Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of the Application
Claims 1-20 are currently pending in this case and have been examined and addressed below. This communication is a Final Rejection in response to the Amendments to the Claims and Remarks filed on 11/21/2025.
Claims 1, 11-12, and 20 are currently amended.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11/21/2025 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1 – 20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., an abstract idea) without significantly more.
Step 1: Claims 1-10 are drawn to a process. Claims 11-20 is drawn to a machine. As such, claims 1-20 are drawn to one of the statutory categories of invention (Step 1: YES).
Step 2A - Prong One: In prong one of step 2A, the claim(s) is/are analyzed to evaluate whether it/they recite(s) a judicial exception.
Independent Claim 1: A processor implemented method, comprising:
validating a received patient credential, wherein the received patient credential is received at a patient mobile device that is associated with a patient by a registration process;
detecting that a location of the patient mobile device corresponds to a specific location or location change;
in response to detecting that the location of the patient mobile device corresponds to the specific location or location change, prompting the patient mobile device to update existing patient informed consent parameters through a graphical user interface (GUI) displayed on the patient mobile device;
receiving, in response to success of the validation, one or more updated patient informed consent parameters;
dynamically updating, in response to success of the validation, the existing patient informed consent parameters based on the updated patient informed consent parameters, wherein the updated patient informed consent parameters update:
entity-access parameters to obtain an updated set of entities authorized to access a patient medical record, wherein the entities include organizations, one or more individual persons, groups of persons, or combinations thereof;
and providing access to patient medical information of the patient to a user device separate from the patient mobile device, the access to the patient medical information having one or more permissions or restrictions determined by the one or more updated patient informed consent parameters.
Independent Claim 11: A system, comprising a memory, a communications interface, and a processor coupled to the communications interface, wherein the processor is configured to:
receive and validate a patient credential of a patient, the received patient credential being received at a patient mobile device that is associated with the patient by a registration process;
detect that a location of the patient mobile device corresponds to a specific location or location change;
in response to detecting that the location of the patient mobile device corresponds to the specific location or location change, prompt the patient mobile device to update existing patient informed consent parameters through a graphical user interface (GUI) displayed on the patient mobile device;
in response to success of the validation, receive one or more updated patient informed consent parameters;
dynamically update, in response to success of the validation, the existing patient informed consent parameters based on the updated patient informed consent parameters, wherein the updated patient informed consent parameters update:
entity-access parameters to obtain an updated set of entities authorized to access a patient medical record, wherein the entities include organizations, one or more individual persons, groups of persons, or combinations thereof;
and provide access to medical information of the patient to a user device separate from the patient mobile device, the access to the medical information having one or more permissions or restrictions determined by the one or more updated patient informed consent parameters.
Independent Claim 20: A non-transitory, computer-readable medium storing executable instructions which, when executed by a processor, cause the processor to:
validate a received patient credential, wherein the received patient credential is received at a patient mobile device that is associated with a patient by a registration process;
detect that a location of the patient mobile device corresponds to a specific location or location change;
in response to detecting that the location of the patient mobile device corresponds to the specific location of location change, prompt the patient mobile device to update existing patient informed consent parameters through a graphical user interface (GUI) displayed on the patient mobile device:
receive, in response to success of the validation, one or more updated patient informed consent parameters;
dynamically update, in response to success of the validation, the existing patient informed consent parameters based on the updated patient informed consent parameters, wherein the updated patient informed consent parameters update at least one of: a set of entities authorized to access a patient medical record, entity-specific access authorizations to specific portions of the patient medical record, and use-specific authorizations, the entities including one or more individual persons, groups of persons, or combinations thereof;
and provide access to patient medical information of the patient to a user device separate from the patient mobile device, the access to the patient medical information having one or more permissions or restrictions determined by the one or more updated patient informed consent parameters.
(Examiner notes: The above claim terms underlined are additional elements that fall under Step 2A - Prong Two analysis section detailed below)
These steps amount to methods of organizing human activity which includes functions relating to interpersonal and intrapersonal activities, such as managing relationships or transactions between people, social activities, and human behavior; satisfying or avoiding a legal obligation; advertising, marketing, and sales activities or behaviors; and managing human mental activity (MPEP § 2106.04(a)(2)(II)(C) citing the abstract idea grouping for methods of organizing human activity for managing personal behavior or relationships or interactions between people). Therefore, validating a received patient credentials, detecting a location, update existing patient informed consent parameters, receiving updated patient informed consent parameters, dynamically updating existing patient informed consent parameters, updating entity-access parameters, and providing access to patient medical information are directed to managing personal interactions or personal behavior.
The dependent claim 2 is directed to the updated patient informed consent parameters to update the use of parameters governing access by entities in the updated set of entities to the patient medical record, or data category parameters governing access to sections of the medical record by entities in the updated set of entities, or temporal parameters determining a duration of access by the entities in the updated set of entities to the medical record, or event parameters associating access to the medical record by the entities in the updated set of entities to the occurrence or non-occurrence of specific events, or measure parameters associating use of the medical record by the entities in the updated set of entities to one or more measures, or a combination thereof.
The dependent claim 3 is directed to receiving the updated patient informed consent parameters includes receiving the updates patient informed consent parameters at differing levels of granularity.
