Date | May 2018 | Marks available | 5 | Reference code | 18M.1.SL.TZ0.10 |
Level | SL | Paper | 1 | Time zone | no time zone |
Command term | Outline | Question number | 10 | Adapted from | N/A |
Question
A medical centre uses a computer system to manage both patients’ data and appointments. This system, which is used by the doctors, nurses and secretaries, has two unordered files: a patients’ file and an appointments’ file, both of which can only be accessed sequentially.
Every evening the following processing takes place:
- a list of appointments for the next day is printed out
- reminders are sent by SMS text messages to the patients’ mobile devices.
Outline the pseudocode that the processing must follow when the system sends out the text reminders.
Describe two different methods that the medical centre could use that would allow data to be restored should it be lost for any reason.
The medical centre is concerned about the privacy of the data it is storing and has to make decisions concerning:
- access to the data stored on this system
- storing the data locally or through the use of a cloud service.
Discuss the issues that should be considered before making these decisions.
Markscheme
Award marks for a response which indicates the logical steps that have to be followed.
Award [5 max] as follows:
Iterate through the appointments file;
Check for correct day;
Repeat for each appointment on that day;
Using the patient ID for that appointment;
Iterate through the patients file until record for that ID found;
Retrieve phone number and send out SMS;
Example:
Note: Candidates are not requested to construct the (algorithm in) pseudocode.
Award [1] for method and [1] for description – only accept TWO methods.
Mark as [2] and [2].
Backup;
Data files on a regular basis;
Printed copies;
Printouts can be kept of transactions;
Transaction Log file;
Written for each transaction can be used to restore;
Accept any reasonable methods described including second server and cloud use.
There are 2 possible issues here: who has what level of access to the data in the hospital and whether storing in the cloud is safer than storing locally.
For each of these 2 issues award [3 max] as follows:
Award [1] for identifying the issue.
Award [1] for some valid development of the issue.
Award [1] for a suitable discussion.
Example answers could include reference to the following but this is not an exclusive list. Award marks for any two reasonable issues discussed – one of which is access and the other security.
Official access to the data [3 max]:
Access to this sensitive data must be restricted.
Only those directly concerned can be able to access it.
Even less people should be able to edit it.
Therefore access levels should be set up, with strong levels of authentication.
Physical access to servers should be controlled if using the local system;
Data security [3 max]:
Is the data safer stored locally or on the cloud?
Cloud service providers are professionals – they should have stronger security than a hospital system.
What track record / reputation does the cloud service provider have?
If patient data could be sold/inspected, then both the patient and hospital could suffer serious consequences.
Is the cloud governed by appropriate privacy laws?
Is it located internationally or is it governed by the laws of the country in question?
Could be intercepted in transmission;