Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Status of Claims
This action is in reply to the application filed on 12/13/2019.
Claims 1-41 are currently pending and have been examined.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-41 are rejected under 35 U.S.C. §101 because the claimed invention is directed to an abstract idea without significantly more. 
2019 Revised Patent Eligibility Guidance (PEG): Step 1:
claims 1-17 and 27-41 are directed to a system (i.e., a machine) and claims 18-26 are directed to a method (i.e., a process). Accordingly, claims 1-41 are all within at least one of the four statutory categories.
2019 PEG: Step 2A - Prong One:
Regarding Prong One of Step 2A of the 2019 PEG (which collectively includes the guidance in the January 7, 2019 Federal Register notice and the October 2019 update issued by the USPTO), the claim limitations are to be analyzed to determine whether they “recite” a judicial exception or in other words whether a judicial exception is “set forth” or “described” in the claims.  An “abstract idea” judicial exception is subject matter that falls within at least one of the following groupings: a) mathematical concepts, b) certain methods of organizing human activity, and/or c) mental processes.
Representative independent claim 1 includes limitations that recite an abstract idea.  Note that independent claim 1 and 27 are the system claims, while claim 18 covers a method claim.
Specifically, independent claim 1 recites:
A health care system for communicating medical data of a patient to at least one user, the health care system comprising:
a data collection module configured to collect medical data associated with the patient, wherein the medical data comprises a Personal Identifiable Information (PI) data, a Protected Health Information (PHD data, or a combination thereof;
a data transformation module configured to encrypt the medical data of the patient;
at least one Electronic Health Record (EHR) database configured to store the encrypted medical data of the patient;
an identifier generation module configured to generate at least one first medical identifier and at least one second medical identifier, wherein the at least one first medical identifier is used to access a first set of the medical data in an offline mode and the at least one second medical identifier is used to access a second set of the medical data in an online mode;
wherein the first set of the medical data is categorized into an unprotected PII data and a protected PII data, and the second set of the medical data is categorized into a basic PHI data and an extended PHI data;
wherein the unprotected PII data, and the basic PHI data are accessible by the at least one user in an online mode and/or an offline mode;
wherein the protected PII data, and the extended PHI data are accessible by the at least one user in the online mode only;
wherein the extended PHI data is accessible within a medical facility only;
a data access module configured to authorize the at least one user for providing access to the medical data based on a level of authorization defined by the patient; and
a user interface module configured to display the accessed medical data on the user device.
The Examiner submits that the foregoing underlined limitations constitute: (a) “certain
methods of organizing human activity” because accessing and encrypting a patient’s medical information, generating and identifiers with the patient’s personal and protected medical information all relate to interactions between people, which is a legal obligation for protecting the patient’s privacy and identity according to HIPAA. 
Accordingly, the claim describes at least one abstract idea.
Furthermore, dependent claims 8, 11, 21, 23 and 35 (similarly for independent claims 1, 18 and 27) further define the at least one abstract idea (and thus fail to make the abstract idea any less abstract) as set forth below.  
In relation to claims 18 and 27 (similarly to claim 1), these claims constitute: (a) “certain methods of organizing human activity” because accessing, encrypting and decrypting a patient’s medical information is a legal obligation for protecting the patient’s privacy and identity according to HIPAA, which relates to interactions between people.
Turning to the dependent claims, claims 2, 13, 19, 25, 28 and 37 describe saved and accesses data gathered, claims 3, 6, 9, 16, 22 and 33 describe what the medical identifier is, claims 17 and 41 describe displaying data such as printed data, claims 2, 19 and 28 describe comparing data, claims 4-5, 7, 10, 12, 15, 24, 30-32, 36 and 39 describe determining data, and claim 16, 26 and 40 describe sending data. As such, these are all similar to features in the independent claim in that they are manual steps that are applied on a computer or insignificant extra solution activity.    
2019 PEG: Step 2A - Prong Two:
Regarding Prong Two of Step 2A of the 2019 PEG, it must be determined whether the claim as a whole integrates the abstract idea into a practical application.  As noted in the 2019 PEG, it must be determined whether any additional elements in the claim beyond the abstract idea integrate the exception into a practical application in a manner that imposes a meaningful limit on the judicial exception. The courts have indicated that additional elements merely using a computer to implement an abstract idea, adding insignificant extra solution activity, or generally linking use of a judicial exception to a particular technological environment or field of use do not integrate a judicial exception into a “practical application.”  
In the present case, for representative independent claim 1 (similar to claims 18 and 27), the additional limitations beyond the above-noted at least one abstract idea are as follows (where the bolded portions are the “additional limitations” while the underlined portions continue to represent the at least one “abstract idea”):
A health care system for communicating medical data of a patient to at least one user, the health care system (conventional computer implementation as noted below, see MPEP § 2106.05(f)) comprising:
a data collection module configured to collect medical data associated with the patient, wherein the medical data comprises a Personal Identifiable Information (PI) data, a Protected Health Information (PHD data, or a combination (insignificant pre-solution activity as noted below, see MPEP § 2106.05(g), the Examiner further submits that such steps are not unconventional as they merely consist of receiving data over a network.  See MPEP 2106.05(d)(II) Symantec) thereof;
a data transformation module configured to encrypt the medical data of the patient;
at least one Electronic Health Record (EHR) database (conventional computer implementation as noted below, see MPEP § 2106.05(f)) configured to store the encrypted medical data of the patient;
an identifier generation module configured to generate at least one first medical identifier and at least one second medical identifier, wherein the at least one first medical identifier is used to access a first set of the medical data in an offline mode and the at least one second medical identifier is used to access a second set of the medical data in an online mode;
wherein the first set of the medical data is categorized into an unprotected PII data and a protected PII data, and the second set of the medical data is categorized into a basic PHI data and an extended PHI data;
wherein the unprotected PII data, and the basic PHI data are accessible by the at least one user in an online mode and/or an offline mode;
wherein the protected PII data, and the extended PHI data are accessible by the at least one user in the online mode only;
wherein the extended PHI data is accessible within a medical facility only;
a data access module configured to authorize the at least one user for providing access to the medical data based on a level of authorization defined by the patient; and
a user interface module configured to display the accessed medical data on the user device (conventional computer implementation as noted below, see MPEP § 2106.05(f)).