The dependent claim 4 is directed at the first level of entity-access granularity, the updated patient informed consent parameters enable a first entity to access the medical record by including the first entity in the updated set of entities, and revoke access to the medical record to a second entity by excluding the second entity from the updated set of entities and the second level of entity-access granularity, authorization enables a first sub-entity associated with the first-entity to access the medical record or prevents a second sub-entity associated with the first entity from accessing the medical record, or combination thereof.
The dependent claim 5 is directed to the first level of use granularity, use parameters enable use of the medical record for first specified uses and prevents use of the medical record for second uses other than the first specified uses.
The dependent claim 6 is directed to the first level of data-category granularity, the data category parameters enable access to a first section of the medical record and prevent access to a second section of the medical record, wherein the first and second section represent distinct data categories.
The dependent claim 7 is directed to the first level of temporal granularity the temporal parameters enable access to the medical record for a specified period.
The dependent claim 8 is directed to the first level of event granularity, the event parameters enable access to the medical record on an event, wherein the events include an emergency event, a medical procedure event, a treatment related event, a diagnostic event, a post-treatment event, a billing event, or a clinical trial event, or a research event, or a combination thereof.
The dependent claim 9 is directed to the first level of measure granularity, the measure parameters enable the access or use of the medical record based on measures associated with the medical record, wherein the measures include de-identification, aggregation, anonymization, or pseudo-anonymization.
The dependent claim 10 is directed to the measure parameters are implicitly determined based on a corresponding jurisdiction associated with the entities in the updated set of entities.
The dependent claim 12 is directed to receive the updated patient informed consent parameters at differing levels of granularity after validating the received patient credential and before receiving the updated patient informed consent parameters.
The dependent claim 13 is directed to the first level of granularity enabling authorization to an entity to access the medical record and the second level of granularity enables authorization to a first-sub entity belonging to the entity to access the medical record and prevent a second sub-entity belonging to the entity from accessing the medical record.
The dependent claim 14 is directed to the third level of granularity enables authorization to an entity to access a first portion of the medical record and not a second portion of the medical record.
The dependent claim 15 is directed to enabling authorization to an entity to access the medical record for a finite period of time.
The dependent claim 16 is directed to enabling condition specification under which entity is authorized to access the medical record.
The dependent claim 17 is directed to enabling searching of the existing informed consent parameters.
The dependent claim 18 is directed to enabling searching of the existing informed consent parameters by entity, sub-entity, medical provider, scope of consent, type of consent, and nature of consent.
The dependent claim 19 is directed to display entities according to the nature of consent granted.
Each of these steps of the preceding dependent claims 2-10 and 12-19 only serve to further limit or specify the features of independent claims 1, 11, and 20 accordingly, and hence are nonetheless directed towards fundamentally the same abstract idea as the independent claim and utilize the additional elements analyzed below in the expected manner.
As such, the Examiner concludes that the preceding claims recite an abstract idea (Step 2A – Prong One: YES).
Step 2A - Prong Two: In prong two of step 2A, an evaluation is made whether a claim recites any additional element, or combination of additional elements, that integrate the exception into a practical application of that exception. An “additional element” is an element that is recited in the claim in addition to (beyond) the judicial exception (i.e., an element/limitation that sets forth an abstract idea is not an additional element). The phrase “integration into a practical application” is defined as requiring an additional element or a combination of additional elements in the claim to apply, rely on, or use the judicial exception in a manner that imposes a meaningful limit on the judicial exception, such that it is more than a drafting effort designed to monopolize the exception.
Claims 1, 11-12, and 20 recite the use of a processor, in this case to validating a received patient credential, detecting a location, update existing patient informed consent parameters, updated patient informed consent parameters, dynamically updating the existing patient informed consent parameters, updating entity-access parameters, providing access to patient medical information, only recites the processor as a tool to perform an existing process and only amounts to an instruction to implement the abstract idea using a computer (MPEP § 2106.05(f)(2)).
Claims 1 and 11 recite the use of a patient mobile device and user device separate from the patient mobile device, only as a tool to perform an existing process and only amounts to an instruction to implement the abstract idea using a computer (MPEP § 2106.05(f)(2)).
Claims 1 and 11-20 recite the use of a graphical user interface (GUI) displayed on the patient mobile device, only recites the graphical user interface (GUI) displayed on the patient mobile device as a tool to perform an existing process and only amounts to an instruction to implement the abstract idea using a computer (MPEP § 2106.05(f)(2)).
Claim 11 recites the use of a memory and communications interface, only recites the memory and communications interface as a tool to perform an existing process and only amounts to an instruction to implement the abstract idea using a computer (MPEP § 2106.05(f)(2)).
Claim 20 recites the use of a non-transitory computer-readable medium, only recites the non-transitory computer-readable medium as a tool to perform an existing process and only amounts to an instruction to implement the abstract idea using a computer (MPEP § 2106.05(f)(2)).
The Examiner has therefore determined that the additional elements, or combination of additional elements, do not integrate the abstract idea into a practical application. Accordingly, the claim(s) is/are directed to an abstract idea (Step 2A – Prong two: NO).
Step 2B: In step 2B, the claims are analyzed to determine whether any additional element, or combination of additional elements, is/are sufficient to ensure that the claims amount to significantly more than the judicial exception.
