DNAnexus Documentation
APIDownloadsIndex of dx CommandsLegal
  • Overview
  • Getting Started
    • DNAnexus Essentials
    • Key Concepts
      • Projects
      • Organizations
      • Apps and Workflows
    • User Interface Quickstart
    • Command Line Quickstart
    • Developer Quickstart
    • Developer Tutorials
      • Bash
        • Bash Helpers
        • Distributed by Chr (sh)
        • Distributed by Region (sh)
        • SAMtools count
        • TensorBoard Example Web App
        • Git Dependency
        • Mkfifo and dx cat
        • Parallel by Region (sh)
        • Parallel xargs by Chr
        • Precompiled Binary
        • R Shiny Example Web App
      • Python
        • Dash Example Web App
        • Distributed by Region (py)
        • Parallel by Chr (py)
        • Parallel by Region (py)
        • Pysam
      • Web App(let) Tutorials
        • Dash Example Web App
        • TensorBoard Example Web App
      • Concurrent Computing Tutorials
        • Distributed
          • Distributed by Region (sh)
          • Distributed by Chr (sh)
          • Distributed by Region (py)
        • Parallel
          • Parallel by Chr (py)
          • Parallel by Region (py)
          • Parallel by Region (sh)
          • Parallel xargs by Chr
  • User
    • Login and Logout
    • Projects
      • Project Navigation
      • Path Resolution
    • Running Apps and Workflows
      • Running Apps and Applets
      • Running Workflows
      • Running Nextflow Pipelines
      • Running Batch Jobs
      • Monitoring Executions
      • Job Notifications
      • Job Lifecycle
      • Executions and Time Limits
      • Executions and Cost and Spending Limits
      • Smart Reuse (Job Reuse)
      • Apps and Workflows Glossary
      • Tools List
    • Cohort Browser
      • Chart Types
        • Row Chart
        • Histogram
        • Box Plot
        • List View
        • Grouped Box Plot
        • Stacked Row Chart
        • Scatter Plot
        • Kaplan-Meier Survival Curve
      • Locus Details Page
    • Using DXJupyterLab
      • DXJupyterLab Quickstart
      • Running DXJupyterLab
        • FreeSurfer in DXJupyterLab
      • Spark Cluster-Enabled DXJupyterLab
        • Exploring and Querying Datasets
      • Stata in DXJupyterLab
      • Running Older Versions of DXJupyterLab
      • DXJupyterLab Reference
    • Using Spark
      • Apollo Apps
      • Connect to Thrift
      • Example Applications
        • CSV Loader
        • SQL Runner
        • VCF Loader
      • VCF Preprocessing
    • Environment Variables
    • Objects
      • Describing Data Objects
      • Searching Data Objects
      • Visualizing Data
      • Filtering Objects and Jobs
      • Archiving Files
      • Relational Database Clusters
      • Symlinks
      • Uploading and Downloading Files
        • Small File Sets
          • dx upload
          • dx download
        • Batch
          • Upload Agent
          • Download Agent
    • Platform IDs
    • Organization Member Guide
    • Index of dx commands
  • Developer
    • Developing Portable Pipelines
      • dxCompiler
    • Cloud Workstation
    • Apps
      • Introduction to Building Apps
      • App Build Process
      • Advanced Applet Tutorial
      • Bash Apps
      • Python Apps
      • Spark Apps
        • Table Exporter
        • DX Spark Submit Utility
      • HTTPS Apps
        • Isolated Browsing for HTTPS Apps
      • Transitioning from Applets to Apps
      • Third Party and Community Apps
        • Community App Guidelines
        • Third Party App Style Guide
        • Third Party App Publishing Checklist
      • App Metadata
      • App Permissions
      • App Execution Environment
        • Connecting to Jobs
      • Dependency Management
        • Asset Build Process
        • Docker Images
        • Python package installation in Ubuntu 24.04 AEE
      • Job Identity Tokens for Access to Clouds and Third-Party Services
      • Enabling Web Application Users to Log In with DNAnexus Credentials
      • Types of Errors
    • Workflows
      • Importing Workflows
      • Introduction to Building Workflows
      • Building and Running Workflows
      • Workflow Build Process
      • Versioning and Publishing Global Workflows
      • Workflow Metadata
    • Ingesting Data
      • Molecular Expression Assay Loader
        • Common Errors
        • Example Usage
        • Example Input
      • Data Model Loader
        • Data Ingestion Key Steps
        • Ingestion Data Types
        • Data Files Used by the Data Model Loader
        • Troubleshooting
      • Dataset Extender
        • Using Dataset Extender
    • Dataset Management
      • Rebase Cohorts and Dashboards
      • Assay Dataset Merger
      • Clinical Dataset Merger
    • Apollo Datasets
      • Dataset Versions
      • Cohorts
    • Creating Custom Viewers
    • Client Libraries
      • Support for Python 3
    • Walkthroughs
      • Creating a Mixed Phenotypic Assay Dataset
      • Guide for Ingesting a Simple Four Table Dataset
    • DNAnexus API
      • Entity IDs
      • Protocols
      • Authentication
      • Regions
      • Nonces
      • Users
      • Organizations
      • OIDC Clients
      • Data Containers
        • Folders and Deletion
        • Cloning
        • Project API Methods
        • Project Permissions and Sharing
      • Data Object Lifecycle
        • Types
        • Object Details
        • Visibility
      • Data Object Metadata
        • Name
        • Properties
        • Tags
      • Data Object Classes
        • Records
        • Files
        • Databases
        • Drives
        • DBClusters
      • Running Analyses
        • I/O and Run Specifications
        • Instance Types
        • Job Input and Output
        • Applets and Entry Points
        • Apps
        • Workflows and Analyses
        • Global Workflows
        • Containers for Execution
      • Search
      • System Methods
      • Directory of API Methods
      • DNAnexus Service Limits
  • Administrator
    • Billing
    • Org Management
    • Single Sign-On
    • Audit Trail
    • Integrating with External Services
    • Portal Setup
    • GxP
      • Controlled Tool Access (allowed executables)
  • Science Corner
    • Scientific Guides
      • Somatic Small Variant and CNV Discovery Workflow Walkthrough
      • SAIGE GWAS Walkthrough
      • LocusZoom DNAnexus App
      • Human Reference Genomes
    • Using Hail to Analyze Genomic Data
    • Open-Source Tools by DNAnexus Scientists
    • Using IGV Locally with DNAnexus
  • Downloads
  • FAQs
    • EOL Documentation
      • Python 3 Support and Python 2 End of Life (EOL)
    • Automating Analysis Workflow
    • Backups of Customer Data
    • Developing Apps and Applets
    • Importing Data
    • Platform Uptime
    • Legal and Compliance
    • Sharing and Collaboration
    • Product Version Numbering
  • Release Notes
  • Technical Support
  • Legal
Powered by GitBook