For the following reasons, the Examiner submits that the above identified additional limitations do not integrate the above-noted at least one abstract idea into a practical application.
Regarding the additional limitations of the health care system, EHR database and a user device, the Examiner submits that these limitations amount to merely using a computer to perform the at least one abstract idea (see MPEP § 2106.05(f)) and are mere instructions to apply the above-noted at least one abstract idea (Id.). 
Regarding the additional limitations, “a data collection module”, “a data transformation module”, “an identifier generation module”, “a user interface module” and “a data access module” the Examiner submits that these limitations amount to merely using a computer to perform the at least one abstract idea (see MPEP § 2106.05(f)) and are mere instructions to apply the above-noted at least one abstract idea (Id.). 
Claims 18 and 27 (similar to claim 1) do not have any additional elements.
Thus, taken alone, the additional elements do not integrate the at least one abstract idea into a practical application.
Looking at the additional limitations as an ordered combination adds nothing that is not already present when looking at the elements taken individually.  For instance, there is no indication that the additional elements, when considered as a whole, reflect an improvement in the functioning of a computer or an improvement to another technology or technical field, apply or use the above-noted judicial exception to effect a particular treatment or prophylaxis for a disease or medical condition, implement/use the above-noted judicial exception with a particular machine or manufacture that is integral to the claim, effect a transformation or reduction of a particular article to a different state or thing, or apply or use the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment, such that the claim as a whole is not more than a drafting effort designed to monopolize the exception (see 2019 PEG and MPEP § 2106.05). Thus, claims 1-41 as a whole do not integrate the above-noted at least one abstract idea into a practical application. 
For these reasons, representative independent claim 1 with its dependent claims 2-17 and analogous independent claim 18 with its dependent claims 19-26, analogous independent claim 27 with its dependent claims 28-41 do not recite additional elements that integrate the judicial exception into a practical application.
2019 PEG: Step 2B:
Regarding Step 2B of the 2019 PEG, in representative independent claim 15, regarding the additional limitations of the processor and memory, the Examiner submits that these limitations amount to merely using a computer to perform the at least one abstract idea (see MPEP § 2106.05(f)). 
Regarding the additional limitations, “a data collection module”, “a data transformation module”, “an identifier generation module”, “a user interface module” and “a data access module”, the Examiner submits that these limitations amount to merely using a computer to perform the at least one abstract idea (see MPEP § 2106.05(f)) and are mere instructions to apply the above-noted at least one abstract idea (Id.). 
Thus, representative independent claim 1 and analogous independent claims 18 and 27 do not include additional elements (considered both individually and as an ordered combination) that are sufficient to amount to significantly more than the judicial exception for the same reasons to those discussed above with respect to determining that the claim does not integrate the abstract idea into a practical application.
Therefore, claims 1-41 are ineligible under 35 USC §101.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(f):                                                                                                                    
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

Claims 1 and 27 use(s) the word “configured” or a generic placeholder as a substitute for “means” and is preceded by the word(s) “to collect”, “to encrypt”, “to store”, “to generate”, “to: embed” “authorize” and “to display”. It is unclear whether these words convey function or structure. A limitation construed under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph must not recite the structure for performing the function. Since no clear function is specified by the word(s) preceding “configured”, it is impossible to determine the equivalents of the element, as required by 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. See Ex parte Klumb, 159 USPQ 694 (Bd. App. 1967).

In claims 1 and 27, elements “a data collection module”, “a data transformation module”, “an identifier generation module”, “a user interface module” and “a data access module”, are limitations that invokes 35 U.S.C. 112(f) or 35 U.S.C. 112 (pre-AIA ), sixth paragraph. However, the written description fails to clearly link or associate the disclosed structure, material, or acts to the claimed function such that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function. There are no essential sources to perform the creating, communicating and transforming task necessary to measure content data and upload data.
Applicant may:


(a)    Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or 35 U.S.C. 112 (pre-AIA ), sixth paragraph; or

(b)    Amend the written description of the specification such that it clearly links or associates the corresponding structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or

(c)    State on the record where the corresponding structure, material, or acts are set forth in the written description of the specification and linked or associated to the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01 (o) and 2181.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-41 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claim 1 recites the limitation "the encrypted medical data" in lines 8-9 of claim 1.  There is insufficient antecedent basis for this limitation in the claim, as no "encrypted medical data” is previously cited in claim 1. It is unclear as to what the “encrypted medical data” applicant is referring to.
Claim 1 recites the limitation "the user device" in lines 26-27 of claim 1.  There is insufficient antecedent basis for this limitation in the claim, as no "user device” is previously cited in claim 1. It is unclear as to what the “user device” applicant is referring to.
