DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-11 have been examined and are pending.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 04/04/2025 was filed. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claim(s) 1-7 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Yang 8239706 B1.
Regarding claim 1, Yang teaches a method of retrieving medical patient data after a system outage, comprising [Yang 8239706 B1 col 1, lines 25-31 and 59-63 data retrieval for record keeping purposes of distributed electronic healthcare information systems use traditional techniques for protecting data from the above failures; backups vulnerable to data loss and recovery point objective (RPO) and recovery time objective (RTO), where RPO measures the maximum acceptable age of data at the time of outage.]:
providing a non-transitory machine-readable medium storing instructions executable by a processor which, when executed by the processor, cause the processor to [Yang 8239706 B1 col 9, lines 18-21 write operations in accordance with an embodiment of invention from host computer.]:
provide an authentication interface to permit a user to be granted access to at least one encrypted document file that is also stored on the non-transitory machine-readable medium, said at least one encrypted document including patient data for at least one patient [Yang 8239706 B1 col 13, lines 28-35, 45-51, and 55-59 Distributed Electronic Information Systems provide secure and efficient data replay of secured data storage architecture; where the recording and transmission of encrypted parities are done in background without requirement of explicit involvement of users. Supporting replay/review of electronic health record (HER) data by any authorized healthcare provider in distributed electronic healthcare information system, known as REAPIT for Replay HER at Any-Point-In-Time. Col 14, lines 5-7 user-friendly interface allows a user to choose any point-in-time to replay HER data.].
Regarding claim 2, Yang teaches claim 1 as described above.
further comprising authenticating and unencrypting said at least one encrypted document on a local machine [Yang 8239706 B1 col 4, lines 5-18 well known, data encryption and decryption for large amount of patient data to be stored and transmitted over the EHR system].
Regarding claim 3, Yang teaches claim 1 as described above.
further comprising providing instructions to the user in order to access the at least one encrypted document file [Yang 8239706 B1 col 3, lines 9-11 providing data retrieval for record keeping…allowing healthcare providers…to share and easily access a variety of electronic health records (EHR). Col 4, lines 5-12 EHR (encrypted) data is stored and transmitted in a distributed environment].
Regarding claim 4, Yang teaches claim 3 as described above.
wherein the instruction to access the at least one encrypted document file are located on and accessed from a server [Yang 8239706 B1 col 6, lines 62-66 and col 8, lines 34-40 implementation includes a plurality of client stations 32, 34 as well as an application server 36 and a storage server 38].
Regarding claim 5, the combination of teach claim 3 as described above.
wherein the instruction to access the at least one encrypted document file are located on and accessed from a web-enabled server [Yang 8239706 B1 col 10, lines 59-60 benchmark comprises a set of operations on web server].
Regarding claim 6, the combination of teach claim 3 as described above.
wherein the instruction to access the at least one encrypted document file are located on and accessed from the non-transitory machine-readable medium [Yang 8239706 B1 col 14, lines 19-20 24-26].
Regarding claim 7, Yang teaches claim 7 as described above.
wherein the authentication interface is provided by executable code stored on the non-transitory machine-readable medium [Yang 8239706 B1 Col 15, lines 4-15 RAID storage system include a plurality of data storage disks 212, 214, 214 where RAID controller performs operations.].
Claim(s) 1-7 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Quinn et al, hereinafter (“Quinn”), US PG Publication 20170237747 A1.
Regarding claim 11, Quinn teaches a method of providing updated data to clinicians in a hospital or clinic after a compromising event has compromised a computer system of the hospital clinic, comprising [Quinn ¶0018 and 0068]:
generating patient data reports that include patient data obtained from a healthcare information system (HCIS) of the hospital or clinic prior to the compromising event [Quinn ¶¶0067-0068 protected digital assets secure agent generate events needed to open patient records by a certain hospital]; encrypting the patient reports [Quinn ¶¶0017-0018 data asset encryption];
storing the encrypted reports on a secure server in a manner that permits their retrieval after the network of the hospital or clinic becomes disabled due to the compromising event [Quinn ¶0069 generated events can be consumed and processed by data analytics and reporting system (DARS) 150]; and
repeating the aforementioned steps at regular intervals to ensure that recent patient data is captured to permit said recent patient data to be accessed by clinicians after the compromising event [Quinn ¶0119 the system can iterate over the retrieved/selected policy instances].
