Accessing Restricted-use Data

What are Restricted-use Data?

Restricted-use data are distributed when removing potentially identifying information from a dataset would significantly impair its analytic potential. NAHDAP includes restricted-use data in its holdings.

Since restricted-use files (RUFs) retain more than minimal risk for reidentification of a research subject and potential harm through use of the data, access to RUFs is granted through controlled conditions to vetted researchers who meet the application requirements. Researchers who apply to access restricted-use data should expect the application review process to take 2-4 weeks on average.

Helpful Links for Accessing Restricted-use Data:

Methods of Accessing Restricted-use Data

NAHDAP offers three methods of restricted-use data access:

  • Secure dissemination – Data are encrypted and delivered via download link. When the application is approved, the researcher receives a temporary link and password to download the restricted-use files to the secure location approved in their application.
  • Virtual Data Enclave (VDE) – Data remain on ICPSR’s servers and are accessed and analyzed by the researcher virtually via a remote desktop connection. Researchers are prohibited from moving files between the remote desktop to their own desktop or to the Internet. Researchers must request that NAHDAP staff review their output prior to removing any information from the VDE.
  • Physical Data Enclave (PDE) – Data remain on ICPSR’s servers and are accessed and analyzed on a machine physically located at ICPSR’s offices in Ann Arbor, MI. NAHDAP staff review output for disclosure risk prior to transferring results to the researcher.

Requesting Access to Restricted-use Data

For studies with RUFs, information that the data are restricted is in the Notes on the study download web page as shown below. Researchers should use the “Access Restricted Data” button to connect to the online application system.

Researchers (and their institutions) apply for access to restricted-use data utilizing the secure dissemination option via the online ICPSR Data Access Request System using the link provided on the study’s download web page.

The online application requires:

  • Name, department, and title of Investigator (i.e., the lead researcher on the project using the restricted-use data)
  • Description of the proposed research that supports need to access the restricted-use data
  • Name, email address, computer make/model, and location of data access for all Research Staff
  • List of data files requested
  • Requested data format (SAS, SPSS, Stata, tab-delimited ASCII or fixed-field ASCII with setups)
  • Confidential Data Security Plan (for information on what plans NAHDAP accepts, please refer to ICPSR’s Confidential Data Security Plans for Secure Download Data page).
  • Institutional Review Board approval or exemption for the research project from the Investigator’s institution
  • A signed Restricted Data Use Agreement (RDUA)
  • In some cases, a Curriculum Vitae (CV)/resume/NIH biosketch for the Investigator and each Research Staff member is required
  • Pledges of Confidentiality from the Investigator and each Research Staff member

Once the request has been approved, the application materials above become officially incorporated into the RDUA.

The Investigator is responsible for notifying NAHDAP of any changes in his or her Institution or changes in the Research Staff with access to the data, including a change in Institution of Research Staff. Note: a change in Institution by the Investigator terminates the existing RDUA. A new RDUA must be established with the Investigator’s new Institution.

Applications are reviewed by NAHDAP staff for approval. If approved, the restricted-use data are made temporarily available for secure download.

Confidential Data Security Plan (Secure Dissemination)

Since researchers take possession of the restricted-use data, researchers must have a secure environment for using and storing the restricted-use files.

All members of the Research Staff with approved access to the restricted-use data are also legally obligated to follow all aspects of the Confidential Data Security Plan.

Data security requirements cover:

  • Computer system base configuration: operating system, patches, and hardware location
  • Prevention of unauthorized use: factors to ensure access only to researchers named in the application
  • Malware/botware/virus protection: software installed is supported and kept up-to-date
  • Loss/theft protection: use of real-time encryption and secure electronic and physical storage of the restricted-use dataset, any derivatives, temporary files, and printouts.
  • Disclosure review: required disclosure risk review of output and restrictions on merging the RUF with any data not listed and approved by ICPSR in the data use agreement.
  • Adherence to security protocols: access log auditing, renewal or termination of data use agreement, ensuring all Research Staff follow security protocols
  • Backups: RUF and project files are excluded from backups, syntax files are encrypted and securely stored
  • End of project: secure erasure of all restricted-use files (including temporary files, extracts, and derivatives) and notarized affidavit attesting that this was done.

Researchers (and their institutions) apply for access to restricted-use data in the VDE through the ICPSR VDE Management System using the link provided on the study’s download web page. Applicants are encouraged to view our VDE Guide

The online application requires:

  • Name, department, and title of Investigator (i.e., the lead researcher on the project using the restricted-use data)
  • Description of the proposed research that supports need to access the restricted-use data
  • List of data files requested
  • A signed Restricted Data Use Agreement (RDUA)
  • Data Security Plan (Attachment A of RDUA)
  • CV/resume/NIH biosketch for the Investigator and each Research Staff member that will access the VDE
  • Institutional Review Board approval or exemption for the research project from the Investigator’s institution
  • User information about each research team member who will access the data in the VDE

Once the request has been approved, the application materials above become officially incorporated into the RDUA.

Documentation associated with restricted-use files is typically freely available for download by the general public. Documentation includes the study metadata as well as any codebooks, questionnaires, user guides, or other supporting documentation prepared for that study.

Though NAHDAP-owned data are freely available, some restricted-use data listed on the NAHDAP website are freely available only to persons at ICPSR member institutions. This is because NAHDAP often cross-lists topically relevant data owned by other ICPSR archives on our website. If there is a fee to access data, you will be able to determine that during the online application process. You may also email us at icpsr-help@umich.edu to confirm. Study documentation is still freely accessible to anyone.

Institutional Review Boards (IRBs) take various approaches to secondary analysis of public-use datasets such as those distributed by NAHDAP. For more information, see ICPSR’s web page on Institutional Review Boards. NAHDAP can accept an IRB approval or exemption determination as part of your application for access to our restricted-use data.