when the computer service bureau destroys or erases records, should the erasure be verified by the bureau to the physician?
In order to verify the erasure of records by a computer service bureau, it is considered good practice for the bureau to provide a confirmation or proof of erasure to the physician or the organization. This verification can help ensure that the records have been properly and securely erased according to agreed-upon procedures. Here's how the verification process can be approached:
1. Contractual Agreement: The first step is to establish a clear contractual agreement between the physician and the computer service bureau. The contract should outline the obligations and responsibilities of each party relating to data protection, privacy, and record erasure.
2. Erasure Procedures: The contract should include specific procedures that the computer service bureau must follow for the secure erasure of records. These procedures may involve industry best practices and standards such as secure deletion methods or data destruction techniques.
3. Verification Process: The contract should define the steps for verification of erasure. This generally includes the bureau generating a report or certificate to confirm that the requested records have been successfully erased. The report should include relevant details such as the date, time, and method of erasure.
4. Independent Audit: In some cases, it may be necessary or desirable to involve independent auditors or third-party experts to evaluate and verify the erasure process. This adds an extra layer of assurance and ensures compliance with relevant regulations or standards.
5. Documentation and Record-Keeping: Both the bureau and the physician should maintain copies of the contract, verification reports, and any related documentation as evidence of compliance and to address potential future verification needs.
It is essential for the physician to communicate their expectations clearly and ensure that the bureau understands the significance of providing verifiable proof of erasure. By establishing a robust contractual agreement and implementing a well-defined erasure verification process, the physician can have greater confidence in the secure handling and destruction of their records by the computer service bureau.