HITRUST Results Distribution System FAQs
When will the RDS API functionality be available?
Q3 of 2023
What is the HITRUST Results Distribution System (RDS)?
The HITRUST RDS is an online portal that allows assessed entities to fulfill the requests of their relying parties by sharing their assessment results via our application. Through API integration, the relying party can ingest specific elements they are seeking such as: assessment date, scope, control requirements, scores, corrective action plans (CAPs), and more.
What are the benefits the HITRUST Results Distribution System (RDS) delivers over the outdated process of sharing and consuming third-party assurance reports in PDF form?
Across the industry, third-party assurance reports are distributed almost entirely as PDF documents. These PDFs must then be manually reviewed by relying parties to confirm various elements that are contained within the results. The relying party often needs to re-enter data present in the PDF report into their vendor risk management (VRM) system, third-party risk management (TPRM) system, or governance, risk, and compliance (GRC) system. At present, this process is manual and labor-intensive and is generally repeated annually for every third-party vendor. The HITRUST Results Distribution System (RDS) enables assessment results to be sent electronically from a highly secure portal where the relying party can consume and review available data elements through API directly in their TPRM, VRM, or GRC systems.
How will Relying Parties who use Vendor Risk Management (VRM) systems benefit?
For Relying Parties, RDS eliminates the need to manually review and re-enter information from an assessment report. RDS enables electronic receipt of assessment results and can enable a VRM system’s analytics capabilities to review results and provide alerts as specified. VRM integration will require the use of the RDS API.
Can results from all HITRUST Assessments be shared via the HITRUST Results Distribution System (RDS)?
Yes. Results from HITRUST e1, i1, and r2 Assessments can be shared electronically through the RDS online web portal using a web browser. This includes the e1 Readiness, i1 Readiness Assessment, and r2 Readiness, Interim, and Bridge Assessments.
Is there an additional cost for RDS?
RDS is a value-added service available with all completed HITRUST Assessments. Using the RDS application, assessed entities can fulfill requests sent by relying parties who are integrated with RDS to share HITRUST Assessment results to relying parties at no cost.
Does the Relying Party receiving RDS data need to be a MyCSF subscriber?
No. The assessed entity must have a completed HITRUST Assessment and they can send results to external entities who are integrated with RDS through an API implementation.
Is the use of RDS required?
Use of RDS is not mandatory, and its usage is available to the assessed entity after they complete a HITRUST Assessment. Those who don’t opt-in to RDS can still receive reports and certification letters in PDF format. In most cases, HITRUST believes that vendors and service providers will want to actively use RDS so they can be more responsive to requests from customers who need information security assurances.
Where can I get more information about RDS?