Tag: data sharing statement

  • Clinical Trial Data Sharing Agreements vs MTAs

    A clinical trial data sharing agreement (DUA) governs personal, identifiable, or re-identifiable participant data and must address re-identification bans, data security safeguards, publication rights, and data disposal — none of which a Material Transfer Agreement (MTA), which governs tangible materials like biospecimens or reagents, is built to cover. Vivli’s own Data Use Agreement (DUA) and Data Contributor Agreement (DCA) templates show exactly where that line falls.

    A data sharing agreement clinical trial teams sign is not a relabelled MTA. A Data Use Agreement is a contract that defines the permitted purpose, security controls, and disposition of a dataset — particularly one derived from human research participants — whereas an MTA is a contract for the transfer of a physical or digital research material, such as a cell line, reagent, or software tool. Confusing the two during contract negotiation is one of the most common causes of delay in secondary-use clinical research.

    What is a clinical trial data sharing agreement?

    A clinical trial data sharing agreement, usually called a Data Use Agreement (DUA) or Data Sharing Agreement (DSA), is the written contract that governs how a named recipient may access, analyse, and eventually dispose of a clinical dataset. The UK Health Research Authority defines a DSA as “a written agreement put in place to govern the sharing of personal data between two or more independent data controllers,” used to demonstrate accountability under UK GDPR.

    Since 1 January 2019, the International Committee of Medical Journal Editors (ICMJE) has required manuscripts reporting clinical trial results to include a data sharing statement describing whether individual participant data will be shared and on what terms — a policy that pushed data sharing agreements from a niche pharma practice into a routine requirement across academic clinical research.

    How does a DUA differ from a Material Transfer Agreement?

    An MTA transfers a physical or digital research asset and protects the provider’s intellectual property in that asset. A DUA transfers a dataset — frequently one derived from human participants — and protects the privacy interests of the people the data describes. The two documents solve different legal problems and are not interchangeable.

    The table below sets out where the two document types diverge, plus where Vivli’s Data Contributor Agreement (DCA) sits as a third, related-but-distinct instrument.

    Document Who signs What it governs Clauses an MTA typically lacks
    Material Transfer Agreement (MTA) Provider institution and recipient institution Transfer of a tangible/digital research material (biospecimen, reagent, software)
    Data Use Agreement (DUA) / DSA Data requestor (and their institution) and data controller/repository Access to and analysis of a dataset, often participant-level Re-identification prohibition, security safeguards, IRB/ethics consistency, disposal terms, publication review
    Data Contributor Agreement (DCA) Data-contributing institution’s Principal Investigator and the repository Deposit of a dataset into a repository for future re-use Contributor warranties on consent scope, anonymisation obligations pre-deposit, ongoing stewardship terms

    What must Vivli’s Data Use Agreement cover beyond an MTA?

    Vivli, an independent non-profit clinical data-sharing platform, requires every data requestor to complete data access training and execute a DUA before receiving a data package. Vivli states plainly that its DUA “is the product of extensive negotiation with the organizations that contribute data to Vivli, and as such, the agreement is non-negotiable” — a governance stance an MTA rarely takes, since MTAs are typically negotiated bilaterally per transfer.

    Vivli’s DUA process illustrates the additional clauses a data-sharing contract must carry:

    • Purpose limitation — the approved Final Research Plan is appended as Exhibit A to the executed DUA, binding use of the data to that specific, reviewed proposal.
    • Independent review — requests pass through an administrator check, a data-contributor feasibility check, and an Independent Review Panel or Scientific Committee before the DUA is issued.
    • Controlled environment access — rather than transferring a copy of the dataset outright, Vivli grants access inside a secure cloud research environment; under Vivli’s 2025 pricing, a Standard Research Environment carries no charge for 365 days (then $12/day), while a Premium Research Environment carries no charge for 90 days (then $25/day).
    • Execution mechanics — the DUA is issued and signed via DocuSign, with Vivli reviewing the completed form before routing it to the institutional signatory, a workflow built specifically around dataset access rather than physical shipment.

    None of these mechanisms — purpose-bound exhibits, independent scientific review, environment-based access instead of physical custody, or a non-negotiable master template — are standard features of an MTA, which typically just fixes shipment terms, permitted derivatives, and IP ownership over any resulting invention.

    How does Vivli’s Data Contributor Agreement differ from the DUA?

