Information about possible breaches of confidentiality come to the NIH in numerous ways. Often, an applicant will report that data, figures or text from his or her grant application appears in a publication authored by a reviewer on the panel where the application was reviewed. Additionally, this may also constitute research misconduct in the form of plagiarism.
NIH sometimes learn about breaches of confidentiality from other reviewers, colleagues and students of reviewers, or even members of the media. NIH also has internal controls to monitor access to NIH computer systems.