As discussed above in “Step 2A – Prong 2”, the identified additional elements, such as the processor, patient mobile device, graphical user interface (GUI) displayed on the patient mobile device, user device separate from the patient mobile device, memory, communications interface, and non-transitory computer-readable medium in independent claims 1, 11, and 20 and dependent claims 2-10 and 12-19 are equivalent to adding the words “apply it” on a generic computer. Each of these elements is only recited as a tool for performing steps of the abstract idea, such as the use of the computer and data processing devices to apply the algorithm. These additional elements therefore only amount to mere instructions to perform the abstract idea using a computer and are not sufficient to amount to significantly more than the abstract idea (MPEP 2016.05(f) see for additional guidance on the “mere instructions to apply an exception”). Each additional element under Step 2A, Prong 2 is analyzed in light of the specification’s explanation of the additional element’s structure. The claimed invention’s additional elements are directed to generic computer component and functions being used to perform the abstract idea.
Applicant’s own disclosure in paragraphs [0022] acknowledges that the “processor 200 may include any suitable type of processor (e.g., single-core or multi-core processors, Application Specific Integrated Circuits (ASICs), etc.)… the memory 202 may include any of a variety of memory, such as random access memory (RAM), read-only memory (ROM), flash memory, etc. The storage 203 may include disks (e.g., optical or magnetic), solid state drives, hard disk drives, removable media (e.g., storage devices connected by USB), and so on”. Paragraph [0015] discloses “communications interface 110, which may be wired and/or wireless. Wired communications may include communications over Ethernet, Universal Serial Bus (USB), etc. Wireless communications may occur over: wireless wide area networks (WWANs) such as cellular networks, which may include LTE and/or 5G and/or other cellular communication standards; wireless local area networks (WLANs), e.g., Wi-Fi, which may be based on IEEE 802.11 standards, and/or wireless personal area networks (WPAN) such as Bluetooth, NFC, etc. which may be based on IEEE 802.15 standards”. Additionally, paragraphs [0005], [0016-0017] and [0019] also disclose “a non-transitory, computer-readable medium stores executable instructions…and…storage (including removable media)…and… one or more user devices 106 may be coupled to removable media 108, such as a USB device, a flash memory device, an optical memory device, a magnetic memory device, solid state memory devices, and so on”. Furthermore, paragraph [0023] acknowledges “a user may use a device and a GUI displayed on the device, such as those described below with reference to FIG. 11 (search query box shown in example GUI 800), FIG. 12 (search query box shown in example GUI 800)”.
The Examiner has therefore determined that no additional element, or combination of additional claims elements is/are sufficient to ensure the claim(s) amount to significantly more than the abstract idea identified above (Step 2B: NO).
Therefore, claims 1-20 are not eligible subject matter under 35 USC 101.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-3, 7, 11-13, 15-20 are rejected under 35 U.S.C. 103 as being unpatentable over Williams et al. (US-20160112208-A1)[hereinafter Williams], in view of Muse et al. (US-20210241869-A1)[hereinafter Muse].
As per Claim 1, Williams discloses a processor implemented method in paragraphs [0010] and claim 1 (a computer-based method), comprising: validating a received patient credential in paragraphs [0007] and [0052] and [0054] (verify a received subject or patient signature); receiving, in response to success of the validation, one or more updated patient informed consent parameters in paragraphs [0033] and [0050] and [0057] and [0116] (receiving, in response to success of verification, updated control levels (synonymous to one or more updated patient informed consent parameters)); dynamically updating, in response to success of the validation, the existing patient informed consent parameters based on the updated patient informed consent parameters in paragraphs [0032-0034] and [0074] and [0099-0100] and [0116] and Figure 8 (updating, in response to success of verification, consent management elements (synonymous to existing patient informed consent parameters) based on the updated control levels), wherein the updated patient informed consent parameters update: entity-access parameters to obtain an updated set of entities authorized to access a patient medical record, wherein the entities include organizations, one or more individual persons, groups of persons, or combinations thereof in paragraphs [0026-0027] and [0029] and [0054] and [0077-0080] and [0091] (the updated control levels update entity, or referred to as operators, access control levels to obtain an updated list of entities authorized to access a patient medical record, wherein entities, referred to as operators, include organizations, a person, a group of natural persons).
Williams discloses validating a received patient credential, but does not disclose the received patient credentials coming from a patient mobile device, detecting a location of the patient mobile device, and updating the informed consent parameters in response to detecting the location. However, Muse discloses validating a received patient credential, wherein the received patient credential is received at a patient mobile device that is associated with a patient by a registration process in paragraphs [0038] and [0049-0050] (authenticating the patient username/password combination, wherein the username/password combination is received at a patient computing entity that is associated with a patient by a registration process); detecting that a location of the patient mobile device corresponds to a specific location or location change in paragraphs [0049] and [0052] (detects location of the patient computing entity corresponds to recent locations (synonymous to a specific location)); in response to detecting that the location of the patient mobile device corresponds to the specific location or location change, prompting the patient mobile device to update existing patient informed consent parameters through a graphical user interface (GUI) displayed on the patient mobile device in paragraphs [0042] and [0054-0055] (in response to detecting the location of the patient computing entity corresponds to recent locations, the patient computing device determines specific conditions to override or pause the recording or deletion of data through a user interface displayed on the patient computing entity (Examiner notes that the patient computing system determining specific conditions to override or pause recording or deletion of data indicates updating patient consent parameters)); and providing access to patient medical information of the patient to a user device separate from the patient mobile device, the access to the patient medical information having one or more permissions or restrictions determined by the one or more updated patient informed consent parameters in paragraphs [0055] and [0061-0062] (providing access to patient data of the patient to a second device separate from the patient computing entity, the access to the patient data including authorizations determined by the satisfied specific conditions in regards to the recording data).
