DETAILED ACTION
1. 	This Non-Final Office Action is in response to application filed on 10/29/2019.  	Claims 1-20 are being considered on the merits. 	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Drawings
2. 	The drawings filed on 10/29/2019 are accepted. 
Information Disclosure Statement
3.	The information disclosure statement (IDS) submitted on 10/29/2019 has been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, an initialed and dated copy of the Applicant’s IDS forms 1449 filed on 10/29/2019 is attached to this office action. 
Double Patenting
4.	Claim 1 of this application is patentably indistinct from claims 1 and 21 of Application No. 15/399,276. Pursuant to 37 CFR 1.78(f), when two or more applications filed by the same applicant or assignee contain patentably indistinct claims, elimination of such claims from all but one application may be required in the absence of good and sufficient reason for their retention during pendency in more than one application. Applicant is required to either cancel the patentably indistinct claims from all but one application or maintain a clear line of demarcation between the applications. See MPEP § 822.
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-9 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-9 and 21-29 of U.S. Patent No. 10,476,876. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims disclose a method and system for managing access to user profiles and content blocks. The system disclosed in claim 1 includes the same limitations of the system and method and of claims 1 and 21 disclosed in U.S. Patent No. 10,476,876. 

Claims 2-9 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 2-9 and 22-29 of U.S. Patent No. 10,476,876.

As indicated in the table below, these dependent claims of the instant application are anticipated by the corresponding claims of U.S. Patent No. 10,476,876, because the subject matter claimed in the following dependent claims of the instant application is fully disclosed and covered by the corresponding claims of US Patent No. 10,476,876.

Instant application. Application No. 16/667,468
U.S Patent No. 10,476,876
Claim 1
Claim 1 and 21
Claim 2
Claim 2 and 22
Claim 3
Claim 3 and 23
Claim 4
Claim 4 and 24
Claim 5
Claim 5 and 25
Claim 6
Claim 6 and 26
Claim 7
Claim 7 and 27
Claim 8
Claim 8 and 28
Claim 9
Claim 9 and 29


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:



5.	Claims 1-16 are rejected under 35 U.S.C. 103 as being unpatentable over US Pub No. 2008/0172737 A1 to Shen, (hereinafter, “Shen”) in view of US Pub. No. US 2012/0239417 A1 to Pourfallah, (hereinafter, “Pourfallah”) and in further view of US Pub No. US 2006/0229918 A1 to Fotch, (hereinafter, “Fotch”).

As per claim 1, Shen teaches system for use in implementing access controls to content blocks of a user profile associated with a user, the system comprising: 
a memory including a user profile for a user (Shen, para. [0028] discloses “Patient client node 102 (user profile) … comprise hardware platforms which may be in the form of personal computers (memory), handheld personal computing devices, or other browser-enabled platforms capable of uploading and downloading and processing medical data contained within medical records database 112.”), the user profile including multiple content blocks, each of the content blocks of the user profile associated with a permission and including content related to the user (Shen, para. [0029] discloses “medical records management system 100 provides a client server application that controls access to the individual per patient medical data contained within medical records database 112. Specifically, the application provides a hierarchical medical records access control mechanism whereby a single top level source, such as the patient him/herself, specifies a conditionally-defined top level access which in turn provides recursively limited authorized access to lower access levels such as may be defined by various identities or categories of healthcare providers. In accordance with the invention, the conditions defining the top and lower level access include a temporal limitation, data scope limitation, and data processing permissions (e.g. read/write).”); and 
an access engine computing device coupled to the memory (Shen, para. [0044] discloses “FIG. 4 further depicts multiple patient client nodes 102a-102n communicatively coupled to medical records server 104, and each having respective user login modules 404a-404n.”) and configured to:
receive an access command from the user via a communication device, the access command including a designation of the first content block for access by a provider and an identity of the provider (Shen, para. [0044] discloses “access manager 405 receives account control information in the form of access authorization accounts that specify access parameters relating to patients' medical records. An access authorization account may be embodied by one or more access authorization objects 416 generated by user login modules 404. An access authorization object specifies conditional access grants to medical records for specified patients.” Furthermore, para. [0046] discloses “Each of access authorization objects 605-615 includes access parameters including an authorization/authentication field 602, an access period field 604, a content scope field 606, and an access scope field 608. Access authorization objects 605-615 further include a password field 622, an alternative access ID field 624, a parent account ID field 626, a child account ID field 628, and a log data field 630. Each of the access parameter fields includes access authorization limitations/restrictions set by a given access authorizer such as the patient or a medical provider.”);
in response to the communication device being in proximity to the provider, expose the first content block to the provider, thereby granting the access for the provider to the first content block (Shen, para. [0054] discloses “Access manager 405 processes one of access authorization accounts to generates a corresponding temporal account object 408 which is sent to requester client 415. Temporal account object 408 contains medical record data for a patient's medical records within electronic medical records 406 for which access has been authorized by one of access authorization objects 416a-416n. Limits on access authorization may include limitations on the scope of medical record data included in the temporal account object 408 as well as data access limitations”); and 
in response to the communication device being out of proximity to the provider, terminate the access of the provider to the first content block (Shen, para. [0060] discloses “As depicted at steps 712, 714 and 716, the process of receiving access requests and comparing the request data with access authorization parameters continues until the access period specified by the access authorization object expires and the object account is terminated accordingly.”).

