N3C COVID Enclave
The N3C COVID Enclave is the largest open U.S. database for ongoing COVID-19 research.
COVID Enclave Overview
Contact
The N3C COVID Enclave is a partnership among many organizations to provide clinical data to improve our knowledge of COVID-19 and potential treatment strategies.
The enclave’s data represent millions of COVID-19– positive individuals from each state and nearly every county. The enclave’s size, scope and diversity help to ensure public health answers benefit all Americans and their communities.
Partners include the following:
- Health care providers that produce the data in N3C, including the NCATS Clinical and Translational Science Awards (CTSA) Program and the institutions supported by the NIH National Institute of General Medical Sciences’ Institutional Development Award Networks for Clinical and Translational Research (IDeA-CTR)
- NCATS, which provides governance, oversight and a secure research platform to maintain and protect the data
- The scientific community and research leaders with data science and clinical expertise who harmonize data so it can be studied together and compared across the nation
Making COVID Data More Available for Research
The N3C COVID Enclave receives patient information from more than 60 health care institutions across the country. We harmonize data from these institutions into a single format and make them available for researchers and clinicians inside the N3C COVID Enclave so that they can study COVID-19 and potential treatments as the pandemic evolves. The N3C COVID Enclave is a secure, cloud-based research environment with a powerful analytics platform. Data cannot be removed from the enclave.
Since the N3C COVID Enclave opened to researchers in September 2020, scientists have used the data to improve our understanding of COVID-19 and health equity, diabetes, cancer, COVID-19 medications and chronic obstructive pulmonary disease. Researchers currently are studying HIV and COVID-19 risk, mortality rates in rural populations, long COVID and much more.
Learn more about N3C COVID Enclave research:
Data Security and Privacy
We have taken a comprehensive approach to addressing the security of the N3C COVID Enclave and protecting patient privacy.
We follow all applicable policies and regulations, have integrated key privacy measures into the enclave and its governance processes, and perform security testing and monitoring of activity inside the enclave. We also require researchers to, among other rules, adhere to a code of conduct, sign an agreement with NCATS outlining terms and conditions for using the data, and take NIH information technology security training.
The following table — showing N3C’s four pillars of data protection — provides additional detail about the steps we take to keep data secure and protect patient privacy.
Regulatory and Policy
- Data-contributing sites abide by the HIPAA Privacy Rule
- N3C research is subject to the Federal Policy for the Protection of Human Subjects in research ("Common Rule")
- Data are provided as a HIPAA-defined limited data set
- NIH IRB oversight and waiver of consent
- For COVID-19–related research only
- No genomic data
- No emergency public health authorities were used to obtain the data under these conditions
- Engaged in an NIH Tribal Consultation regarding use of American Indian and Alaska Native (AI/AN) data
Privacy Measures
- Certificate of Confidentiality
- Data stay within the N3C Data Enclave: No download or capture of raw data
- Privacy Impact Assessment
- Review of project requests by the Data Access Committee
- Full five-digit ZIP codes will never be shown for AI/AN demographic data
Security Testing and Monitoring
- Federal government–compliant enclave managed by NCATS
- Meets government security controls for cloud security and privacy
- Data encryption in transit and at rest, without exception
- Scheduled penetration testing
- Active monitoring and logging by NIH and HHS
- Auditing of activities in the N3C Data Enclave
Researcher Responsibilities
- A user's organization signs a Data Use Agreement with NCATS for terms and conditions of use
- Users adhere to the N3C Data User Code of Conduct
- Required NIH IT security training
- Required Human Subjects Research Protection training
- Follow N3C’s Community Guiding Principles
- Users attest that they understand that use of AI/AN data and ZIP code information to make assumptions about Tribal affiliation is not valid, or permitted
Learn more about using the N3C COVID Enclave:
- Read the requirements researchers must meet to access data.
- Read the N3C Data User Code of Conduct.
- Access the N3C Community Guiding Principles document.
- Review N3C COVID Enclave Forms and Resources.