Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION

1.        Claims 1 - 20 are pending.  Claims 1, 11 are independent.    
2.        This application was filed on 12-20-2019.  

Claim Rejections - 35 USC § 103  

3.        The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

4.        Claims 1 - 20 are rejected under 35 U.S.C. 103 as being anticipated by Lim et al. (US PGPUB No. 20170147755) in view of Aunger et al. (US PGPUB No. 20180211059).     	

Regarding Claim 1, Lim discloses a system for storing and indexing entries in a patient operational longitudinal record, the system comprising:
a)  at least one memory storing instructions; and b) at least one processor configured to execute the instructions to perform operations (see Lim paragraph [0017], lines 1-4: relates to a method for storing personal health records in a personal smart terminal or PC and managing them as a personal client based management method; (PC or terminal analogous to a computer system comprising a processor coupled to a memory (i.e. storing instructions for execution by processor)) comprising: 
c)  receiving a health update from a device; and mapping the health update to a health record; (see Lim paragraph [0023], lines 1-5: storage management unit views account information on a user's personal cloud repository, and updates and stores metadata on a corresponding account, and add and store a corresponding personal health record; paragraph [0025], lines 1-5: update performed by reading file metadata and record metadata on the user's account and adding and storing the file metadata and the record metadata; (update health record information, link health utilizing metadata associated with user and health information)) and  
e)  indexing and storing the health update and the operational data in association with the health record. (see Lim paragraph [0075], lines 1-5: metadata serves as an index for searching for and viewing information within personal health records, and personal health record management device reads metadata to determine a range of personal health records to be searched; paragraph [0091], lines 1-4: metadata serves as an index for searching for and viewing the personal health records and is configured with file metadata for file index and record metadata for item index)  

Lim does not specifically disclose for d) applying at least one stored rule to health update and health record to determine operational data, and for f) allowing access to health record based on an associated security protocol. 
However, Aunger discloses: 
d)  applying at least one stored rule to the health update and the health record to determine operational data; and f) allowing access to the health record based on an associated security protocol. (see Aunger paragraph [0006], lines 8-17: different applications are associated with disparate functionality, and user devices execute one or more applications to perform specific functionality (i.e. associated with health record information); user device includes particular firmware, or executes a particular software agent, on user device to provide low-level security (i.e. security level); user device accesses health records over a network that includes network components associated with or specifically trusted by system; through user device configurations and specified access requirements, access to received data is controlled; paragraph [0006], lines 30-34: other access requirements include, whether an access time of information is within an allowed time period or whether user device is authorized to present medical information)    
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Lim for d) applying at least one stored rule to health update and health record to determine operational data, and for f) allowing access to health record based on an associated security protocol as taught by Aunger.  One of ordinary skill in the art would have been motivated to employ the teachings of Aunger for the benefits achieved from a system that enables multiple access policies or rules to control access to user health information.  (see Aunger paragraph [0006], lines 8-17)  

Regarding Claim 2, Lim-Aunger discloses the system of claim 1, including rule type access information.  
Lim does not specifically disclose a machine learning algorithm. 
However, Aunger discloses wherein the at least one stored rule is generated from a machine learning algorithm. (see Aunger paragraph [0045], lines 8-14: applications are automated; machine learning based applications are utilized to request medical information and then analyze medical information; application automatically requests information from system; (machine learning to process health record information))    
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Lim for a machine learning algorithm as taught by Aunger.  One of ordinary skill in the art would have been motivated to employ the teachings of Aunger for the benefits achieved from a system that enables multiple access policies or rules to control access to user health information.  (see Aunger paragraph [0006], lines 8-17)

Regarding Claim 3, Lim-Aunger discloses the system of claim 1, access based on an authorization of a requesting device. 
Lim does not specifically disclose security protocol prescribes a degree of access based on an authorization. 
However, Aunger discloses wherein the security protocol prescribes a degree of access based on an authorization of a requesting device. (see Aunger paragraph [0006], lines 8-17: different applications are associated with disparate functionality, and user devices execute one or more applications to perform specific functionality; user device includes particular firmware, or executes a particular software agent, on user device to provide low-level security (i.e. degree of security); user device accesses health records over a network that includes network components associated with or specifically trusted by the system; through user device configurations and specified access requirements, access to received data is controlled; paragraph [0006], lines 30-34: other access requirements include, whether an access time of information is within an allowed time period or whether user device is authorized to present medical information)    
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Lim for security protocol prescribes a degree of access based on an authorization as taught by Aunger.  One of ordinary skill in the art would have been motivated to employ the teachings of Aunger for the benefits achieved from a system that enables multiple access policies or rules to control access to user health information.  (see Aunger paragraph [0006], lines 8-17)