Claim 18 recites the limitation "the encrypted medical data" in line 7 of claim 18.  There is insufficient antecedent basis for this limitation in the claim, as no "encrypted medical data” is previously cited in claim 18. It is unclear as to what the “encrypted medical data” applicant is referring to.
Claim 18 recites the limitation "the decrypted medical data" in line 25 of claim 18.  There is insufficient antecedent basis for this limitation in the claim, as no "decrypted medical data” is previously cited in claim 18. It is unclear as to what the “decrypted medical data” applicant is referring to.
Claim 18 recites the limitation "the user device" in lines 25 of claim 18.  There is insufficient antecedent basis for this limitation in the claim, as no "user device” is previously cited in claim 18. It is unclear as to what the “user device” applicant is referring to.
Claim 27 recites the limitation "the encrypted medical data" in lines 8-9 of claim 27.  There is insufficient antecedent basis for this limitation in the claim, as no "encrypted medical data” is previously cited in claim 27. It is unclear as to what the “encrypted medical data” applicant is referring to.
Claim 27 recites the limitation "the user device" in lines 31-32 of claim 27.  There is insufficient antecedent basis for this limitation in the claim, as no "user device” is previously cited in claim 27. It is unclear as to what the “user device” applicant is referring to.
Claims 2-17, 19-27 and 28-41 incorporate the deficiencies of claims 1, 18 and 27, through dependency, and are therefore also rejected.
Claims 1-17 and 27-41 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention. 
Claim elements: “a data collection module configured to ...”, “a data transformation module configured to ...”, “an identifier generation module configured to ...”, and “a data access module configured to ...” are limitations that invoke 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to clearly link or associate the disclosed structure, material, or acts to the claimed function such that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function. The Examiner asserts that the specification fails to adequately disclose the corresponding algorithm or processes in order to achieve the claimed functions. Merely stating that the functions are achieved via the use of a computer system operating software, routines, applications, or the like without explicitly disclosing the particulars of the algorithm is an insufficient link. The applicant is also required to disclose the step by step procedure for specialized functions in order to establish clear and definite boundaries in order to adequately notify the public of the claimed scope. That is to say, a specialized function must be supported in the specification by the computer and the algorithm that the computer uses to perform the specialized function and it is left to the applicant to provider proper disclosure of an algorithm when special programming is needed to perform the claimed function.
The applicant is further reminded that the disclosure requirement under 35 USC 112(f) is not satisfied by stating that one of ordinary skill in the art could devise an algorithm to perform the specialized programmed functions as claimed. Further, a generic reference to hardware alone or hardware with "software" is not sufficient support for specialized functions. In order to satisfy the requirement, the "structure", in this case, is the hardware plus the algorithm that the hardware uses to perform the function.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-13, 15-37 and 39-41 are rejected under 35 U.S.C. 103 as being unpatentable over Hill (U.S. 2016/0260002 A1) in view of Mok (U.S. 2003/0140044 A1) further in view of Coney (U.S. 2015/0310173 A1).
Regarding claims 1, 18 and 27, Hill discloses:
A health care system for communicating medical data of a patient to at least one user, the health care system (See user interface of Fig. 7N, P0082 where communications is permitted between a patient and his or her health provider.) comprising:
a data collection module configured to collect medical data associated with the patient, wherein the medical data comprises a Personal Identifiable Information (PII) data (See Fig. 7A, where the name, address and emergency contact (P0062) is collected in ingestion process (P0036, P0061] construe as collecting personal identifiable information, using Client Application 130 interface software as the data collection module.), a Protected Health Information (PHD) data, or a combination (Processing according to more HIPAA Compliance, protected patient data (Fig. 7B, P0063) when importing patient information (P0075). Also, see Patient Medical History (Fig. 7D-Fig. Fig. 7D, P0064-P0065), Medications and Allergies (Fig. 7F, P0067) in the ingestion process.) thereof;
a data transformation module configured to encrypt the medical data of the patient (The cryptographic keys 121a shown in Fig. 2, is construe as the data transformation module configured to encrypt the medical data mentioned in [P0052] where the user input received during the ingestion process is encrypted using a cryptographic key 121.); 
at least one Electronic Health Record (EHR) database configured to store the encrypted medical data of the patient (See cloud-based storage of encrypted health information in P0034 and in [P0129] a scan of the machine-readable identifier 133 causes an automatic population of the underlying information into a database of various electronic medical record systems.);
an identifier generation module configured to generate at least one first medical identifier and at least one second medical identifier, wherein the at least one first medical identifier is used to access a first set of the medical data in an offline mode (See Fig. 1, generated machine-readable identifier 133 as the first medical identifier viewed with client device 106 as the second medical identifier mentioned in P0002, P0036-P0037, viewed with the client application 130. With offline mode as a communication mode that require no communication network on a user device to access medical data, see without the use of a wireless network in P0017. In [P0080] Any healthcare providers that obtain required software necessary to read and transfer the information represented in the encrypted QR image may then be permitted to instantaneously extract the user input electronically and wirelessly.) and the at least one second medical identifier is used to access a second set of the medical data in an online mode (The wired network environment (P0017, P0028) construes an online mode ( Fig. 1) where encrypted messages may be passed between client devices 106 using a machine-readable identifier in P0033. The machine-readable identifiers transfer sensitive data via a wireless network in [P0117, P0020, P0025] construe medical identifier used to access a first set of the medical data in an offline mode.);
