Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
A wrong set of claims was examined on 12/24/2021, and this action replaces it. 
Claims 1-21 have been canceled.
Claims 22-41 are currently pending. 

Detailed Action
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 22-41 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more. 
Step 1:
Claims 22-41 are drawn to a method and system, which is/are statutory categories of invention (Step 1: YES). 
Step 2A Prong One:
Independent claims 22, 31, and 37 recite applying at least one rule of a plurality of rules to the access data to determine at least one electronic data access event of the plurality of electronic patient data access events that constitutes at least one possible Step 2A Prong One: YES).
Step 2A Prong Two:
This judicial exception is not integrated into a practical application. The claims are abstract but for the inclusion of the additional elements including one or more processors and devcies as seen in the independent claim and a machine learning model as seen in claim 23,  which are additional element that are recited at a high level of generality  such that they amount to no more than mere instruction to apply the exception using generic computer components. See: MPEP 2106.05(f). 
The additional elements are merely incidental or token additions to the claim that do not alter or affect how the process steps or functions in the abstract idea are performed. Therefore, the claimed additional elements do not add meaningful limitations to the indicated claims beyond a general linking to a technological environment. See: MPEP 2106.05(h).
The claims recite the additional element of receiving access data from a plurality of electronic patient data access and display an alert which are considered limitations 
The combination of these additional elements is no more than mere instructions to apply the exception using generic computer components. Accordingly, even in combination, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea.
Hence, the additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. Accordingly, the claims are directed to an abstract idea (Step 2A Prong Two: NO).
Step 2B:
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, using the additional elements to perform the abstract idea amounts to no more than mere instructions to apply the exception using generic components. Mere instructions to apply an exception using a generic components cannot provide an inventive concept. See: MPEP 2106.05(f).
Further, the claimed additional elements, identified above, are not sufficient to amount to significantly more than the judicial exception because they are generic 
Further, the claimed additional elements, identified above, are not sufficient to amount to significantly more than the judicial exception because they are generic components that are configured to perform well-understood, routine, and conventional activities previously known to the industry. See: MPEP 2106.05(d). Said additional elements are recited at a high level of generality and provide conventional functions that do not add meaningful limits to practicing the abstract idea. The originally filed specification supports this conclusion at Figure 1, and 
Paragraph 6 where “the apparatus includes at least one processor configured to perform various operations. The at least one processor can be configured to receive data related to a plurality of access events, by one or more employees, of electronic patient data, determine a set of access events of the plurality of access events constitute, by the one or more employees, possible breach of the electronic patient data, and provide an alert related to the set of access events based on determining that the set of access events constitute possible breach of the electronic patient data. The apparatus also includes a memory coupled to the at least one processor.
Paragraph 23, where “As used herein, the terms "element," "module," "component," and "system" may refer to a computer-related entity, either hardware, a combination of hardware and software, software, or software in execution. For example, a module may be, but is not limited to being, a machine-executable process running on a processor, a processor, an object, a thread of execution, a machine-executable program, and/or a computer. By way of illustration, both a process running on a server and the server may be a module or a component. One or more modules or components may reside within a process”
Paragraph 19 where “In one specific example, data received from the various sources can be analyzed based on rule-based analysis.  In additional examples, the data can be analyzed based on one or more of clusterings of data (e.g., based on one or more determined 
Paragraph 20 where “In any case, analyzing the data using clustering, machine-learning, network or other statistical analysis, etc. allows for breach detection for a given workflow than more rigid strictly rule-based systems”.
Paragraph 23 where “As used herein, the terms "element," "module," "component," and "system" may refer to a computer-related entity, either hardware, a combination of hardware and software, software, or software in execution.  For example, a module may be, but is not limited to being, a machine-executable process running on a processor, a processor, an object, a thread of execution, a machine-executable program, and/or a computer.  By way of illustration, both a process running on a server and the server may be a module or a component.  One or more modules or components may reside within a process and/or thread of execution.  In some implementations, a module may be localized on one computer and/or distributed among two or more computers”.

The claims recite the additional element of receiving data and displaying alerts, which amounts to extra-solution activity. The specification (e.g., as excerpted above) does not provide any indication that the additional elements are anything other than well‐understood, routine, and conventional functions when claimed in a merely generic manner (as they are here). See: MPEP 2106.05(g). 
Viewing the limitations as an ordered combination, the claims simply instruct the additional elements to implement the concept described above in the identification of abstract idea with routine, conventional activity specified at a high level of generality in a particular technological environment.
Hence, the claims as a whole, considering the additional elements individually and as an ordered combination, do not amount to significantly more than the abstract idea (Step 2B: NO). 
Dependent claim(s) 22-30, 32-36 and 38-41 when analyzed as a whole, considering the additional elements individually and/or as an ordered combination, are held to be patent ineligible under 35 U.S.C. 101 because the additional recited limitation(s) fail(s) to establish that the claim(s) is/are not directed to an abstract idea without significantly more. These claims fail to remedy the deficiencies of their parent claims above, and are therefore rejected for at least the same rationale as applied to their parent claims above, and incorporated herein. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:

2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim 22-41 is/are rejected under 35 U.S.C. 103 as being unpatentable over Paixao (US 2016/0180022 A1) in view of Freese et al. (US 2017/0017760 A1).

