The much-anticipated final Security Rule hit a bump in the road on its path to finalization.
The final rule will include changes on encryption, e-signatures and chain of trust agreements, according to industry sources.
Although William Braithwaite, national director of HIPAA advisory services with PriceWaterhouseCoopers, and others anticipated the changes would be made public Dec. 27, covered entities will have to endure while the finishing touches are added to the rule.
Braithwaite says business associate agreements will be required with chain trust agreements, but not with other covered entities.
Encryption technology will be necessary when transferring PHI across the Web or automated clearinghouse networks, and electronic signatures will not be necessary in any transactions regarding the Health Insurance Portability and Accountability Act, though Braithwaite did not rule out the possibility that the Department of Health and Human Services may issue a separate rule relating to e-signatures.