HITRUST Results Distribution System FAQs
When will the RDS be available?
Initial release is planned for Q2 2022.
What is the HITRUST Results Distribution System (RDS)?
The HITRUST RDS is an online portal that allows assessed entities to designate which parties they want to share their assessment results with, how the results can be accessed (via a PDF, web browser and/or API), and the specific assessment detail reports they want to share (such as: certification letter, expanded scope description, and findings). The relying party can review and search online for specific elements they are seeking, set up customizable views, and create alerts for assessment results outside of a defined threshold.
What are the benefits the HITRUST Results Distribution System (RDS) delivers over the outdated process of sharing and consuming third-party assurance reports in PDF form?
Across the industry, third-party assurance reports are distributed almost entirely as PDF documents. These PDFs must then be manually reviewed by relying parties to confirm various elements that are contained within the results. The relying party often needs to re-enter data present in the PDF report into their vendor risk management (VRM) system, third-party risk management (TPRM) system, or governance, risk, and compliance (GRC) system. At present, this process is manual and labor-intensive and is generally repeated annually for every third-party vendor. The HITRUST Results Distribution System (RDS) enables assessment results to be sent electronically from a highly secure portal where the relying party can review and search online for the specific elements they are seeking and set up customizable views and alerts. In addition, relying parties can leverage an API to have the results sent directly to their VRM, TPRM, or GRC systems.
How will Relying Parties who use Vendor Risk Management (VRM) systems benefit?
For Relying Parties, RDS eliminates the need to manually review and re-enter information from an assessment report. RDS enables electronic receipt of assessment results and can enable a VRM system’s analytics capabilities to review results and provide alerts as specified. VRM integration will require the use of the RDS API.
Can deliverables from all 3 types of assessment be shared via the HITRUST Results Distribution System (RDS)?
Yes. Results from HITRUST bC, i1, and r2 Assessments can be shared electronically through the RDS online web portal using a web browser and/or API.
Can “Report Only” customers use RDS?
Yes, but only for the 90 days that they can access that assessment in MyCSF (after which time they will only be able to share the resulting PDF reports and letters).
How does an Assessed Entity use MyCSF to designate recipients and share their results to a relying party?
The assessed entity will have the ability to select specific elements that can be shared, and invite a relying party to view assessment results in the RDS.