It would have been obvious to a person of ordinary skill in the art before the effective filling date of the applicant’s invention a processor implemented method of validating a received patient credential, receiving in response to validation success updated patient informed consent parameters, updating existing patient informed consent parameters, and updating entity access parameters, as disclosed by Williams, to be combined with validating patient credentials received from a patient mobile device, detecting a location, updating existing patient informed consent parameters based on the detected located, as disclosed by Muse, for the purpose of improving validity and accuracy of medical data [0019].
As per Claim 2, Williams and Muse disclose the method of claim 1, Williams also discloses wherein the updated patient informed consent parameters further update in paragraphs [0099-0100] and [0116] (the updated control levels update) at least one of: use parameters governing access by one or more entities in the updated set of entities to the patient medical record; or data category parameters governing access to sections of the patient medical record by the one or more entities in the updated set of entities; or temporal parameters determining a duration of access by the one or more entities in the updated set of entities to the patient medical record; or event parameters associating access to the patient medical record by the one or more entities in the updated set of entities to the occurrence or non-occurrence of specific events; or measure parameters associating use of the patient medical record by the one or more entities in the updated set of entities to one or more measures; or a combination thereof in paragraphs [0033-0034] and [0088] and [0091] (the time dimension control level (synonymous to temporal parameters) determining a duration of access by the entities by the entities in the updated list of entities to the patient medical record (Examiner notes that the time dimension control level meets the "at least one of" limitation)).
As per Claim 3, Williams and Muse disclose the method of claim 2, Williams also discloses wherein receiving the one or more updated patient informed consent parameters comprises receiving the updated patient informed consent parameters at differing levels of granularity in paragraphs [0050-0051] and [0074] (receiving the updated control levels includes receiving the updated control levels at multiple levels of granularity).
As per Claim 7, Williams and Muse disclose the method of claim 3, Williams also discloses wherein at a first level of temporal granularity the temporal parameters enable access to the patient medical record for a specified period in paragraphs [0033-0034] and [0088] (at a first level of granularity in regards of time, the time dimension control level (synonymous to temporal parameters) enable access to the medical record for a specified period).
As per Claim 11, Williams discloses a system, comprising a memory, a communications interface, and a processor coupled to the communications interface in paragraphs [0010] and [0044] and [0046] (a system including a consent management repository or CMR (synonymous to a memory), a CM connector (synonymous to a communications interface), and a processor coupled to the consent management or CM connectors), wherein the processor is configured to: receive and validate a patient credential of a patient in paragraphs [0007] and [0052] and [0054] (verify a received subject or patient signature), in response to success of the validation, receive one or more updated patient informed consent parameters in paragraphs [0033] and [0050] and [0057] and [0116] (in response to success of verification, receive updated control levels (synonymous to one or more updated patient informed consent parameters)); dynamically update, in response to success of the validation, the existing patient informed consent parameters based on the updated patient informed consent parameters in paragraphs [0032-0034] and [0074] and [0099-0100] and [0116] and Figure 8 (update, in response to success of verification, consent management elements (synonymous to existing patient informed consent parameters) based on the updated control levels), wherein the updated patient informed consent parameters update: entity-access parameters to obtain an updated set of entities authorized to access a patient medical record, wherein the entities include organizations, one or more individual persons, groups of persons, or combinations thereof in paragraphs [0026-0027] and [0029] and [0054] and [0077-0080] and [0091] (the updated control levels update entity, or referred to as operators, access control levels to obtain an updated list of entities authorized to access a patient medical record, wherein entities, referred to as operators, include organizations, a person, a group of natural persons):
Williams discloses validating a received patient credential, but does not disclose the received patient credentials coming from a patient mobile device, detecting a location of the patient mobile device, and updating the informed consent parameters in response to detecting the location. However, Muse discloses receive and validate a patient credential of a patient, the received patient credential being received at a patient mobile device that is associated with the patient by a registration process in paragraphs [0038] and [0049-0050] (authenticating the patient username/password combination, wherein the username/password combination is received at a patient computing entity that is associated with a patient by a registration process); detect that a location of the patient mobile device corresponds to a specific location or location change in paragraphs [0049] and [0052] (detects location of the patient computing entity corresponds to recent locations (synonymous to a specific location)); in response to detecting that the location of the patient mobile device corresponds to the specific location or location change, prompt the patient mobile device to update existing patient informed consent parameters through a graphical user interface (GUI) displayed on the patient mobile device in paragraphs [0042] and [0054-0055] (in response to detecting the location of the patient computing entity corresponds to recent locations, the patient computing device determines specific conditions to override or pause the recording or deletion of data through a user interface displayed on the patient computing entity (Examiner notes that the patient computing system determining specific conditions to override or pause recording or deletion of data indicates updating patient consent parameters)); and provide access to medical information of the patient to a user device separate from the patient mobile device, the access to the medical information having one or more permissions or restrictions determined by the one or more updated patient informed consent parameters in paragraphs [0055] and [0061-0062] (providing access to patient data of the patient to a second device separate from the patient computing entity, the access to the patient data including authorizations determined by the satisfied specific conditions in regards to the recording data).