wherein the unprotected PII data, are accessible by the at least one user in an online mode and/or an offline mode (With unprotected data as a name, an emergency contact person name, an emergency contact number, see Fig. 7A, accessing emergency contact information in P0054, P0104. In [P0117, P0020, P0025] medical identifier used to access a first set of the medical data in an offline mode and the wired network environment (P0017, P0028) construes an online mode.);
wherein the protected PII data, (With protected data as patient data such as social security number, address and unique identifier, see social security number protected through encryption in P0080.)  and the extended PHI data (With extended PII data as a name, an emergency contact person name, an emergency contact number, see Fig. 7A, accessing emergency contact information in P0054, P0104.) are accessible by the at least one user in the online mode only (See the wired network environment (P0017, P0028) construes an online mode.);
a data access module configured to authorize the at least one user for providing access to the medical data based on a level of authorization defined by the patient (See [P0019] a single machine-readable identifier may be encoded with data where different devices are capable of reading different portions of the data. For example, a person may authorize his or her general practitioner to obtain a complete medical history from a matrix code while a chiropractor, using the same matrix code, may only be able to obtain a subset of the medical history as authorized by a user.  Also taught in P0043 as designating which data is accessible to a practitioner based on level of access such as an exemplary dentist.); and 
a user interface module configured to display the accessed medical data on the user device (See Fig. 2 example display screen of the user accessing medical data by synching data with device from the reader device display mentioned in P0039. Also see [P0036] The client application 130 may be executed in the client device 106, for example, to perform an ingestion process, whereby a series of user interfaces 131a are rendered in the client device display 124 to prompt the user for user input.).
With protected data as patient data such as social security number, address and unique identifier, see Hill’s social security number protected through encryption in P0080. With unprotected data as a name, an emergency contact person name, an emergency contact number, see Fig. 7A, accessing emergency contact information in P0054, P0104. However, Hill does not explicitly teach categorizing the protected and unprotected sets of patient information into basic PHI data and extended PHI data.
However, Mok teaches that it was known in the medical record access art at the time of filing to include: wherein the first set of the medical data is categorized into an unprotected PII data and a protected PII data, and the second set of the medical data is categorized into a basic PHI data and an extended PHI data (See P0026, P0087, where medical records designated with a subset of clinical pages private construe protected PII data and see Fig. 16. In P0095-P0096, by bringing most relevant patient information and sorted patient records into charts construe the medical data categorized into a basic PHI data and an extended PHI data.) and the basic PHI data (With basic PII data as medical data only accessed by an authorized user, see patient ID and medical file accessible to authorized user using an authorized portable medical assistant device shown in Fig. 4, P0045-P0046.).
Therefore, it would have been obvious to one of ordinary skill in the art of medical record management before the effective filing date of the claimed invention to modify the system and method of Hill to include categorizing protected and unprotected sets of patient information into basic PHI data and extended PHI data as taught by Mok to easily consolidate patient medical records, especially when large amounts of patient records have been accumulated over a long period of time.    
Coney explicitly teaches wherein the extended PHI data is accessible within a medical facility only (See controlled access of patient information within a physical proximity (Abstract, P0011, P0029) and Fig. 1A, where medial facilities include hospitals, physician’s offices and assisted living (P0030, P0037 and P0041).).
Therefore, it would have been obvious to one of ordinary skill in the art of securing patient information before the effective filing date of the claimed invention to modify the system and method of Hill and Mok to accessing PHI data within a medical facility only as taught by Coney to protect patient medical records, according to HIPAA.    
Claim 18:
A computer-implemented method for communicating medical data of a patient to at least one user, the method (See user interface of Fig. 7N, P0082 where communications is permitted between a patient and his or her health provider.) comprising:
collecting medical data associated with the patient, wherein the medical data comprises a Personal Identifiable Information (PII) data (See Fig. 7A, where the name, address and emergency contact (P0062) is collected in ingestion process (P0036, P0061] construe as collecting personal identifiable information, using Client Application 130 interface software as the data collection module.), a Protected Health Information (PHD) data, or a combination (Processing according to more HIPAA Compliance, protected patient data (Fig. 7B, P0063) when importing patient information (P0075). Also, see Patient Medical History (Fig. 7D-Fig. Fig. 7D, P0064-P0065), Medications and Allergies (Fig. 7F, P0067) in the ingestion process.) thereof;
encrypting the medical data of the patient (The cryptographic keys 121a shown in Fig. 2, is construe as the data transformation module configured to encrypt the medical data mentioned in [P0052] where the user input received during the ingestion process is encrypted using a cryptographic key 121.); 