Shen teaches all the above limitations of claim 1 above, however fails to explicitly teach, but Pourfallah teaches:
wherein the multiple content blocks include a first content block having one or more of a payment account credential associated with the user, insurance information associated with the user, and medical information associated with the user (Pourfallah, para. [0071] “In one implementation, the payment request 217 may comprise information such as user profile information, user insurance information, user pre-loaded account information, medical bill information, and/or the like.” and para. [0113] “Within implementations, the healthcare sponsor entity 470 may verify the credentials and authorize the access request from H-Wallet. For example, the healthcare sponsor 470 may determine whether user credentials, confirmation, etc. are received to indicate authorization from account owner, whether the benefit sponsor allows the access, etc.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Pourfallah’s healthcare wallet payment processing methods and systems into Shen’s secure electronic medical record management system, with a motivation for a user to exert access control of his healthcare payment information and access to (Pourfallah, para. [0045] and para. [0103]).

The combination of Shen and Pourfallah teach all the above limitations of claim 1 above, however fail to explicitly teach, but Fotch teaches:
modify the permission associated with the first content block in relation to the provider to permit the access by the provider (Fotch, para. [0105] discloses “Default permissions may also be established when the patient (or caregiver) accesses the electronic personal health record via a web site of a particular physician… If the patient (or caregiver) chooses to change this default status, they can simply revoke the permission to access that was automatically granted to the physician.” Furthermore, para. [0106] discloses “The health record permission grant may establish whether permission to access at least a portion of the electronic personal health record associated with the patient has been granted to one or more individuals. For instance, the permission to access that is granted (or denied) a particular individual may include read, write (e.g., including delete), and/or forwarding privileges.”)

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Fotch’s electronic personal health system into Pourfallah’s healthcare wallet payment processing methods and systems and Shen’s secure electronic medical record management system, with a motivation to protect confidential and sensitive information (Fotch, para. [0018]).

As per claim 2, the combination of Shen, Pourfallah and Fotch teach the system of claim 1, wherein the access engine computing device is further configured to receive a request from the provider (Shen, para. [0052] discloses “a requesting party at requester client 415 may send a request to access a specified patient's medical record data among electronic medical records 406.”); and 
wherein the access engine computing device is configured, in connection with exposing the first content block to the provider, to expose the first content block to the provider in response to the at least one of the multiple content blocks included in the request received from the provider matching the first content block (Shen, para. [0053] discloses “The code verification validates the record request authenticity and authorization, for example, by correlating patient identification data, such as name, social security number, DOB, etc. with healthcare or account identification information such as provider account numbers or identifiers. Responsive to successful request authorization validation, access manager 405 determines the security or privacy status of the requested electronic medical record. In this aspect, access manager 405 may process access authorization objects 416a-416n received from patient client nodes 102a-102n to determine whether a patient has recorded authorizations relating to the scope of medical record data to be release and the manner and character of access and read/write permissions.”). 