It would have been obvious to a person of ordinary skill in the art before the effective filling date of the applicant’s invention of a system of validating a received patient credential, receiving in response to validation success updated patient informed consent parameters, updating existing patient informed consent parameters, and updating entity access parameters, as disclosed by Williams, to be combined with validating patient credentials received from a patient mobile device, detecting a location, updating existing patient informed consent parameters based on the detected located, as disclosed by Muse, for the purpose of improving validity and accuracy of medical data [0019].
As per Claim 12, Williams and Muse disclose the system of claim 11, Williams also discloses wherein the processor is configured, after validating the received patient credential and before receiving the one or more updated patient informed consent parameters, to provide the GUI to the patient, the GUI configured to receive the updated patient informed consent parameters at differing levels of granularity in paragraphs [0050-0051] and [0054] and [0074] and [0116] (after verifying the patient signature and before receiving the updated control levels, to provide an user interface (UI) (synonymous to a graphical user interface (GUI)) to a patient, the UI receive the updated control levels (synonymous to the updated patient informed consent parameters) at multiple levels of granularity).
As per Claim 13, Williams and Muse disclose the system of claim 12, Williams also discloses wherein, at a first level of granularity, the GUI is configured to enable the patient to authorize an entity to access the patient medical record in paragraphs [0054] and [0077-0078] (at a first level of granularity, the UI enables the patient to authorize an entity to access the patient medical record), and wherein, at a second level of granularity, the GUI is configured to enable the patient to authorize a first sub-entity belonging to the entity to access the patient medical record and to prevent a second sub-entity belonging to the entity from accessing the patient medical record in paragraphs [0026] and [0035] and [0118-0119] (at a second level of granularity, the UI enables the patient to authorize a primary care physician (synonymous to a first sub-entity) belonging to the entity to access the patient medical record and prevent a diagnostics provider (synonymous to a second sub-entity) belonging to the entity from accessing the patient medical record (Examiner notes that the entity may be a medical institution)).
As per Claim 15, Williams and Muse disclose the system of claim 12, Williams also discloses wherein the GUI enables the patient to authorize an entity to access the patient medical record for a finite period of time in paragraphs [0027] and [0033-0035] and [0041-0042] and [0074] and [0088] (the UI enables the patient to authorize a requesting operator (synonymous to an entity) to access the controlled data (synonymous to the patient medical record), wherein controlled data includes medical records for a limited time).
As per Claim 16, Williams and Muse disclose the system of claim 12, Williams also discloses wherein the GUI enables the patient to specify conditions under which an entity is authorized to access the patient medical record in paragraphs [0077-0078] and [0118-0119] (the UI enables the patient to revoke consent to share mental health information (Examiner notes that the patient revoking consent to share mental health information is an example of the patient specifying conditions under who has access to the patient medical record)).
As per Claim 17, Williams and Muse disclose the system of claim 12, Williams also discloses wherein the GUI enables searching of the existing informed consent parameters in paragraphs [0032-0034] and [0054] and [0062] and [0088] and Figure 4 (the UI enables searching of the consent management elements).
As per Claim 18, Williams and Muse disclose the system of claim 17, Williams also discloses wherein the GUI enables searching of the existing informed consent parameters by entity, sub-entity, medical provider, scope of consent, type of consent, and nature of consent in paragraphs [0032-0034] and [0054] and [0058-0062] and [0088] and Figure 4 (the UI enables searching of the consent management elements by entity, sub-entity, medical provider, scope of consent, type of consent, and nature of consent).
As per Claim 19, Williams and Muse disclose the system of claim 17, Williams also discloses wherein the GUI is configured to display entities according to the nature of consent granted in paragraphs [0058-0062] and [0088] (the UI displays the entities based on the nature of consent granted).