storing the encrypted medical data of the patient in at least one Electronic Health Record (EHR) database (See cloud-based storage of encrypted health information in P0034 and in [P0129] a scan of the machine-readable identifier 133 causes an automatic population of the underlying information into a database of various electronic medical record systems.);
generating at least one first medical identifier and at least one second medical identifier, wherein the at least one first medical identifier is used to access a first set of the medical data in an offline mode (See Fig. 1, generated  machine-readable identifier 133 as the first medical identifier viewed with client device 106 as the second medical identifier mentioned in P0002, P0036-P0037, viewed with the client application 130. With offline mode as a communication mode that require no communication network on a user device to access medical data, see without the use of a wireless network in P0017.In [P0080] Any healthcare providers that obtain required software necessary to read and transfer the information represented in the encrypted QR image may then be permitted to instantaneously extract the user input electronically and wirelessly.) and the at least one second medical identifier is used to access a second set of the medical data in an online mode (The wired network environment (P0017, P0028) construes an online mode ( Fig. 1) where encrypted messages may be passed between client devices 106 using a machine-readable identifier in P0033. The machine-readable identifiers transfer sensitive data via a wireless network in [P0117, P0020, P0025] construe medical identifier used to access a first set of the medical data in an offline mode.); 
wherein the unprotected PII data, (With unprotected data as a name, an emergency contact person name, an emergency contact number, see Fig. 7A, accessing emergency contact information in P0054, P0104.) are accessible by the at least one user in an online mode and/or an offline mode (In [P0117, P0020, P0025] medical identifier used to access a first set of the medical data in an offline mode and the wired network environment (P0017, P0028) construes an online mode.);
wherein the protected PII data, (With protected data as patient data such as social security number, address and unique identifier, see social security number protected through encryption in P0080.)  and the extended PHI data (With extended PII data as a name, an emergency contact person name, an emergency contact number, see Fig. 7A, accessing emergency contact information in P0054, P0104.) are accessible by the at least one user in the online mode only (See the wired network environment (P0017, P0028) construes an online mode.);
authorizing the at least one user on the basis of log-in credentials of the at least one user for providing access to the medical data based on a level of authorization defined by the patient (See [P0019] a single machine-readable identifier may be encoded with data where different devices are capable of reading different portions of the data. For example, a person may authorize his or her general practitioner to obtain a complete medical history from a matrix code while a chiropractor, using the same matrix code, may only be able to obtain a subset of the medical history as authorized by a user.  Also taught in P0043 as designating which data is accessible to a practitioner based on level of access such as an exemplary dentist.);
decrypting the accessed medical data; and displaying the decrypted medical data on the user device (In [P0039] the reader application 136 is further executed to decrypt the encrypted user input obtained from the machine-readable identifier 133 and present the health information in the reader device display 127).
With protected data as patient data such as social security number, address and unique identifier, see Hill’s social security number protected through encryption in P0080. With unprotected data as a name, an emergency contact person name, an emergency contact number, see Fig. 7A, accessing emergency contact information in P0054, P0104. However, Hill does not explicitly teach categorizing the protected and unprotected sets of patient information into basic PHI data and extended PHI data.
However, Mok teaches that it was known in the medical record access art at the time of filing to include: wherein the first set of the medical data is categorized into an unprotected PII data and a protected PII data, and the second set of the medical data is categorized into a basic PHI data and an extended PHI data (See P0026, P0087, where medical records designated with a subset of clinical pages private construe protected PII data and see Fig. 16. In P0095-P0096, by bringing most relevant patient information and sorted patient records into charts construe the medical data categorized into a basic PHI data and an extended PHI data.) and the basic PHI data (With basic PII data as medical data only accessed by an authorized user, see patient ID and medical file accessible to authorized user using an authorized portable medical assistant device shown in Fig. 4, P0045-P0046.).
Therefore, it would have been obvious to one of ordinary skill in the art of medical record management before the effective filing date of the claimed invention to modify the system and method of Hill to include categorizing protected and unprotected sets of patient information into basic PHI data and extended PHI data as taught by Mok to easily consolidate patient medical records, especially when large amounts of patient records have been accumulated over a long period of time.    
Coney explicitly teaches wherein the extended PHI data is accessible within a medical facility only (See controlled access of patient information within a physical proximity (Abstract, P0011, P0029) and Fig. 1A, where medial facilities include hospitals, physician’s offices and assisted living (P0030, P0037 and P0041).).
Therefore, it would have been obvious to one of ordinary skill in the art of medical geo-location management before the effective filing date of the claimed invention to modify the system and method of Hill and Mok to accessing PHI data within a medical facility only as taught by Coney to protect patient medical records, according to HIPAA.    