As per claim 3, the combination of Shen, Pourfallah and Fotch teach the system of claim 2, wherein the access engine computing device is further configured to grant the access to the provider for the at least one of the multiple content blocks included in the request received from the provider, in response to said at least one of the multiple content blocks being different from the first content block (Shen, para. [0030] discloses “the present invention enables a patient at patient client node 102 to approve access to their medical records for medical research...A medical provider at one of provider nodes 116, 118, 120 or other nodes may request expanded access to specified medical information which may or may not be granted such as from patient client node 102 using the mechanisms described herein.” Furthermore, para. [0031] discloses “[0031] Providers and patients at any of the client nodes may access the records within medical records database 112 using encryption protected web browsers and may further utilize server-type software tools such as Java applets to provide various graphical and textual access. The hardware platforms for client nodes 102, 116, 118, and 120 may include but are not limited to PCs, hand-held computers, wireless phones, vehicle-mounted computers, etc.”). 

solicit the user via the communication device to grant the access to the provider(Pourfallah, para. [0283] “FIG. 14B shows an exemplary display screen 1430 which indicates another FaceBook page of the Acme Medical Group that is a doctor-patient portal as seen at reference no. 1438. Marquees, typical of FaceBook, are seen at reference no. 1432, 1434 and 1436. At reference no. 1440 of display screen 1430, a password is solicited from a patient in order to view the patient's sensitive healthcare related information maintained by Acme Medical Group (or agent thereof) to be displayed in daughter window 1446.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Pourfallah’s healthcare wallet payment processing methods and systems into Shen’s secure electronic medical record management system, with a motivation for a user to exert access control of his healthcare payment information and access to various information for processing against the restricted use and regulatory business rules (Pourfallah, para. [0045] and para. [0103]).

As per claim 4, the combination of Shen, Pourfallah and Fotch teach the system of claim 1, wherein the access engine computing device is further configured to: 
(Shen, para. [0059] discloses “In response to receiving a request for one or more medical records of the specified patient, access manager 405 validates the request by authenticating a user ID and password code received in the access request (steps 706 and 708). In a preferred embodiment, the authorized user identification specified by the access authorization account received at step 704 includes a user identification code and a password code. The user identification code identifies the particular person or entity to which access authorization is to be granted, while the password serves as a security feature ensuring hierarchical integrity between the presently received sub-account object and its originating top-level account.”); and 
in response to expiration of a duration of the granted access, terminate the access of the provider to the first content block (Shen, para. [0060] discloses “As depicted at steps 712, 714 and 716, the process of receiving access requests and comparing the request data with access authorization parameters continues until the access period specified by the access authorization object expires and the object account is terminated accordingly.”). 

As per claim 5, the combination of Shen, Pourfallah and Fotch teach the system of claim 1, wherein the access engine computing device is further configured to notify the provider of the granted access, in response to the first content block being exposed to the provider (Fotch, para. [0048] discloses “a notification of health record access may enable a user 106 to notify a healthcare provider 108 of access to his or her medical records.”). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Fotch’s electronic personal health system into Pourfallah’s healthcare wallet payment processing methods and systems and Shen’s secure (Fotch, para. [0018]).

As per claim 6, the combination of Shen, Pourfallah and Fotch teach the system of claim 1, wherein the granted access includes a read-only access (Fotch, para. [0021] discloses “if a healthcare provider has only been granted read access, that healthcare provider may only grant read access rights to another individual.”). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Fotch’s electronic personal health system into Pourfallah’s healthcare wallet payment processing methods and systems and Shen’s secure electronic medical record management system, with a motivation to protect confidential and sensitive information (Fotch, para. [0018]).

As per claim 7, the combination of Shen, Pourfallah and Fotch teach the system of claim 1, wherein the granted access includes a read access and a write access (Fotch, para. [0052] discloses “Full access allows the practice member(s) complete access to the mailbox and setup pages, including read, write, reply, forwarding and delete control access.”). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Fotch’s electronic personal health system into Pourfallah’s healthcare wallet payment processing methods and systems and Shen’s secure electronic medical record management system, with a motivation to protect confidential and sensitive information (Fotch, para. [0018]).

As per claim 8, the combination of Shen, Pourfallah and Fotch teach the system of claim 1, wherein the access engine computing device is configured, in connection with exposing the first content block to the provider, to transmit the first content block to the provider (Fotch, para. [0016] discloses “patient information obtained from an electronic health record may be provided or transmitted (e.g., in paper or electronic form), thereby enabling such information to be shared among various entities interested in such information.”); and
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Fotch’s electronic personal health system into Pourfallah’s healthcare wallet payment processing methods and systems and Shen’s secure electronic medical record management system, with a motivation to protect confidential and sensitive information (Fotch, para. [0018]).

wherein the first content block, when transmitted, includes a header indicating a content block type of the first content block (Pourfallah, TABLE-US-00002 shows a header including multiple content block types and at least one content block).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Pourfallah’s healthcare wallet payment processing methods and systems into Shen’s secure electronic medical record management system, with a motivation for a user to exert access control of his healthcare payment information and access to various information for processing against the restricted use and regulatory business rules (Pourfallah, para. [0045] and para. [0103]).