As per Claim 20, Williams discloses a non-transitory, computer-readable medium storing executable instructions which, when executed by a processor in paragraphs [0010] (a computer readable medium storing executable instructions executed by a processor), cause the processor to: validate a received patient credential in paragraphs [0007] and [0052] and [0054] (verify a received subject or patient signature); receive, in response to success of the validation, one or more updated patient informed consent parameters in paragraphs [0033] and [0050] and [0057] and [0116] (receive, in response to success of verification, updated control levels (synonymous to one or more updated patient informed consent parameters)); dynamically update, in response to success of the validation, the existing patient informed consent parameters based on the updated patient informed consent parameters in paragraphs [0032-0034] and [0074] and [0099-0100] and [0116] and Figure 8 (updating, in response to success of verification, consent management elements (synonymous to existing patient informed consent parameters) based on the updated control levels), wherein the updated patient informed consent parameters update at least one of: a set of entities authorized to access a patient medical record, entity-specific access authorizations to specific portions of the patient medical record, and use-specific authorizations, the entities including one or more individual persons, groups of persons, or combinations thereof in paragraphs [0026-0027] and [0029] and [0054] and [0077-0080] and [0091] (the updated control levels update a list of entities, or referred to as operators, authorized to access a patient medical record, the entities include organizations, a person, a group of natural persons (Examiner notes the set of entities authorized to access a patient medical record meets the "at least one of" limitation)):
Williams discloses validating a received patient credential, but does not disclose the received patient credentials coming from a patient mobile device, detecting a location of the patient mobile device, and updating the informed consent parameters in response to detecting the location. However, Muse discloses a received patient credential wherein the received patient credential is received at a patient mobile device that is associated with a patient by a registration process in paragraphs [0038] and [0049-0050] (authenticating the patient username/password combination, wherein the username/password combination is received at a patient computing entity that is associated with a patient by a registration process); detect that a location of the patient mobile device corresponds to a specific location or location change in paragraphs [0049] and [0052] (detects location of the patient computing entity corresponds to recent locations (synonymous to a specific location)); in response to detecting that the location of the patient mobile device corresponds to the specific location of location change, prompt the patient mobile device to update existing patient informed consent parameters through a graphical user interface (GUI) displayed on the patient mobile device in paragraphs [0042] and [0054-0055] (in response to detecting the location of the patient computing entity corresponds to recent locations, the patient computing device determines specific conditions to override or pause the recording or deletion of data through a user interface displayed on the patient computing entity (Examiner notes that the patient computing system determining specific conditions to override or pause recording or deletion of data indicates updating patient consent parameters)); and provide access to patient medical information of the patient to a user device separate from the patient mobile device, the access to the patient medical information having one or more permissions or restrictions determined by the one or more updated patient informed consent parameters in paragraphs [0055] and [0061-0062] (providing access to patient data of the patient to a second device separate from the patient computing entity, the access to the patient data including authorizations determined by the satisfied specific conditions in regards to the recording data).
It would have been obvious to a person of ordinary skill in the art before the effective filling date of the applicant’s invention of a non-transitory, computer-readable medium of validating a received patient credential, receiving in response to validation success updated patient informed consent parameters, updating existing patient informed consent parameters, and updating entity access parameters, as disclosed by Williams, to be combined with validating patient credentials received from a patient mobile device, detecting a location, updating existing patient informed consent parameters based on the detected located, as disclosed by Muse, for the purpose of improving validity and accuracy of medical data [0019].
Claims 4-6, 8 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Williams et al. (US-20160112208-A1)[hereinafter Williams], in view of Muse et al. (US-20210241869-A1)[hereinafter Muse], in view of Curbera et al. (US-20180082024-A1)[hereinafter Curbera].
As per Claim 4, Williams and Muse disclose the method of claim 3, Williams also discloses at a second level of entity-access granularity, patient authorization enables a first sub-entity associated with the first entity to access the patient medical record, or prevents a second sub-entity associated with the first entity from accessing the patient medical record, or a combination thereof in paragraphs [0026] and [0035] and [0118-0119] (at a second level of granularity, patient authorization enables a primary care physician (synonymous to a first sub-entity) belonging to the entity to access the patient medical record).
Williams and Muse do not disclose the following limitations. However, Curbera discloses wherein, at a first level of entity-access granularity, the updated patient informed consent parameters enable a first entity to access the patient medical record by including the first entity in the updated set of entities, and revoke access to the patient medical record to a second entity by excluding the second entity from the updated set of entities in paragraphs [0007] and [0096-0097] and [0099-0100] and [0111] (at the right level of entity-access granularity, the consent protocols or referred to as content transactions (synonymous to updated patient informed consent parameters) enable a first entity to access the patient medical information (synonymous to the patient medical record) by including the first entity in the consent log (synonymous to the updated set of entities), wherein the consent log updates and identifies entities that have access granted or have access revoked, and revoke access to the patient medical information to a second entity by invalidating previously granted consent from the consent log (Examiner notes that invalidating previously granted consent indicates the second entity was excluded from the updated consent log)).
It would have been obvious to a person of ordinary skill in the art before the effective filling date of the applicant’s invention a processor implemented method of validating a received patient credential, receiving in response to validation success updated patient informed consent parameters, updating existing patient informed consent parameters, and updating entity access parameters, as disclosed by Williams and Muse, to be combined with including the first entity in the set of entities to enable access and excluding the second entity from the set of entities to revoke access, as disclosed by Curbera, for the purpose of protecting the privacy of medical records and improving the efficiency of medical information exchange [0001-0003].
As per Claim 5, Williams and Muse disclose the method of claim 3.
Williams and Muse do not disclose the following limitations. However, Curbera discloses wherein, at a first level of use granularity, use parameters enable use of the patient medical record for one or more first specified uses and prevents use of the patient medical record for second uses other than the one or more first specified uses in paragraphs [0007] and [0024] and [0111] and [0114] (at the right level of usage granularity, usage limitations (synonymous to use parameters) enable the use of patient medical information for the uses of a podiatrist and denying access to the patient medical information for using the psychological records (Examiner notes that denying access of the psychological records prevents the podiatrist from using the such information)).