    The Data Contributor Agreement (DCA) is the mirror-image document to the DUA: where the DUA governs the requestor receiving data, the DCA governs the institution depositing it. Vivli requires the DCA to be “read, understood and signed by the Principal Investigator” of the contributing study before any dataset is uploaded to the platform.

    The distinction matters operationally. The University of California, San Francisco Library reports holding “a signed master Data Contributor Agreement with Vivli,” under which its researchers’ deposits are covered up to a set data volume before additional terms apply — evidence that a DCA is negotiated once, institution-wide, while a DUA is executed per data request. A research administration office that treats the DCA and DUA as the same document risks routing a contributor’s deposit through requestor-side review, or vice versa, causing avoidable delay.

    Common questions on clinical trial data sharing agreements

    What is the difference between a data use agreement and a material transfer agreement?

    A Data Use Agreement governs access to a dataset, typically one derived from human participants, and must address re-identification, security, and disposal. A Material Transfer Agreement governs the transfer of a physical or digital material and focuses on intellectual property and permitted derivatives. The two are not interchangeable substitutes.

    Is a Vivli Data Use Agreement negotiable?

    No. Vivli states its DUA is non-negotiable, describing it as “the product of extensive negotiation” already conducted with contributing organisations. Individual data requestors sign the standard template as issued, with only the Exhibit A research plan varying per approved request, rather than negotiating bespoke clauses institution by institution.

    Who signs a Vivli Data Contributor Agreement?

    The Principal Investigator of the contributing study signs the Data Contributor Agreement, alongside their institution where a master agreement is not already in place. This differs from the DUA, which is signed by the data requestor seeking access, making the DCA the deposit-side counterpart to the DUA’s access-side terms.

    Does a clinical trial always need a data sharing statement?

    Under the ICMJE policy effective from 1 January 2019, trials must register a data sharing statement describing whether individual participant data will be shared as a condition of publication in ICMJE-member journals. The statement does not replace the underlying DUA — it discloses intent; the DUA is the enforceable contract that follows.

    Implications for research administrators

    Research offices that template their clinical trial contracts around a single generic MTA risk drafting a document that omits mandatory data-protection clauses, then discovering the gap only when a sponsor or repository rejects the paperwork. Building separate templates — one for material transfer, one for data access as requestor, one for data contribution as depositor — mirrors how Vivli, the HRA, and the ICO already structure their own agreements.

    As data sharing statements become a routine publication requirement under ICMJE policy, institutions that pre-negotiate master DUA and DCA terms with major repositories, in the way UCSF has done with Vivli, will clear individual data requests faster than those renegotiating contract language on every trial. The practical lesson from Vivli’s model is that a data sharing agreement is not a variant of an MTA — it is a distinct instrument with its own review pathway, execution mechanics, and disposal obligations, and treating it as one is what causes avoidable delay for research administration offices managing multi-site data requests.

  • Data Sharing Statement: ICMJE vs Journal Rules

    The ICMJE requires clinical trial manuscripts to carry a data sharing statement declaring whether individual participant data (IPD) will be shared, what data, when, and under what access conditions — but it does not require the data itself to be shared. Journals then layer their own rules on top of this baseline, and those rules diverge sharply: some merely echo ICMJE wording, others (notably The BMJ) mandate deposit at publication. A data sharing statement is a structured declaration, published alongside a clinical trial report, that specifies the existence, location and access terms of the underlying participant-level dataset.

    What does ICMJE actually require?

    The International Committee of Medical Journal Editors’ Recommendations for the Conduct, Reporting, Editing, and Publication of Scholarly Work in Medical Journals has required a data sharing statement for every clinical trial manuscript since 1 July 2018. The requirement is definitional, not aspirational: manuscripts reporting a clinical trial must include a statement addressing data sharing plans, and this statement must be included in the registered trial record for trials that began enrolling participants on or after 1 January 2019.

    Crucially, ICMJE does not mandate that IPD actually be shared. It mandates transparent disclosure of the sharing plan — including a legitimate “no” — so that readers, editors, and future researchers know exactly what to expect from a given trial’s dataset. This distinction is the single most misunderstood point in author guidance, and it is the reason journal policies vary so widely: ICMJE sets a disclosure floor, not a sharing floor.

    How do journal policies diverge from the ICMJE baseline?

    Most general medical journals state that they “follow” or “endorse” ICMJE recommendations, but the practical requirements imposed on authors range from a simple declaration to a binding deposit obligation. The table below compares four ICMJE-member journals against the ICMJE baseline itself.

