When considering who owns the data produced by research, it's important to consider the circumstances under which the data was produced
NIU (n.d.) Responsible Conduct in Data Management: Data Ownership. https://www.niu.edu/rcrportal/datamanagement/dotopic.html
HHS-ORI (n.d.) Data Ownership. https://ori.hhs.gov/content/Chapter-6-Data-Management-Practices-Data-ownership
Lamar Soutter Library (n.d.) Data Sharing & Reuse Policies. https://library.umassmed.edu/resources/necdmc/modules
GW Policy on Regulated Information
The GW Office of Ethics, Compliance, and Privacy defines 'regulated information' as "...information that is protected by local, national, or international statute or regulation mandating certain restrictions. For example, student academic and financial records are regulated by the Family Educational Rights and Privacy Act (FERPA) and certain personal health information is regulated by the Health Insurance Portability and Accountability Act (HIPAA)...."
In their 'Policy Statement' on information security, GW's Office of Ethics, Compliance, and Privacy defines the responsibilities that authorized individuals, schools, and divisions have to secure and protect 'non-public' information (a designation which includes 'regulated information').
Data Use Agreements (DUAs)
However, it is possible to share regulated information with non-GW entities, by means of a Data Use Agreement (DUA) - here are some common characteristics of DUAs
To learn more about GW's policies regarding DUAs, see the Office of the Vice President of Research's (OVPR) Research Integrity - Date Use Agreements page. Since all DUAs must be reviewed and approved by GW's Office of Research Integrity, interested individuals should submit a DUA Intake Form to get the process going.
GW Office of Ethics, Compliance, and Privacy (2018) Information Security - Policy Statement. https://compliance.gwu.edu/information-security