It would have been obvious to a person of ordinary skill in the art before the effective filling date of the applicant’s invention a processor implemented method of validating a received patient credential, receiving in response to validation success updated patient informed consent parameters, updating existing patient informed consent parameters, and updating entity access parameters, as disclosed by Williams and Muse, to be combined with use parameters enabling use of the medical record for one reason and preventing the use for another reason, as disclosed by Curbera, for the purpose of protecting the privacy of medical records and improving the efficiency of medical information exchange [0001-0003].
As per Claim 6, Williams and Muse disclose the method of claim 3.
Williams and Muse do not disclose the following limitations. However, Curbera discloses wherein, at a first level of data-category granularity, the data category parameters enable access to a first section of the patient medical record and prevent access to a second section of the patient medical record, wherein the first section and the second section represent distinct data categories in paragraphs [0024] and [0111] and [0114] (at the right level of data structure granularity, data structure specifying the terms of consent (synonymous to the data category parameters) enable access to a first portion of the patient medical information and prevent access to a second portion of the patient information, wherein the first section and the second section represent distinct data categories).
It would have been obvious to a person of ordinary skill in the art before the effective filling date of the applicant’s invention a processor implemented method of validating a received patient credential, receiving in response to validation success updated patient informed consent parameters, updating existing patient informed consent parameters, and updating entity access parameters, as disclosed by Williams and Muse, to be combined with data category parameters that enable access to one section of the medical record and prevent access from another section, as disclosed by Curbera, for the purpose of protecting the privacy of medical records and improving the efficiency of medical information exchange [0001-0003].
As per Claim 8, Williams and Muse disclose the method of claim 3.
Williams and Muse do not disclose the following limitations. However, Curbera discloses wherein, at a first level of event granularity, the event parameters enable the access to the patient medical record based on an event, wherein the events comprise at least one of: an emergency event, a medical procedure event, a treatment related event, a diagnostic event, a post-treatment event, a billing event, or a clinical trial event, or a research event, or a combination thereof in paragraphs [0007] and [0024] and [0112-0114] (at the right level of usage granularity, the date and time limitations (synonymous to the event parameters) enable access to the patient medical information based on the time and date of the doctor visit (synonymous to a medical procedure event)).
It would have been obvious to a person of ordinary skill in the art before the effective filling date of the applicant’s invention a processor implemented method of validating a received patient credential, receiving in response to validation success updated patient informed consent parameters, updating existing patient informed consent parameters, and updating entity access parameters, as disclosed by Williams and Muse, to be combined with event parameters that enable access to the medical record based on an event, as disclosed by Curbera, for the purpose of protecting the privacy of medical records and improving the efficiency of medical information exchange [0001-0003].
As per Claim 14, Williams and Muse disclose the system of claim 12.
Williams and Muse do not disclose the following limitations. However, Curbera discloses wherein, at a third level of granularity, the GUI enables the patient to authorize an entity to access a first portion of the patient medical record and not a second portion of the patient medical record in paragraphs [0024] and [0096-0100] and [0111-0112] and [0114] (at a right level of granularity, the consent and information management system, referred to as CIMS, enable the patient through the dashboard to authorize an entity to access to a first portion of the patient medical information (synonymous to the patient medical record) and prevent access to a second portion of the patient information (Examiner notes that CIMS employs mechanisms that provide protocols and applications to facilitate user authorization for medical information exchange which indicates that there is an graphical user interface enabling the patient to authorize access)).
It would have been obvious to a person of ordinary skill in the art before the effective filling date of the applicant’s invention of a system of validating a received patient credential, receiving in response to validation success updated patient informed consent parameters, updating existing patient informed consent parameters, and updating entity access parameters, as disclosed by Williams and Muse, to be combined with the GUI enabling the patient to authorize the entity access to a first portion and not a second potion of the medical record, as disclosed by Curbera, for the purpose of protecting the privacy of medical records and improving the efficiency of medical information exchange [0001-0003].
Claims 9-10 are rejected under 35 U.S.C. 103 as being unpatentable over Williams et al. (US-20160112208-A1)[hereinafter Williams], in view of Muse et al. (US-20210241869-A1)[hereinafter Muse], in view of De Araujo et al. (US-20220245270-A1)[hereinafter De Araujo].
As per Claim 9, Williams and Muse disclose the method of claim 3.
Williams and Muse do not disclose the following limitations. However, De Araujo discloses wherein at a first level of measure granularity, the measure parameters enable the access or use of the patient medical record based on measures associated with the patient medical record, wherein the measures comprise at least one of: de- identification, aggregation, anonymization, or pseudo-anonymization in paragraphs [0042] and [0045] and [0082] (at a specified level of access (synonymous to at a first level of measure granularity) the consent authorized mode (synonymous to the measure parameters) enable access of the patient health record based on anonymization).
It would have been obvious to a person of ordinary skill in the art before the effective filling date of the applicant’s invention a processor implemented method of validating a received patient credential, receiving in response to validation success updated patient informed consent parameters, updating existing patient informed consent parameters, and updating entity access parameters, as disclosed by Williams and Muse, to be combined with measure parameters enabling access to the medical record based on de-identification, aggregation, anonymization, or pseudo-anonymization, as disclosed by De Araujo, for the purpose of decreasing preventable injuries and deaths, decreasing the cost of medical insurance, and increasing the speed of innovation [0003].
As per Claim 10, Williams, Muse, and De Araujo disclose the method of claim 9.