Copyright 2025 DNAnexus

On this page
  • If I upload data to DNAnexus, will DNAnexus share the data with other people?
  • Can I use the apps that DNAnexus makes available to users? What are my rights?
  • I have licensed an application from a software vendor that I want to run in my DNAnexus account. Do I have the right to do that?
  • How secure is my data when I upload it to DNAnexus?
  • What if something happens to the data that I upload to DNAnexus?
  • Can I load personal health information into DNAnexus and comply with HIPAA?
  • I am based in Europe and have samples taken from European tissue donors. Can I upload my data to DNAnexus without violating European privacy laws?
  • I work at a CLIA lab. Can we use DNAnexus to manage our genomic information and still comply with CLIA requirements?
  • I want to upload sequence information from a preclinical or clinical study, and may eventually need to submit the data to the FDA. Does the DNAnexus platform comply with GCP and 21 CFR Part 11?
  • Does the consent I received from my study subjects allow me to upload data derived from their samples to DNAnexus?
  • If I load my new app into DNAnexus, is it automatically going to run in a CLIA-compliant way?
  • If I use data shared with the public on DNAnexus, am I safe from any legal actions if there are problems with any of the samples at a later date?

Was this helpful?

Export as PDF
  1. FAQs

Legal and Compliance

Last updated 2 years ago

Was this helpful?

If I upload data to DNAnexus, will DNAnexus share the data with other people?

DNAnexus is committed to protecting the confidentiality of your data and the privacy of your tissue donors. If you upload data to your account, the only people who have access to the data will be you and those with whom you share it. For further information, please see the .

Can I use the apps that DNAnexus makes available to users? What are my rights?

DNAnexus has made apps available for use by its registered users. When you run an app, you agree to the terms of the End User License Agreement provided by the developer of the app. In the case of apps that DNAnexus itself has made available, the End User License Agreement will typically be an open source license agreement, as required by the original developer of the app.

I have licensed an application from a software vendor that I want to run in my DNAnexus account. Do I have the right to do that?

Your right to use an application licensed from a software vendor in your DNAnexus account will depend on the terms of your agreement with the vendor. In most cases an internal use license will allow you to choose to use the software either on a computer at your own facility or in the cloud.