Claim 27:
A health care system for communicating medical data of a patient to at least one user, the health care system (See user interface of Fig. 7N, P0082 where communications is permitted between a patient and his or her health provider.) comprising:
a data collection module configured to collect medical data associated with the patient, wherein the medical data comprises a Personal Identifiable Information (PI) data (See Fig. 7A, where the name, address and emergency contact (P0062) is collected in ingestion process (P0036, P0061] construe as collecting personal identifiable information, using Client Application 130 interface software as the data collection module.), a Protected Health Information (PHD) data, or a combination (Processing according to more HIPAA Compliance, protected patient data (Fig. 7B, P0063) when importing patient information (P0075). Also, see Patient Medical History (Fig. 7D-Fig. Fig. 7D, P0064-P0065), Medications and Allergies (Fig. 7F, P0067) in the ingestion process.) thereof;
a data transformation module configured to encrypt the medical data of the patient (The cryptographic keys 121a shown in Fig. 2, is construe as the data transformation module configured to encrypt the medical data mentioned in [P0052] where the user input received during the ingestion process is encrypted using a cryptographic key 121.); 
at least one Electronic Health Record (EHR) database configured to store the encrypted medical data of the patient (See cloud-based storage of encrypted health information in P0034 and in [P0129] a scan of the machine-readable identifier 133 causes an automatic population of the underlying information into a database of various electronic medical record systems.);
an identifier generation module configured to: generate at least one first medical identifier and at least one second medical identifier, wherein the at least one first medical identifier is used to access a first set of the medical data in an offline mode (See Fig. 1, generated  machine-readable identifier 133 as the first medical identifier viewed with client device 106 as the second medical identifier mentioned in P0002, P0036-P0037, viewed with the client application 130. With offline mode as a communication mode that require no communication network on a user device to access medical data, see without the use of a wireless network in P0017.In [P0080] Any healthcare providers that obtain required software necessary to read and transfer the information represented in the encrypted QR image may then be permitted to instantaneously extract the user input electronically and wirelessly.) and the at least one second medical identifier is used to access a second set of the medical data in an online mode (The wired network environment (P0017, P0028) construes an online mode ( Fig. 1) where encrypted messages may be passed between client devices 106 using a machine-readable identifier in P0033. The machine-readable identifiers transfer sensitive data via a wireless network in [P0117, P0020, P0025] construe medical identifier used to access a first set of the medical data in an offline mode.); 
embed the unprotected PII data (With unprotected data as a name, an emergency contact person name, an emergency contact number, see Fig. 7A, accessing emergency contact information in P0054, P0104.) and the second medical identifier in the first medical identifier, such that the second medical identifier is used to access the protected PII data, the extended PHI data, or a combination thereof (Decrypting encrypted, embedded data such as a password, biometric data or PIN in P0059 construes embedding unprotected PII data used to access the protected PII data as mentioned in P0021.);
wherein the unprotected PII data, (With protected data as patient data such as social security number, address and unique identifier, see social security number protected through encryption in P0080.) are accessible by the at least one user in an online mode and/or an offline mode (Taught in P0112, where the medical provider has high and low level access to patient information such as phone number or address construed as PII data, identified medications and allergies (P0073). In [P0117, P0020, P0025] medical identifier used to access a first set of the medical data in an offline mode and the wired network environment (P0017, P0028) construes an online mode.), and protected PII data (With protected data as patient data such as social security number, address and unique identifier, see social security number protected through encryption in P0080.) and the extended PHI data (With extended PII data as a name, an emergency contact person name, an emergency contact number, see Fig. 7A, accessing emergency contact information in P0054, P0104.) are accessible by the at least one user in the online mode only (See the wired network environment (P0017, P0028) construes an online mode.);
wherein the protected PII data, (With protected data as patient data such as social security number, address and unique identifier, see social security number protected through encryption in P0080.)  and the extended PHI data (With extended PII data as a name, an emergency contact person name, an emergency contact number, see Fig. 7A, accessing emergency contact information in P0054, P0104.) are accessible by the at least one user in the online mode only (See the wired network environment (P0017, P0028) construes an online mode.);
a data access module configured to authorize the at least one user for providing access to the medical data based on a level of authorization defined by the patient (See [P0019] a single machine-readable identifier may be encoded with data where different devices are capable of reading different portions of the data. For example, a person may authorize his or her general practitioner to obtain a complete medical history from a matrix code while a chiropractor, using the same matrix code, may only be able to obtain a subset of the medical history as authorized by a user.  Also taught in P0043 as designating which data is accessible to a practitioner based on level of access such as an exemplary dentist.); and 
a user interface module configured to display the accessed medical data on the user device (See Fig. 7C-Fig. 7L example display screens as accessing past patient medical history, past surgical history, medications, allergies, family history and immunization.).
With protected data as patient data such as social security number, address and unique identifier, see Hill’s social security number protected through encryption in P0080. With unprotected data as a name, an emergency contact person name, an emergency contact number, see Fig. 7A, accessing emergency contact information in P0054, P0104. However, Hill does not explicitly teach categorizing the protected and unprotected sets of patient information into basic PHI data and extended PHI data.
However, Mok teaches that it was known in the medical record access art at the time of filing to include: wherein the first set of the medical data is categorized into an unprotected PII data and a protected PII data, and the second set of the medical data is categorized into a basic PHI data and an extended PHI data (See P0026, P0087, where medical records designated with a subset of clinical pages private construe protected PII data and see Fig. 16. In P0095-P0096, by bringing most relevant patient information and sorted patient records into charts construe the medical data categorized into a basic PHI data and an extended PHI data.) and the basic PHI data (With basic PII data as medical data only accessed by an authorized user, see patient ID and medical file accessible to authorized user using an authorized portable medical assistant device shown in Fig. 4, P0045-P0046.).
Therefore, it would have been obvious to one of ordinary skill in the art of medical record management before the effective filing date of the claimed invention to modify the system and method of Hill to include categorizing protected and unprotected sets of patient information into basic PHI data and extended PHI data as taught by Mok to easily consolidate patient medical records, especially when large amounts of patient records have been accumulated over a long period of time.    
Coney explicitly teaches wherein the extended PHI data is accessible within a medical facility only (See controlled access of patient information within a physical proximity (Abstract, P0011, P0029) and Fig. 1A, where medial facilities include hospitals, physician’s offices and assisted living (P0030, P0037 and P0041).).
Therefore, it would have been obvious to one of ordinary skill in the art of medical geo-location management before the effective filing date of the claimed invention to modify the system and method of Hill and Mok to accessing PHI data within a medical facility only as taught by Coney to protect patient medical records, according to HIPAA.    