Williams and Muse do not disclose the following limitations. However, De Araujo discloses wherein the measure parameters are implicitly determined based on a corresponding jurisdiction associated with the one or more entities in the updated set of entities in paragraphs [0042] and [0082] and [0111] (the consent authorized mode is determined based on the authorized users (synonymous to the one or more entities in the updated set of entities)).
It would have been obvious to a person of ordinary skill in the art before the effective filling date of the applicant’s invention a processor implemented method of validating a received patient credential, receiving in response to validation success updated patient informed consent parameters, updating existing patient informed consent parameters, and updating entity access parameters, as disclosed by Williams and Muse, to be combined with measure parameters are determined based on the entities in the set of entities, as disclosed by De Araujo, for the purpose of decreasing preventable injuries and deaths, decreasing the cost of medical insurance, and increasing the speed of innovation [0003].
Response to Arguments
Applicant's arguments, see Pages 8-10, “101 Rejections”, filed 11/21/2025 with respect to claims 1,11, and 20 have been fully considered but they are not persuasive.
Applicant argues that each independent claim recites a practical application by providing an improvement to the usability of a mobile device through location-dependent prompting and corresponding customization of consent through a GUI. Examiner respectfully disagrees. The claims do not recite an improvement to device usability technology. The claims merely recite validating a received patient credentials, detecting a location, update existing patient informed consent parameters, receiving updated patient informed consent parameters, dynamically updating existing patient informed consent parameters, updating entity-access parameters, and providing access to patient medical information, which are a part of the abstract idea. An improvement to the abstract ideas of validating a received patient credentials, detecting a location, update existing patient informed consent parameters, receiving updated patient informed consent parameters, dynamically updating existing patient informed consent parameters, updating entity-access parameters, and providing access to patient medical information does not amount to an improvement to technology or a technical field (see MPEP § 2106.05(a)(II) stating “it is important to keep in mind that an improvement in the abstract idea itself (e.g. a recited fundamental economic concept) is not an improvement in technology."). The courts indicated in TLI Communications, 823 F.3d at 612-13, 118 USPQ2d at 1747-48, that gathering and analyzing information using conventional techniques and providing the output is not sufficient to show an improvement to technology. The claim language and instant application fails to provide details regarding how a computer aids the method, the extent to which the computer aids the method, or the significance of a computer to the performance of the method. Here, the improvement is to validating a received patient credentials, detecting a location, update existing patient informed consent parameters, receiving updated patient informed consent parameters, dynamically updating existing patient informed consent parameters, updating entity-access parameters, and providing access to patient medical information. There is no indication in the disclosure that the involvement of a computer assists in improving the technology for the outlined problem statement. Merely adding generic computer components to perform the method is not sufficient.
Applicant argues that the claim recites an inventive concept in a non-generic and non-conventional arrangement that provides customizable consent parameters based on a prompt specific to a location or location change in a patient mobile device that is separate from the user device where access to patient medical information is provided. Examiner respectfully disagrees. The amended claim limitations are directed to validating a received patient credentials, detecting a location, update existing patient informed consent parameters, receiving updated patient informed consent parameters, dynamically updating existing patient informed consent parameters, updating entity-access parameters, and providing access to patient medical information. The use of the processor, patient mobile device, graphical user interface (GUI) displayed on the patient mobile device, user device separate from the patient mobile device, memory, communications interface, and non-transitory computer-readable medium to carry out the steps of the abstract idea is merely applying the abstract idea to general purpose computer components which amounts to mere instructions to apply the exceptions, see MPEP 2106.05(f)(2). The courts indicated in Alice Corp., 573 U.S. at 225-26, 110 USPQ2d at 1984, that “a limitation indicating that a particular function such as creating and maintaining electronic records is performed by a computer” is not enough to qualify as significantly more.
Applicant argues that, see Pages 10-11, “102 Rejections” and “103 Rejections”, filed 11/21/2025 with respect to claims 1-20 have been fully considered. With regards to Claims 1-3, 7, 11-13, and 15-20, Applicant argues that Williams fails to disclose or suggest all of the features recited in each independent claim. Specifically, Applicant argues that Williams fails to disclose "detecting that a location of the patient mobile device corresponds to a specific location or location change; in response to detecting that the location of the patient mobile device corresponds to the specific location or location change, prompting the patient mobile device to update existing patient informed consent parameters through a graphical user interface (GUI) displayed on the patient mobile device." Examiner finds this persuasive. Therefore, the rejection of 08/20/2025 has been withdrawn. However, upon further consideration a new grounds of rejection is made over Williams in view of Muse. As per the rejections of Claims 4-6, 8, and 14, Applicant argues that Williams in view of Curbera fails to disclose the features recited as amended. Examiner disagrees and points Applicant to the updated rejection and citations in the 103 rejections above.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Kaye, Jane et al. “Dynamic consent: a patient interface for twenty-first century research networks.” (2015) teaches on a dynamic consent system that allows participant consent preferences to travel with their data during information exchanges.
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KRYSTEN N WRIGHT whose telephone number is (571)272-5116. The examiner can normally be reached Monday thru Friday 8 - 5 pm, ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Fonya Long can be reached on (571)270-5096. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/K.N.W./
Examiner, Art Unit 3682
/FONYA M LONG/Supervisory Patent Examiner, Art Unit 3682