As per claim 9, the combination of Shen, Pourfallah and Fotch teach the system of claim 1, wherein the multiple content blocks included in the user profile for the user are each formatted (Shen, para. [0043] discloses “FIG. 5A provides a more detailed illustration of medical records 406 such as may be included within medical records database 112 in accordance with one embodiment of the present invention. Medical records 406 generally comprising multiple row-wise patient medical record entries. Each of the row-wise patient records includes medical record data represented in the figure as column-wise categorized. For example, each of patient records includes a patient ID field as well as fields specifying prescription data, allergies data, surgeries, vaccinations, etc.” This shows each record for each patient in the same standard format.). 

As per claim 10, , Shen discloses a computer-implemented method for granting access to content blocks in a user profile associated with a user, the method comprising: 
receiving, by a computing device, a request from a recipient to access at least one content block in a user profile associated with a user (Shen, para. [0052] discloses “a requesting party at requester client 415 may send a request to access a specified patient's medical record data among electronic medical records 406.”);
verifying, by the computing device, that access is granted by the user to the at least one content block identified in the request from the recipient (Shen, para. [0060] discloses “access manager 405 generates temporal account object 408 in accordance with access parameters, such as those shown in FIG. 6, required by whichever access authorization account accommodates the access request parameters (steps 708 and 710).”);
in response to access being granted by the user to the at least one content block, exposing, by the computing device, the at least one content block to the recipient consistent with the granted access (Shen, para. [0062] discloses “[0062] If the user ID and password are found by the access manager to match authorizations contained in the parent account, access to the sub-account is permitted.”); and

only when a communication device associated with the user is in proximity to the recipient (Pourfallah, para. [0423] “User input devices 2711 often are a type of peripheral device 512 (see below) and may include: card readers, dongles, finger print readers, gloves, graphics tablets, joysticks, keyboards, microphones, mouse (mice), remote controls, retina readers, touch screens (e.g., capacitive, resistive, etc.), trackballs, trackpads, sensors (e.g., accelerometers, ambient light, GPS, gyroscopes, proximity, etc.), styluses, and/or the like.”); and

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Pourfallah’s healthcare wallet payment processing methods and systems into Shen’s secure electronic medical record management system, with a motivation for a user to exert access control of his healthcare payment information and access to various information for processing against the restricted use and regulatory business rules (Pourfallah, para. [0045] and para. [0103]).

The combination of Shen and Pourfallah teach all the above limitations of claim 10 above, however fail to explicitly teach, but Fotch teaches:
in response to access not being granted by the user to the at least one content block, transmitting a notification to the user, at the communication device associated with the user, including a request for grant of access to the at least one content block for the recipient (Fotch,  para.[0110] discloses “If the health record permission grant (e.g., submitted by the patient or caregiver) indicates that permission to access has not been granted at block 910, the scope of permission that has been denied is recorded at block 912. In other words, when the health record permission grant is made, an indication as to whether permission to access the electronic personal health record (or portion thereof) has been granted is recorded.” Furthermore, para. [0111] discloses “If the health record permission grant (e.g., submitted by the patient or caregiver) indicates that permission to access has been granted at block 910, the scope of the permission that has been granted to the individual(s) is recorded at block 917 and the individual(s) may be notified of the permission to access that has been granted. For instance, the individual(s) may be reminded to access the electronic personal health record.”). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Fotch’s electronic personal health system into Pourfallah’s healthcare wallet payment processing methods and systems and Shen’s secure electronic medical record management system, with a motivation to protect confidential and sensitive information (Fotch, para. [0018]).
As per claim 11, the combination of Shen, Pourfallah and Fotch teach the method of claim 10, further comprising receiving, by the computing device, from the user via the communication device, an access command regarding grant of access to the at least one content block, the access command including a designation of the at least one content block and a duration of the granted access to the at least one content block (Shen, para. [0054] discloses “Access manager 405 processes one of access authorization accounts to generates a corresponding temporal account object 408 which is sent to requester client 415. Temporal account object 408 contains medical record data for a patient's medical records within electronic medical records 406 for which access has been authorized by one of access authorization objects 416a-416n. Limits on access authorization may include limitations on the scope of medical record data included in the temporal account object 408 as well as data access limitations (e.g. read/write permissions) and a time period limitation.”). 

