: maximally open within appropriate protections.

Data sharing frameworks

Federated analysis (no data transfer)

Researchers submit an analysis code that runs on your data behind your firewall; only aggregate results are returned. No individual-level data leaves your system.

Tools: OHDSI distributed network studies, PCORnet, TriNetX
Best for: Large queries where individual data transfer would be impractical; reduces privacy risk

Deidentified data sharing

Individual-level records, stripped of identifying information per HIPAA Safe Harbor or Expert Determination standards, are shared under a data use agreement.

Best for: Most registry research uses; wide applicability
Limitations: Some reidentification risk with rare diseases and rare variants; "deidentified" rare disease data is not as anonymous as common disease data

Controlled access (identified data)

Identified or potentially re-identifiable data shared only with approved researchers under strict DUA, subject to Data Access Committee review.

Best for: Genomic data; linkage studies; longitudinal matching
Implementation: Use access control systems like dbGaP or GA4GH Passport/Visa

Data repositories and sharing platforms

NIH repositories

  • dbGaP (Database of Genotypes and Phenotypes): NIH's primary controlled access repository for genomic and phenotypic data from human studies. NIH funded studies are increasingly required to deposit data here.
    ncbi.nlm.nih.gov/gap

  • NCBI BioProject / BioSample: For genomic sequence data

  • ClinVar: For variant-disease assertions

Global repositories

  • EGA (European Genome-phenome Archive): European equivalent of dbGaP; GDPR-native
    ega-archive.org

Open data platforms

  • Synapse (Sage Bionetworks): Supports both open and controlled access sharing; widely used by participant led research
    synapse.org

  • Zenodo: General open data repository; appropriate for fully deidentified summary data
    zenodo.org

Data sharing agreements

Every data sharing arrangement needs a Data Use Agreement (DUA) covering:

  • Permitted uses of the data
  • Prohibition on reidentification
  • Data security requirements (encryption at rest and in transit, access controls)
  • Prohibition on data redistribution without separate approval
  • Publication notification requirements
  • Data retention period and destruction upon expiration
  • Reporting requirements (annual reports to your DAC)

FAIR data principles

FAIR stands for Findable, Accessible, Interoperable, and Reusable, a framework for maximizing the value of shared scientific data.

Principle What it means for your registry
Findable Data is registered in a searchable repository; metadata is published
Accessible Clear process for requesting access; metadata accessible even when data requires controlled access
Interoperable Uses standard vocabularies (SNOMED, LOINC, HPO) and formats (FHIR, OMOP)
Reusable Data use license is clear; provenance is documented

go-fair.org

Key resources

← Module 17 | Module 19: Publications →