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 8-10 are rejected under 35 U.S.C. 103 as being unpatentable over Yang 8239706 B1, in view of Devarajan et al 20150326613 A1, hereinafter (“Devarajan”), US PG Publication 20170237747 A1.
Regarding claim 8, Yang teaches claim 7 as described above.
However, Yang fails to explicitly teach but Devarajan teaches wherein the executable code stored on the non-transitory machine-readable medium is configured to seek an active directory on a server in order to authenticate the user [Devarajan Abstract – ability to authenticate organizations and users for policy enforcement/access logging. ¶0076 features of company’s active directory].
Yang teaches all the features of claim 8 not wherein the executable code stored on the non-transitory machine-readable medium is configured to seek an active directory on a server in order to authenticate the user. Devarajan teaches dynamic user identification and policy enforcement. Because both Yang and Devarajan are from the same field of endeavor of network architectures or network communication protocols, it would have been obvious to one skilled in the art before the effective filing date of the claimed invention was made to use the active directory functionality as taught by Devarajan to improve the ability to control and manage user authentication [Devarajan ¶0076].
Regarding claim 9, the combination of Yang and Devarajan teach claim 7 as described above.
However, Yang fails to explicitly teach but Devarajan teaches wherein the executable code is configured to generate and store audit trail data in an encrypted audit trail data file indicating when data was accessed from the non-transitory machine-readable medium and who accessed the data from the non-transitory machine-readable medium [Devarajan ¶0034 audit logs that tracks and dynamically associated traffic to users access per various policies].
Yang teaches all the features of claim 9 not wherein the executable code is configured to generate and store audit trail data in an encrypted audit trail data file indicating when data was accessed from the non-transitory machine-readable medium and who accessed the data from the non-transitory machine-readable medium. Devarajan teaches dynamic user identification and policy enforcement. Because both Yang and Devarajan are from the same field of endeavor of network architectures or network communication protocols, it would have been obvious to one skilled in the art before the effective filing date of the claimed invention was made to use the active directory functionality as taught by Devarajan to improve the ability to control and manage user authentication [Devarajan ¶0076].
Regarding claim 10, the combination of Yang and Devarajan teach claim 9 as described above.
However, Yang fails to explicitly teach but Devarajan teaches wherein the audit trail data file is set to an active directory path and is configured to query said active directory path by default [Devarajan ¶¶0049 0076 0086 general information queries; uses AD services which Examiner interpret the Lightweight Directory Access Protocol (LDAP) to identify and set active directory paths which is part of the organization’s AD structure.].
Yang teaches all the features of claim 10 not wherein the audit trail data file is set to an active directory path and is configured to query said active directory path by default. Devarajan teaches dynamic user identification and policy enforcement. Because both Yang and Devarajan are from the same field of endeavor of network architectures or network communication protocols, it would have been obvious to one skilled in the art before the effective filing date of the claimed invention was made to use the active directory functionality as taught by Devarajan to improve the ability to control and manage user authentication [Devarajan ¶0076].
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Burt et al WO-2004049233-A1 teaches Proactive support of a healthcare information system.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAKINAH WHITE-TAYLOR whose telephone number is (571)270-0682. The examiner can normally be reached Monday-Friday, 10:45a-6:45p.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, CATHERINE THIAW can be reached at 571-270-1138. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
SAKINAH WHITE-TAYLOR
Primary Examiner
Art Unit 2407
/Sakinah White-Taylor/Primary Examiner, Art Unit 2407