Regarding claims 2, 19 and 28, Hill discloses:
wherein the at least one user accesses the unprotected PII data by scanning the first medical identifier through a software application installed on a user device (See scanned machine-readable identifier to accessing and importing information into a chart or electronic health record (EHR) using the client application 130 in P0075, shown in Fig. 2.); and
the protected PII data (With protected data as patient data such as social security number, address and unique identifier, see social security number protected through encryption in P0080.), basic PHI data and the extended PHI data is accessed by using the at least one second medical identifier and/or a registered medical application installed on the user device (With extended PII data as a name, an emergency contact person name, an emergency contact number, see Fig. 7A, accessing emergency contact information in P0054, P0104. The web-based application in P0076 serves as the second medical identifier.).
Regarding claims 3 and 29, Hill discloses:
wherein the at least one user is at least one of a resident, a first responder, or an authorized medical personnel (See [P0024] where the general practitioner has high level access construe the authorized medical personnel, the healthcare provider, personnel is taught in P0081 and users during emergencies in P0130.).
Regarding claims 4 and 30, Hill discloses:
wherein the data access module configured to authorize the first responder to access the unprotected PII data, (With unprotected data as a name, an emergency contact person name, an emergency contact number, see Fig. 7A, accessing emergency contact information in P0054, P0104.) the protected PIT data, (Taught in P0126, P0130, where medical information between various providers is shared in emergency situations. In [P0104] the low access level to personal information construes protecting PII data while the high access level protecting medical history construe protecting the basic PHI.).
Mok teaches the basic PHI data (With basic PII data as medical data only accessed by an authorized user, see patient ID and medical file accessible to authorized user using an authorized portable medical assistant device shown in Fig. 4, P0045-P0046.).
Therefore, it would have been obvious to one of ordinary skill in the art of medical record management before the effective filing date of the claimed invention to modify the system and method of Hill to include categorizing protected and unprotected sets of patient information into basic PHI data and extended PHI data as taught by Mok to easily consolidate patient medical records, especially when large amounts of patient records have been accumulated over a long period of time.    
Regarding claims 5 and 31, Hill discloses:
wherein the data access module configured to authorize the medical personnel to access the unprotected PII data, (With unprotected data as a name, an emergency contact person name, an emergency contact number, see Fig. 7A, accessing emergency contact information in P0054, P0104.) the protected PII data, (With protected data as patient data such as social security number, address and unique identifier, see social security number protected through encryption in P0080.) and the extended PHI data (See exemplary in P0019, where a person may authorize his or her general practitioner to obtain a complete medical history from a matrix code while a chiropractor, using the same matrix code, may only be able to obtain a subset of the medical history as authorized by a user. With extended PII data as a name, an emergency contact person name, an emergency contact number, see Fig. 7A, accessing emergency contact information in P0054, P0104.).
Mok teaches the basic PHI data (With basic PII data as medical data only accessed by an authorized user, see patient ID and medical file accessible to authorized user using an authorized portable medical assistant device shown in Fig. 4, P0045-P0046.).
Therefore, it would have been obvious to one of ordinary skill in the art of medical record management before the effective filing date of the claimed invention to modify the system and method of Hill to include categorizing protected and unprotected sets of patient information into basic PHI data and extended PHI data as taught by Mok to easily consolidate patient medical records, especially when large amounts of patient records have been accumulated over a long period of time.    
Regarding claims 6 and 20, Hill discloses:
wherein the first medical identifier is at least one of a Quick Response (QR) code, or a unique identifier (See matrix codes such as a Quick Response (QR) code in P0049 and encrypted QR image in P0080.).
Regarding claims 7 and 32, Hill discloses:
wherein the data collection module is further configured to enable the patient for updating the medical data periodically (Taught in P0047 as ingestion process of updated information and in P0074, where discharge summaries and exchange of progress notes between patient and medical professionals construes patient for updating the medical data periodically and communicating with messages in P0082.).
Regarding claims 8 and 21, Hill discloses:
wherein the identifier generation module is further configured to embed the unprotected PII data (With unprotected data as a name, an emergency contact person name, an emergency contact number, see Fig. 7A, accessing emergency contact information in P0054, P0104.) and the second medical identifier in the first medical identifier, such that the second medical identifier is used to access the protected PII data, the extended PHI data, or a combination thereof (See Fig. 1, generated machine-readable identifier 133 as the first medical identifier viewed with client device 106 as the second medical identifier mentioned in P0002, P0036-P0037, viewed with the client application 130. Decrypting encrypted, embedded data such as a password, biometric data or PIN in P0059 construes embedding unprotected PII data used to access the protected PII data as mentioned in P0021. In [P0104] the low access level to personal information construes protecting PII data while the high access level protecting medical history construe protecting the basic PHI.).
further comprising embedding the unprotected PII data (With unprotected data as a name, an emergency contact person name, an emergency contact number, see Fig. 7A, accessing emergency contact information in P0054, P0104.) and the second medical identifier in the first medical identifier, such that the second medical identifier is used to access the protected PII data, the extended PHI data, or a combination thereof (The machine-readable identifier provided for access control (P0024) so that a user of the client application can associate certain reader devices with particular access levels (P0043). See Fig. 1, generated machine-readable identifier 133 as the first medical identifier viewed with client device 106 as the second medical identifier mentioned in P0002, P0036-P0037, viewed with the client application 130. Decrypting encrypted, embedded data such as a password, biometric data or PIN in P0059 construes embedding unprotected PII data used to access the protected PII data as mentioned in P0021. In [P0104] the low access level to personal information construes protecting PII data while the high access level protecting medical history construe protecting the basic PHI.).
Mok teaches the basic PHI data (With basic PII data as medical data only accessed by an authorized user, see patient ID and medical file accessible to authorized user using an authorized portable medical assistant device shown in Fig. 4, P0045-P0046.).
