NIH Has Acted To Protect Confidential Information Handled by Peer Reviewers, But It Could Do More
WHY WE DID THIS STUDY
Congress, NIH, and Federal intelligence agencies have raised concerns about foreign threats to the integrity of U.S. medical research and intellectual property. This includes foreign programs that may unduly influence and capitalize on NIH-funded research. In August 2018, NIH Director Dr. Francis Collins raised concerns that peer reviewers-who review applications for NIH extramural grants and have unique access to confidential information in those applications-were, in some cases, inappropriately sharing this information with foreign entities. Subsequently, Congress appropriated funding for OIG to conduct oversight of NIH grant programs and operations, including examining the effectiveness of NIH's efforts to protect intellectual property derived from NIH-supported research. This study describes and assesses NIH's oversight of peer reviewers' handling of confidential information.
HOW WE DID THIS STUDY
We interviewed NIH staff at the Office of Extramural Research, the Center for Scientific Review, the Office of Management Assessment, and the Office of Federal Advisory Committee Policy about their roles in setting and implementing policy related to peer reviewers' handling of confidential information. We also reviewed NIH policies, guidance, and training materials related to oversight of peer reviewers. Lastly, we collected information from NIH about its investigations of peer reviewers and about any actions it has taken against reviewers who disclosed confidential information.
WHAT WE FOUND
NIH has policies and procedures to protect the confidentiality of the peer review process and takes action against reviewers who disclose information. To prevent disclosures, NIH requires all peer reviewers to sign electronic nondisclosure certifications and trains peer reviewers to keep the information in grant applications private. To detect potential disclosures, NIH relies primarily on peer reviewers to report suspicious activity by other reviewers, but the agency is starting to use technology to detect disclosures. NIH has taken a range of actions against peer reviewers found to have disclosed confidential information, including terminating the reviewer's service or referring the reviewer to law enforcement for investigation.
NIH actively responds to instances of suspected undue foreign influence in peer review, but the agency is in the early stages of addressing this threat systemically. NIH learns of instances of potential undue foreign influence in peer review primarily from its national security partners and from NIH staff. It has responded to these instances on a case-by-case basis. NIH is developing an approach to address foreign influence concerns systemically-through general oversight-in addition to responding to specific incidents.
WHAT WE RECOMMEND
NIH is taking steps to address concerns about foreign threats to research integrity, and has an opportunity to more directly address-in a systemic way-concerns about foreign threats to the confidentiality of the peer review process. We recommend that NIH conduct targeted, risk-based oversight of peer reviewers using risk indicators identified from analysis of research integrity threats. In addition, NIH should update its training materials routinely with information about confidentiality breaches and undue foreign influence, and the agency should require all peer reviewers to attend periodic trainings about these risks. NIH should also continue consulting with national security experts about peer review risks and mitigation to inform a risk-based oversight approach. NIH concurred with all four of our recommendations.