As per claim 12, the combination of Shen, Pourfallah and Fotch teach the method of claim 11, further comprising terminating the granted access to the at least one content block when the duration of the access expires or when the communication device associated with the user moves out of proximity to the recipient (Shen, para. [0060] discloses “As depicted at steps 712, 714 and 716, the process of receiving access requests and comparing the request data with access authorization parameters continues until the access period specified by the access authorization object expires and the object account is terminated accordingly.”). 

As per claim 13, the combination of Shen, Pourfallah and Fotch teach the method of claim 11, wherein the access command regarding the grant of access to the at least one content block in the user profile associated with the user is received by the computing device prior to the request from the recipient to access the at least one content block (Shen, para. [0060] discloses “Responsive authenticating the user ID authorized by the received access authorization account, access manager 405 generates temporal account object 408 in accordance with access parameters, such as those shown in FIG. 6, required by whichever access authorization account accommodates the access request parameters (steps 708 and 710).”). 

As per claim 14, the combination of Shen, Pourfallah and Fotch teach the computer-implemented method of claim 13, wherein the access command further includes a designation of the recipient (Shen, para. [0056] discloses “Responsive to either a successful or unsuccessful validation of the medical record request from requester client 415, access manager 405 classifies and records the pending (if validation successful) or terminated (if validation unsuccessful) event.” Therefore, the requester client 415 is a designated recipient.). 

As per claim 15, the combination of Shen, Pourfallah and Fotch teach the method of claim 11, wherein the access command regarding the at least one content block is received by the computing device in response to the request from the recipient (Shen, para. [0059] discloses “the authorized user identification specified by the access authorization account received at step 704 includes a user identification code and a password code. The user identification code identifies the particular person or entity to which access authorization is to be granted, while the password serves as a security feature ensuring hierarchical integrity between the presently received sub-account object and its originating top-level account.”). 

As per claim 16, the combination of Shen, Pourfallah and Fotch teach the computer-implemented method of claim 10, further comprising notifying, by the computing device, the recipient of the granted access, when the at least one content block is exposed to the recipient (Fotch, para. [0021] discloses “In accordance with one embodiment, only those access rights that have been granted to the original individual may be granted to another individual by the "grantee." For instance, if a healthcare provider has only been granted read access, that healthcare provider may only grant read access rights to another individual. The "grantee" may also choose to revoke these rights at a later date. In accordance with one embodiment, the patient (or caregiver) is notified of any additional access rights provided to additional individuals by a ‘grantee’.”).28Attorney Docket No. 16754-000219-US 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Fotch’s electronic personal health system into Pourfallah’s healthcare wallet payment processing methods and systems and Shen’s secure electronic medical record management system, with a motivation to protect confidential and sensitive information (Fotch, para. [0018]).

s 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over US Pub No. 2008/0172737 A1 to Shen, (hereinafter, “Shen”) in view of US Pub No. US 2006/0229918 A1 to Fotch, (hereinafter, “Fotch”).

As per claim 17, Shen teaches a non-transitory computer-readable storage medium including executable instructions for granting access to content blocks in a user profile associated with a user, which when executed by at least one processor, cause the at least one processor to (Shen, para. [0032] discloses “Referring to FIG. 2, there is illustrated a block diagram of a server system 200 that may be implemented as medical records server 104 in FIG. 1, in accordance with the invention. Server system 200 may be a symmetric multiprocessor (SMP) system including a plurality of processors 202 and 204 connected to system bus 206. Alternatively, a single processor system may be employed.”): 
solicit an access command from a user at a communication device specific to the user, the access command indicative of at least one content block in a user profile associated with the user, the access command including a designation of the at least one content block, an identity of a recipient to which access is granted for the at least one content block, and a duration of the granted access (Shen, para. [0030] discloses “the present invention enables a patient at patient client node 102 to approve access to their medical records for medical research...A medical provider at one of provider nodes 116, 118, 120 or other nodes may request expanded access to specified medical information which may or may not be granted such as from patient client node 102 using the mechanisms described herein.” Furthermore, para. [0031] discloses “[0031] Providers and patients at any of the client nodes may access the records within medical records database 112 using encryption protected web browsers and may further utilize server-type software tools such as Java applets to provide various graphical and textual access. The hardware platforms for client nodes 102, 116, 118, and 120 may include but are not limited to PCs, hand-held computers, wireless phones, vehicle-mounted computers, etc.” Furthermore, para. [0056] discloses “Responsive to either a successful or unsuccessful validation of the medical record request from requester client 415, access manager 405 classifies and records the pending (if validation successful) or terminated (if validation unsuccessful) event.” And para. [0054] discloses “Limits on access authorization may include limitations on the scope of medical record data included in the temporal account object 408 as well as data access limitations (e.g. read/write permissions) and a time period limitation.”); and 
transmit the access command to an access engine computing device in response to the solicitation of the access command, thereby permitting the access engine computing device to expose the at least on content block to the recipient for the duration of the granted access (Shen, para. [0054] discloses “Access manager 405 processes one of access authorization accounts to generates a corresponding temporal account object 408 which is sent to requester client 415. Temporal account object 408 contains medical record data for a patient's medical records within electronic medical records 406 for which access has been authorized by one of access authorization objects 416a-416n. Limits on access authorization may include limitations on the scope of medical record data included in the temporal account object 408 as well as data access limitations” and para. [0060] discloses “As depicted at steps 712, 714 and 716, the process of receiving access requests and comparing the request data with access authorization parameters continues until the access period specified by the access authorization object expires and the object account is terminated accordingly.).

