Previous Notice
- 10.23.2025 UCSF Communication Email
- Subject: Federal Requirements: DOJ Bulk Data Rule, NIH Policy on Security of Human Biospecimens
The U.S. Department of Justice (DOJ) and the National Institutes of Health (NIH) have issued requirements that directly affect UCSF’s research activities involving human biospecimens and data. These federal actions strengthen research security protections and establish additional safeguards against unauthorized access to sensitive U.S.-person materials and data.
Key Updates
- NIH Notice NOT-OD-25-160 (Effective Oct. 24, 2025)
NIH now prohibits the distribution of NIH-supported U.S.-person biospecimens to institutions or parties in designated “countries of concern,” except under limited and documented circumstances. The policy applies whenever NIH funds are involved in the collection, processing, storage, use, or distribution of biospecimens, regardless of identifiability.
- DOJ Bulk Data Rule (28 C.F.R. Part 202) (Effective July 8, 2025)
This rule implements Executive Order 14117 to prevent access to Americans’ bulk sensitive data by countries of concern. Covered data types include genomic, biometric, health, geolocation, and other personal or government-related data of U.S. persons, whether identifiable or de-identified. NIH’s biospecimen policy aligns with this framework and reflects a unified federal approach to securing both biological materials and associated data.
Note: Both the NIH policy and the DOJ Bulk Data Rule also extend to collaborations or data or specimen access involving individuals who are no longer employed by, enrolled at, or formally affiliated with UCSF (including visiting scholars and postdoctoral researchers) and who are residing in or employed by an institution in a country of concern (China, Cuba, Iran, North Korea, Russia, and Venezuela).
Continued access to covered biospecimens, derived cell lines, or associated data by such individuals is not permitted unless an applicable exception under the NIH policy or DOJ rule applies and the activity has been reviewed and cleared by Export Control & Research Security.
Resources
Two detailed UCSF Research Security Bulletins are now available:
- UCSF Research Security Bulletin: NIH Notice NOT-OD-25-160 (Human Biospecimens Policy)
- UCSF Research Security Bulletin: DOJ Bulk Data Rule (28 C.F.R. Part 202)
What This Means for UCSF
- Export Control Review (Existing UCSF Requirement):
All international shipments or transfers from UCSF must be reviewed and cleared by Export Control & Research Security before shipment. This requirement applies to all materials, equipment, data, software, and human biospecimens, regardless of identifiability, funding source, or destination. Do not ship, transmit, or grant access until written clearance is confirmed.
- MTA/DUA Requirements:
- Prohibits onward transfer to countries of concern
- Requires recipients to obtain prior written approval for any subcontracting or rerouting
- Makes UCSF Export Control & Research Security clearance a condition precedent to shipment or release
Per existing UC Policy, all outgoing or incoming transfers must be governed by an executed Material Transfer Agreement (MTA) or Data Use Agreement (DUA) that:
These requirements ensure compliance with both existing UC policy and new federal mandates under NIH and DOJ rules.
For questions, please contact:
- UCSF Export Control & Research Security: [email protected]
- UCSF Industry Contracts Division: [email protected]