Examination Questions

16 – Computer related legislation (AS / A Level) UNIT 1

1. A Hospital typically stores large amounts of personal and private data about patients. This data can be
accessed by any of the employees at the hospital as well as remotely via local GPs over the Internet.
Specification Points / Learning Objectives: PGOnline text book page ref: 243-248
Discuss the legal issues hospital administrators might need to think about. AS Level A Level Specification point description

You will need to make reference to at least two specific Acts in your discussion. 1.5.1a 1.5.1a The Data Protection Act 1998
1.5.1b 1.5.1b The Computer Misuse Act 1990
1.5.1c 1.5.1c The Copyright Design and Patents Act 1988
Hospitals will be required to ensure adequate security on computers to make sure that any client data isn’t
1.5.1d 1.5.1d The Regulation of Investigatory Powers Act 2000
openly accessible to any one, as required by the Data Protection Act (1998). They could ensure this by creating
a login system for all computers and giving a unique username and password. This would mean if a doctor nurse Expectations / Learning Outcomes:
or any other member of the hospital would have to login with their own details to access anything on the
Hospitals system.  Terms 200-203 from your A Level Key Terminology PowerPoint should be included and underlined.
 You must include an overview (in some form) of the key points and facts, of each of the following acts of
The data protection act also requires that any data about a person can’t be transferred to a country which legislation:
doesn’t have similar laws in place. The Hospital would have to consider this with their remote access feature. A o The Data Protection Act (1998)
method to ensure the security would be IP monitoring. This would mean any time someone tried to access the o The Computer Misuse Act (1990)
data would be checked and if it resembled of a country that was in a predefined list that stated that country o The Copyright Design and Patents Act (1988)
cannot have access to the data and then the system could automatically deny that access point connection. This o The Regulation of Investigatory Powers Act (2000)
method isn’t completely foul proof as the use of VPN mean users could disguise their IP. But this is an added
layer of security which well always add to the data protection.
Grade TG. Breadth Depth Presentation Understanding
The hospital should also consider the Computer Misuse Act. They must be aware of viruses hacking, and Quad Quad
malware and other dangers and must action on it. This would mean the IT department should ensure software is A/A* LINK / FORMULATE
Create, Generate,
Core Core
kept up to date, and sufficient fire walls are in place as this reduces susceptibility of the hospital. Active scans ALL
Hypothesis, Reflect,
could be another measure the hospital could make to make no malicious software makes it onto the network or Theorise, Consider
any computers in the system. Th Hospital should also be aware of staff as they have easy access to all data and EXPLAIN / ANALYSE Dual Dual
if they were decide to misuse the computers the outcome could be bad. User monitoring systems should be in B/C MOST
Apply, Argue, Compare, Core Core
place to prevent this. Contrast, Criticise,
Relate, Justify
DESCRIBE / IDENTIFY Single Single
D/E SOME
Name, Follow Simple Core Core
Procedure, Combine,
[12] List, Outline

The Copyright Design and Patents Act (1988): This means work created and patented can’t be copied without permission. U FEW
Very little depth of
This applies to Digital goods too. Copying Source code is included in this too. understanding shown

The Regulation of Investigatory Powers Act (2000): This means that ISP have the right to monitor clients and must install MY ASSESSMENT GRADE IN THIS TOPIC IS:
monitoring equipment if asked by Police/government and don’t have to tell their clients.

How To Improve:

My Response Is: (Set yourself specific targets / objectives as to how you will achieve your HTI)