As per claim 22, a computer-implemented method for detecting a breach in access of electronic patient data, the method comprising: 
Paixao teaches:
receiving, by one or more processors of a patient privacy monitoring server, access data from a plurality of electronic patient data access devices situated at various locations, the access data comprising a plurality of electronic patient data access events by one or more employees (Para. 11, wherein EMR access log information is received); 
applying, by the one or more processors, at least one rule of a plurality of rules to the access data to determine at least one electronic patient data access event of the plurality of electronic patient data access events that constitutes at least one possible breach of electronic patient data, wherein the plurality of rules correspond to detected common data among the access data and human resources (HR) data (Para. 62 teaches wherein “in yet another embodiment, one or more rules can be defined by/in rules engine 508 based on a learning-based anomaly detection model that is configured to dynamically determine one or more thresholds of acceptable behavior for particular 
detecting, by the one or more processors, that the at least one possible breach of the electronic patient data is inconsistent with at least one data pattern of a plurality of data patterns (Para. 37 wherein detecting patterns across different activities is taught), 
Paixao does not explicitly teach however Freese teaches: 
wherein the plurality of data patterns correspond to a plurality of detected commonalities in the access data (Fig. 4, wherein clustering group of data patterns is taught; i.e. commonalities in access data is taught); 
Paixao further teaches:
in response to the detecting, generating, by the one or more processors, an alert associated with the at least one electronic patient data access event of the plurality of electronic patient data access events that constitutes the at least one possible breach of electronic patient data (Para. 70 wherein alerts are taught); and 
causing to display, by the one or more processors, the alert on a user interface of a user device (Para. 70).
It would have been obvious to one of ordinary skill in the art at the time of filling to combine the system/method of detecting abnormal behavior and Fraud detection as taught in Paixao with clustering/grouping common data as taught in Freese. The rationale is that the claimed invention is simply a combination of old elements, and in 



As per claim 23, Paixao teaches the computer-implemented method of claim 22, wherein the detecting includes using machine-learning to detect at least one commonality of the plurality of detected commonalities( Para. 37 and 62, wherein a rules learning engine is used to analyze data. Paixao does not teach wherein the data is of a commonality of the plurality of detected commonalities, however Freese teaches in Para. 67 and 84 wherein grouping common data in clusters), 
Freese further teaches: 
clustering the access data based on the at least one commonality, or computing a statistical inference to detect the at least one commonality (Para. 67 and 84). The motivation to combine references is the same as seen in claim 22.

As per claim 24, Paixao teaches the computer-implemented method of claim 22, wherein the at least one rule of the plurality of rules is based on an employee position or an employee department (Para. 37-38 and Fig. 4A wherein user ID/position is used in the parameters/rules for detecting fraud).



As per claim 26, Paixao teaches the computer-implemented method of claim 22, the applying further comprising: applying, by the one or more processors, at least one additional filtering rule to the access data to prevent excessive false positives (Para. 59 wherein activity information can be filtered before being received/queued at the message queue).

As per claim 27, Paixao teaches the computer-implemented method of claim 22, further comprising: regenerating, by the one or more processors, the at least one data pattern based on changes to the access data or HR data (Para. 59 and 66).

As per claim 28, Paixao teaches the computer-implemented method of claim 22 further comprising: receiving, by the one or more processors, feedback information indicating whether the at least one possible breach is actually a breach (Para. 37 wherein a dynamic model learns of whether or not an activity is acceptable behavior). 

As per claim 29, Paixao teaches the computer-implemented method of claim 28, further comprising: utilizing, by the one or more processors, the feedback information to activate or deactivate at least one rule of the plurality of rules (Para. 37 and 43 wherein users can modify/change rules and wherein the system can dynamically determine one 

As per claim 30, Paixao teaches the computer-implemented method of claim 28, further comprising: utilizing, by the one or more processors, the feedback information to activate or deactivate at least one pattern of the plurality of data patterns (Para. 37 and 43).

Claims 31-41 recite substantially similar limitations as seen in claims 1-20 and hence are rejected for similar rationale as noted above. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAROUN P KANAAN whose telephone number is (571)270-1497. The examiner can normally be reached Monday-Friday 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Victoria Augustine can be reached on 313-446-4858. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


MAROUN P. KANAAN
Primary Examiner
Art Unit 3686



/MAROUN P KANAAN/Primary Examiner, Art Unit 3686