Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This is in response to Application #18/818,115 filed on 08/28/2024 in which Claims 1-20 are presented for examination.
Status of Claims
Claims 1-20 are pending, of which Claims 1, 2, 8, 9, 15, 16 are rejected under 35 U.S.C. 103 ,dependent Claims 3-7, 10-14, 17-20 are objected to as being allowable as a whole over prior art if rewritten in independent form including all of the limitations of their base independent claim and any intervening dependent claims.
Applicant’s Most Recent Claim Set of 08/28/2024
Applicant’s most recent claim set of 08/28/2024 is considered to be the latest claim set under consideration by the examiner.
Prior Art Rejections - 35 USC § 102 and/or 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claim(s) 1, 2, 8, 9, 15, 16 are rejected under 35 U.S.C. 103 as being unpatentable over Rock US Patent Application Publication #2014/0297301 in view of Dove et al US Patent Application Publication #2013/0006867.
Regarding Claim 1, Rock discloses:
A computer-implemented method, comprising: receiving an upload request from a mobile user device, the upload request comprising health record data and a set of unique data identifiers corresponding to the health record data [(Rock Abstract Lines 1-17; Par 42 Lines 1-3; Par 43 Lines 1-4; Fig 4 Item 403; Fig 9 Items 921, 920; Fig 10 Item 1005; Fig 19 Items 1900,m, 1904, 1908, 1912) where Rock teaches a computer implemented method composed of numerous interconnected computers for monitoring and coordinating the collecting of medical information from various wireless patient medical sensors through Mobile User Devices interacting with the patient, including the receipt of alert requests from or through the Mobile User Devices providing health monitoring record data and necessary associated unique data identifiers to identify the purpose of the monitored and recorded health record data];
storing, in a storage, the health record data in accordance with the set of unique data identifiers [(Rock Par 172 Lines 1-2; Fig 10 Item 1005, 1007) where Rock teaches the logging or storage of the alert provided health record data with the necessary associated data identifiers to identify the purpose of the monitored and recorded health record data];
receiving a query from an electronic health record system associated with a health institution, the query comprising at least one unique data identifier of the set of unique data identifiers [(Rock Par 206 Lines 1-9) where Rock teaches that patient alerts can be queried or retrieved by health institutions along with the necessary associated data identifiers to identify the purpose of the queried or retrieved patient alert];
retrieving, from the storage using the at least one unique data identifier, the health record data [(Rock Par 206 Lines 1-9; Par 209 Lines 1-12) where Rock teaches that patient alerts can be queried or retrieved by health institutions with these separate patient alerts identified by the necessary associated data identifiers to identify the purpose of the queried or retrieved patient alert]; and
sending the health record data for viewing by the electronic health record system of the health institution system [(Rock Par 164 Lines 1-11; Par 198 Lines 1-3; Par 199 Lines 1-6; Par 200 Lines 1-5; Par 206 Lines 1-9; Par 209 Lines 1-12; Fig 9 Item 917) where Rock teaches the visual display of patient dashboard analytics based on these retrieved both real time and stored in the health record data patient alerts].
Rock does not appear to explicitly disclose:
secure encrypted storage of health record data
However, Dove et al discloses:
secure encrypted storage of health record data [(Dove et al Par 34 Lines 1-5) where Dove al explicitly teaches the secure storage of encrypted health record data, which although taught implicitly in Rock et al, due to 100% of any and all patient health record data in the United States being required by Law as specified in HIPAA rules and regulations to be stored securely, preferably encrypted, Rock et al does not explicitly state this, while Dove et al does].
Rock and Dove et al are analogous art because they are from the “same field of endeavor” and are from the same “problem-solving area”. Namely, they are both from the field of “information security”.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Rock and the teachings of Dove al by providing the secure storage of encrypted health record data as taught by Dove al in the teaching described by Rock.
The motivation for doing so would be to increase the usability and flexibility of Rock by providing the secure storage of encrypted health record data as taught by Dove al in the teaching described by Rock so as to provide secure storage of private patient health record data, as required by Law in most if not all Western Nations.
Regarding Claim 2, the combination of Rock et al and Dove et al discloses:
The computer-implemented method of claim 1, wherein sending the encrypted health record data for viewing by the electronic health record system comprises sending the encrypted health record data without sending cryptographic keys for decrypting the encrypted health record data [(Rock Par 164 Lines 1-11; Par 198 Lines 1-3; Par 199 Lines 1-6; Par 200 Lines 1-5; Par 206 Lines 1-9; Par 209 Lines 1-12; Fig 9 Item 917) where Rock teaches the visual display of patient dashboard analytics based on these retrieved both real time and stored in the health record data patient alerts with no keys sent for decrypting the encrypted health record data transmitted or sent along with the encrypted health record data].
Regarding Claim 8:
It is a system claim corresponding to the method claim of claim 1. Therefore, claim 8 is rejected with the same rationale as applied against claim 1 above.
Regarding Claim 9:
It is a system claim corresponding to the method claim of claim 2. Therefore, claim 9 is rejected with the same rationale as applied against claim 2 above.
Regarding Claim 15:
It is a medium claim corresponding to the method claim of claim 1. Therefore, claim 15 is rejected with the same rationale as applied against claim 1 above.
Regarding Claim 16:
It is a medium claim corresponding to the method claim of claim 2. Therefore, claim 16 is rejected with the same rationale as applied against claim 2 above.
Allowable Subject Matter – Dependent Claim(s)
Claims 3-7, 10-14, 17-20 are objected to as being dependent upon a rejected base claim, but would be allowable as a whole over prior art if rewritten in independent form including all of the limitations of their base independent claim, and any intervening dependent claims.
The following is a statement of reasons for the indication of allowable subject matter.
The closest prior art, as recited, Rock US Patent Application Publication #2014/0297301 and Dove et al US Patent Application Publication #2013/0006867, are also generally directed to various aspects of implementing cryptographic protections to secure sensitive health data. However, Rock or Dove et al does not teach or suggest, either singularly or in combination, the particular combination of steps or elements as recited in the dependent Claims 3-7, 10-14, 17-20 when also incorporating all of the limitations of their base independent claim and any intervening dependent claims. For example, none of the cited prior art teaches or suggests the steps of:
where each unique identifier of the set of unique data identifiers corresponds to at least one node of a multi-node data structure, receiving a user identifying information element from the mobile user device, and authenticating, based on the user identifying information element, that the mobile user device is an approved user device, where the approved user device is one of a user device of a particular model, a user device operating a specific operating system, a user device operating a specific version of an operating system, or a user device operating a particular application, where the user identifying information element includes a device identifier, and wherein authenticating the mobile user device includes checking that the approved user device is on a list of authorized devices, receiving a health institution identifying information element from the electronic health record system; and authenticating, based on the health institution identifying information element, that the electronic health record system is an approved health institution device.
As recited in dependent Claims 3-7, 10-14, 17-20 when also incorporating all of the limitations of their base independent claim, any intervening dependent claims, any additional limitations found in dependent Claims 3-7, 10-14, 17-20.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Aunger et al - US_20200057867: Aunger et al teaches trust-based access to sensitive personal records.
Wang et al - US_20200327250: Wang et al teaches decentralized ownership and secure sharing of personalized health data.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRADLEY HOLDER whose telephone number is 571-270-3789. The examiner can normally be reached on Monday-Friday 10:00AM-7:00PM Eastern Time.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Linglan Edwards, can be reached on (571) 270-5440. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BRADLEY W HOLDER/
Primary Examiner, Art Unit 2408