Shen teaches all the above limitations of claim 17 above, however fails to explicitly teach, but Fotch teaches:

transmit the access command to an access engine (Fotch, para. [0016] discloses “patient information obtained from an electronic health record may be provided or transmitted (e.g., in paper or electronic form), thereby enabling such information to be shared among various entities interested in such information.”).

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Fotch’s electronic personal health system into Shen’s secure electronic medical record management system, with a motivation to protect confidential and sensitive information (Fotch, para. [0018]).


As per claim 18, The combination of Shen and Fotch teaches a non-transitory computer-readable storage medium of claim 17, wherein the executable instructions, when executed by the at least one processor, further cause the at least one processor to receive an access request from the recipient, prior to soliciting the access command, the access request identifying the at least one content block and the duration of the granted access (Shen, para. [0056] discloses “Responsive to either a successful or unsuccessful validation of the medical record request from requester client 415, access manager 405 classifies and records the pending (if validation successful) or terminated (if validation unsuccessful) event. In one embodiment, access manager 405 may set a flag in relation to received access request to indicate the status of the request as having been validated and pending or invalid and terminated.” and para. [0060] discloses “As depicted at steps 712, 714 and 716, the process of receiving access requests and comparing the request data with access authorization parameters continues until the access period specified by the access authorization object expires and the object account is terminated accordingly.”).

As per claim 19, The combination of Shen and Fotch teaches the non-transitory computer-readable storage medium of claim 18, wherein the executable instructions, when executed by the at least one processor in connection with soliciting the access command from the user, cause the at least one processor to solicit the access command from the user in response to the access request from the recipient (Shen, para. [0030] discloses “the present invention enables a patient at patient client node 102 to approve access to their medical records for medical research...A medical provider at one of provider nodes 116, 118, 120 or other nodes may request expanded access to specified medical information which may or may not be granted such as from patient client node 102 using the mechanisms described herein.” Furthermore, para. [0031] discloses “[0031] Providers and patients at any of the client nodes may access the records within medical records database 112 using encryption protected web browsers and may further utilize server-type software tools such as Java applets to provide various graphical and textual access. The hardware platforms for client nodes 102, 116, 118, and 120 may include but are not limited to PCs, hand-held computers, wireless phones, vehicle-mounted computers, etc.”).

As per claim 20, The combination of Shen and Fotch teaches the non-transitory computer-readable storage medium of claim 17, wherein the executable instructions, when executed by the at least one processor, further cause the at least one processor to authenticate the user prior to transmitting the access command to the access engine (Shen, para. [0059] discloses “In response to receiving a request for one or more medical records of the specified patient, access manager 405 validates the request by authenticating a user ID and password code received in the access request (steps 706 and 708). In a preferred embodiment, the authorized user identification specified by the access authorization account received at step 704 includes a user identification code and a password code. The user identification code identifies the particular person or entity to which access authorization is to be granted, while the password serves as a security feature ensuring hierarchical integrity between the presently received sub-account object and its originating top-level account.”). 


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US 20160337377 A1 – Access policy updates in a dispersed storage network.
US 20160337369 A1 – Controlling user access to content
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZOHA P TAFAGHODI whose telephone number is (571)272-5199.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Ali Abyaneh can be reached on (571) 272-7961. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer 
/ZOHA PIYADEHGHIBI TAFAGHODI/Examiner, Art Unit 2437           

/SAMSON B LEMMA/Primary Examiner, Art Unit 2498