    Source Declaration required IPD sharing mandatory Typical timing
    ICMJE baseline Yes — five-element statement No — disclosure only Plan filed at trial registration (trials enrolling from 1 Jan 2019)
    The BMJ Yes, plus analysis code Yes, for Tier 1 journals — anonymised IPD required at publication (from 1 May 2024) At time of publication
    The Lancet Yes, endorses ICMJE wording No — encouraged via controlled access Commonly from 2 years post-publication, no fixed end date
    NEJM Yes — plan filed with submission No — favours sharing with data scientists on request Set out in the filed plan
    JAMA Network Yes — extended to all research reports, not only trials No — stated intent does not affect editorial decisions Author-defined

    The practical effect is a compliance gradient. An author who has met ICMJE’s disclosure requirement has not automatically met The BMJ’s Tier 1 deposit requirement, and a statement accepted by JAMA for a non-trial research report would not necessarily satisfy the trial-specific registration rule that ICMJE applies only to clinical trials.

    The five elements a compliant statement must address

    Journal submission systems increasingly convert free-text author input into a structured statement. Whatever the interface, ICMJE guidance implies five elements that a clinical trial data sharing statement should cover:

    • Whether individual de-identified participant data will be shared — a definite yes or no, not a hedge.
    • What data will be shared — the full dataset, specific variables, or statistical code.
    • Related documents — whether the protocol, statistical analysis plan, or informed-consent form will also be made available.
    • When access begins and ends — a start date and, where relevant, an end date or “no end date” statement.
    • Access criteria — who may request the data, for what purposes, and through which mechanism (repository, data access committee, or corresponding-author request).

    Omitting any one of these five elements is the most common reason editorial offices return a “data availability statement” for revision before it can proceed to peer review.

    The 2019 trial-registration rule authors often miss

    ICMJE’s registration requirement is easy to overlook because it sits upstream of manuscript submission. For any trial that began enrolling participants on or after 1 January 2019, the data sharing plan must appear in the trial’s registry record itself — for example on ClinicalTrials.gov — not only in the eventual manuscript. If the plan changes between registration and publication, ICMJE requires the change to be noted in both the published statement and the registry record.

    Authors who register a trial without a data sharing field, then attempt to add a compliant statement only at manuscript submission years later, frequently discover that the registry record cannot be reconciled retrospectively without a formal amendment. This is a process failure, not a wording failure, and it is the single largest source of avoidable non-compliance in the studies CASRAI has reviewed.

    Common questions about ICMJE data sharing statements

    How to write a data sharing statement?

    State clearly whether individual participant data will be shared, what data and related documents are included, when access opens (and closes, if applicable), and the access criteria and mechanism. Draft the wording to match your target journal’s submission-system prompts, since most convert structured answers directly into the published statement.

    What is an example of a data access statement?

    A typical ICMJE-compliant example: “De-identified individual participant data will be available beginning two years after publication, with no end date, to researchers who provide a methodologically sound proposal, via [named repository].” This single sentence satisfies the what, when, and access criteria elements ICMJE expects.

    What is the meaning of data statement?

    A data statement — also called a data availability statement or data sharing statement — is a published declaration specifying whether the data underlying an article exists, where it is held, and how another researcher can obtain it. For clinical trials, ICMJE requires this declaration to cover five specific elements, not a general availability claim.

    What are the three types of data sharing?

    In scholarly publishing, the response types an ICMJE-compliant statement typically selects from are: open deposit in a public repository, controlled access through a data access committee, and sharing on reasonable request to the corresponding author. Each carries different timing and access-criteria wording under the five-element framework.

    What this means for authors, editors and institutions

    For corresponding authors, the practical task is twofold: satisfy ICMJE’s disclosure floor at registration and manuscript stages, then check the target journal’s own tier or policy for anything stricter — deposit timing, code-sharing, or scope beyond trials. Research administration offices supporting authorship and compliance workflows are well placed to build this check into pre-submission review, since the registration-stage requirement is easy to miss and hard to fix after the fact.

    As more journals move toward BMJ-style mandatory deposit, the gap between the ICMJE floor and individual journal ceilings is likely to widen rather than close. Authors, institutions and publishers should treat the ICMJE statement as the minimum compliance baseline, not the finish line, and verify journal-specific requirements — ideally cross-checked against a standards dictionary entry — before submission rather than after a revision request.