How secure is my data when I upload it to DNAnexus?

We have put in measures to ensure the highest level of data security for both research and clinical use. These measures include high-end physical data center security; reliable, replicated data storage; all data encrypted at rest and in transfer; and enterprise and user controlled permissions for data, analysis tool, and workflow sharing. For compliance support, we enable data logging and auditability for 6 years, versioned and reproducible analysis tools and results, and compliance with HIPAA, CLIA, 21 CFR Parts 11, 58, and 493, and European Data Privacy laws and regulations. For more details, please refer to the compliance white papers posted at the Page.

What if something happens to the data that I upload to DNAnexus?

If something happens to the data you upload to DNAnexus, please contact .

Can I load personal health information into DNAnexus and comply with HIPAA?

I am based in Europe and have samples taken from European tissue donors. Can I upload my data to DNAnexus without violating European privacy laws?

I work at a CLIA lab. Can we use DNAnexus to manage our genomic information and still comply with CLIA requirements?

I want to upload sequence information from a preclinical or clinical study, and may eventually need to submit the data to the FDA. Does the DNAnexus platform comply with GCP and 21 CFR Part 11?

Does the consent I received from my study subjects allow me to upload data derived from their samples to DNAnexus?

That depends on the terms of the consent and the information provided to the sample donor before s/he gave the consent. In evaluating whether the consent includes uploading data to DNAnexus, please keep in mind that data uploaded to DNAnexus are encrypted in transit and at rest. In this way, uploading data to DNAnexus is akin to storing them in encrypted form on your own servers, where the servers are managed by independent contractors. Ultimately the scope of consent should be determined by the IRB that is overseeing your research or clinical trial.

If I load my new app into DNAnexus, is it automatically going to run in a CLIA-compliant way?

The DNAnexus platform enables versioning, as required for the reproducibility of experiments required by CLIA, but you are responsible for version control in the ongoing development of your app and the naming of various versions.

If I use data shared with the public on DNAnexus, am I safe from any legal actions if there are problems with any of the samples at a later date?

Your rights and obligations with regard to datasets available through the DNAnexus platform are the same as they would be if you obtain them directly from the organization that makes them available. If you have a detailed question about a potential problem with a sample from a dataset, check with the organization that provides the dataset for answers to frequently asked questions or for an email address to which you might address your question.

We have designed and developed the DNAnexus platform so that it supports HIPAA compliance. All customer data uploaded to DNAnexus user account is encrypted while in transit and at rest, as required by the HIPAA privacy rule. We have implemented logging procedures that allow you to track access to data, as contemplated by the HIPAA security rule. Of course, HIPAA compliance also requires that you implement procedures, including security procedures and informed consents. If you plan to place PHI on the DNAnexus platform, we recommend contacting to obtain a Business Associates Agreement (BAA) with DNAnexus. For more information regarding HIPAA compliance, please see our page.

DNAnexus is compliant with GDPR and the 2022 Privacy Shield as a data processor as described in Section 13 of the . You should review your commercial contract to make sure you are uploading and executing in a DNAnexus location within the European Economic Area (EEA), such as Frankfurt Germany or Amsterdam, the Netherlands. Please contact to understand how to manage your metadata to be GDPR and GDPR-UK compliant.

The logging and version control features of the DNAnexus platform will allow you to track exactly how your samples were processed, so as to enable the reproducibility of your clinical experiments, as required by CLIA. Of course, CLIA compliance requires that you observe standard operating procedures necessary to ensure compliance, such as sample tracking and prohibitions on sharing user IDs and passwords. For further information, please see our compliance white papers at our page.

Both the Titan and Apollo products are compliant with 21 CFR Part 11 (Annex 11 for the EU) with respect to electronic records. Electronic signatures are out of scope for these products. DNAnexus employs the conventional Quality Management System (QMS) processes and technology to comply with these regulations. Click for more information on DNAnexus' GxP offering. The security and logging features of the DNAnexus platform are designed to enable the data integrity of your preclinical and clinical data and facilitate of those data. Using the platform, it will be possible to identify who uploaded or had access to data, when they did so, and what they did to the data. Prior versions of data can be retained, rather than overwritten. Of course, compliance with clinical requirements requires that you observe standard operating procedures necessary to ensure compliance, such as prohibitions on sharing of user IDs and passwords. For further information, please see our compliance white papers at our page.

DNAnexus Privacy Policy
Resources
DNAnexus customer support
support@dnanexus.com
Resources
DNAnexus Privacy Policy
support@dnanexus.com
Resources
here
audits
Resources