Therefore, it would have been obvious to one of ordinary skill in the art of medical record management before the effective filing date of the claimed invention to modify the system and method of Hill to include categorizing protected and unprotected sets of patient information into basic PHI data and extended PHI data as taught by Mok to easily consolidate patient medical records, especially when large amounts of patient records have been accumulated over a long period of time.    


Regarding claims 9, 22 and 33, Hill discloses:
wherein the second medical identifier is a Uniform Resource Locator (URL) (The web-based application in P0076 serves as the Uniform Resource Locator (URL).)
Regarding claims 10 and 34, Hill discloses:
wherein the data transformation module is further configured to decrypt the medical data before displaying it on the user device (See, Fig. 2 and in [P0039] the reader application 136 is further executed to decrypt the encrypted user input obtained from the machine-readable identifier 133 and present the health information in the reader device display 127.)
Regarding claims 11, 23 and 35, Hill discloses:
wherein the data access module is further configured to provide access to the second set of medical data to the at least one user, in the online mode, when the first medical identifier is scanned by a registered medical application on the user device (See scanned machine-readable identifier to accessing and importing information into a chart or electronic health record (EHR) using the client application 130 in P0075, shown in Fig. 2.), and further scanning a unique identifier of the patient in case of an emergency condition (Taught in P0126, P0130, where medical information between various providers is shared in emergency situations.).
further comprising providing access to the second set of medical data to the at least one user, in the online mode, when the first medical identifier is scanned by a registered medical application on the user device (See scanned machine-readable identifier to accessing and importing information into a chart or electronic health record (EHR) using the client application 130 in P0075, shown in Fig. 2.), and further scanning the unique identifier of the patient in case of an emergency condition (Taught in P0126, P0130, where medical information between various providers is shared in emergency situations.).
Regarding claims 12, 24 and 36, Hill discloses:
wherein the data access module is further configured to identify the patient based on the unique identifier of the patient (Taught as encrypted and decrypted biometric data of user as a patient in P0059, P0061.).
further comprising identifying the patient based on a unique identifier of the patient (Taught as encrypted and decrypted biometric data of user as a patient in P0059, P0061.).
Regarding claims 13, 25 and 37, Hill discloses:
wherein the data access module is further configured to enable the at least one user to save a copy of the medical data on the user device in a predetermined order (Before fields are populated with updated data (Fig. 12, Steps 1212, 1215 and 1221), data conflict is resolved as a predetermine order process mentioned in P0113.).
further comprising enabling the at least one user to save a copy of the medical data on the user device in a predetermined order (Before fields are populated with updated data (Fig. 12, Steps 1212, 1215 and 1221), data conflict is resolved as a predetermine order process mentioned in P0113.).
Regarding claims 15 and 39: 
Coney explicitly teaches wherein the data access module is further configured to enable the patient to locate hospitals in a defined area (See controlled access of patient information within a physical proximity (Abstract, P0011, P0029) and Fig. 1A, where medial facilities include hospitals, physician’s offices and assisted living (P0030, P0037 and P0041).).
Therefore, it would have been obvious to one of ordinary skill in the art of securing patient information before the effective filing date of the claimed invention to modify the system and method of Hill and Mok to accessing PHI data within a medical facility only as taught by Coney to protect patient medical records, according to HIPAA.    
Regarding claims 16, 26 and 40, Hill discloses:
further comprising a notification module configured to transmit at least one notification to at least one emergency contact (See Fig. 7A, where the name, address and emergency contact (P0062) is collected in ingestion process (P0036, P0061] construe as collecting personal identifiable information, using Client Application 130 interface software as the data collection module.).
further comprising transmitting at least one notification to at least one emergency contact associated with the patient (See Fig. 7A, where the name, address and emergency contact (P0062) is collected in ingestion process (P0036, P0061] construe as collecting personal identifiable information, using Client Application 130 interface software as the data collection module for transmission.).
Regarding claims 17 and 41, Hill discloses:
further comprising a print module configured to print the at least one generated first medical identifier on at least one article (See P0072, where the user interface facilitates printing and Fig. 9, printed document 900, in P0086.)
Claims 14 and 38 are rejected under 35 U.S.C. 103 as being unpatentable over Hill (U.S. 2016/0260002 A1) in view of Mok (U.S. 2003/0140044 A1) in view of Coney (U.S. 2015/0310173 A1) further in view of Carlisle (U.S. 2018/0349480 A1).
Regarding claims 14 and 38, Carlisle explicitly teaches: 
wherein the data access module is further configured to automatically terminate an electronic session on the user device after a predetermined time of inactivity (Taught in P0224 as a screen terminated in response to a predetermined time of inactivity or a user operation.).
Therefore, it would have been obvious to one of ordinary skill in the art of mobile app management before the effective filing date of the claimed invention to modify the system and method of Hill, Mok and Coney to automatically terminate an electronic session on the user device after a predetermined time of inactivity as taught by Carlisle to maintain efficient battery life of a mobile device, especially used by a patient during an emergency.    

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TERESA S WILLIAMS whose telephone number is (571)270-5509. The examiner can normally be reached Mon-Fri, 8:30 am -6:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jason Dunham can be reached on (571) 272-8109. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/T.S.W./               Examiner, Art Unit 3686      
04/22/2022                                                                                                                                                                                   
/RACHELLE L REICHERT/               Primary Examiner, Art Unit 3686