Regarding Claim 4, Lim-Aunger discloses the system of claim 3, wherein the authorization of the requesting device is determined based on a data string extracted from a request of the requesting device. (see Lim paragraph [0070], lines 1-11: request for storing personal health records or request for searching for a necessary portion in pre-stored personal health records from the user, the personal health record management device requests a user ID and an access key for a corresponding personal cloud repository account; paragraph [0058], lines 1-6: user activates account of personal cloud repository through the cloud server and performs an authentication on the personal cloud repository by receiving a user ID, a password, and information of a corresponding personal repository for personal cloud repository; (identifier analogous to userID (i.e. extracted string) associated with a particular single individual))    

Regarding Claim 5, Lim-Aunger discloses the system of claim 1, wherein the health update and health record are associated with a single individual. (see Lim paragraph [0058], lines 1-6: user activates account of personal cloud repository through cloud server and performs an authentication on the personal cloud repository by receiving a user ID, a password, and information of a corresponding personal repository for personal cloud repository; (identifier analogous to userID (i.e. extracted string) associated with a particular single individual))    

Regarding Claim 6, Lim-Aunger discloses the system of claim 5, the operations further comprising mapping the health update based on a unique identifier included in the request, the unique identifier identifying the single individual. (see Lim paragraph [0058], lines 1-6: user may activate the account of the personal cloud repository through the cloud server and performs an authentication on the personal cloud repository by receiving a user ID, a password, and information of a corresponding personal repository for the personal cloud repository; (identifier analogous to userID (i.e. extracted string) associated with a particular single individual))   

Regarding Claim 7, Lim-Aunger discloses the system of claim 5, wherein the operational data is associated with the single patient. (see Lim paragraph [0019], lines 1-7: personal health record management method and device for efficiently maintaining and managing personal health records through a user as a subject (i.e. patient) by storing personal health records, which are accumulated and managed in various formats by each medical institution, in a user's personal repository; (identifier analogous to userID associated with a particular single individual, patient))    

Regarding Claim 8, Lim-Aunger discloses the system of claim 1, the operations further comprising authenticating the device, wherein mapping the health update to the health record is based on the authentication. (see Lim paragraph [0058], lines 1-6: user activates account of the personal cloud repository through cloud server and performs an authentication on personal cloud repository by receiving a user ID, a password, and information of a corresponding personal repository for the personal cloud repository; (identifier analogous to userID (i.e. extracted string) associated with a particular single individual))    

Regarding Claim 9, Lim-Aunger discloses the system of claim 1, wherein the storing comprises: storing the health record in a first database; and storing the operational data in a second database. (see Lim paragraph [0111], lines 1-5: metadata DB configured including a file metadata DB for storing file metadata for searching for or viewing the personal health records by each document unit and a record metadata DB for searching for and viewing the personal health records by each record; (at least two databases for storing health related and record information))    

Regarding Claim 10, Lim-Aunger discloses the system of claim 9, wherein the indexing comprises: indexing the health record and the operational data with the same identifier. (see Lim paragraph [0058], lines 1-6: user may activate the account of the personal cloud repository through the cloud server and performs an authentication on the personal cloud repository by receiving a user ID, a password, and information of a corresponding personal repository for the personal cloud repository; (identifier analogous to userID (i.e. extracted string) associated with a particular single individual); paragraph [0075], lines 1-5: metadata serves as an index for searching for and viewing information within personal health records, and personal health record management device reads metadata to determine a range of the personal health records to be searched; paragraph [0091], lines 1-4: metadata serves as an index for searching for and viewing personal health records and is configured with file metadata for file index and record metadata for item index))    

Regarding Claim 11, Lim discloses a system for retrieving aggregated operational statistics from an operational record database, the system comprising: 
a)  at least one memory storing instructions; and b) at least one processor configured to execute the instructions to perform operations (see Lim paragraph [0017], lines 1-4: relates to a method for storing personal health records in a personal smart terminal or PC and managing them as a personal client based management method; (PC or terminal analogous to a computer comprising a processor coupled to a memory (i.e. storing instructions for execution by processor)) comprising: 

While Lim discloses using metadata as an index for searching for and viewing the personal health records and is configured with file metadata for file index and record metadata for item index, Lim does not specifically disclose for c) access aggregated operational statistics; authenticating device sending request, and for f) anonymizing extracted information according to a selected anonymization rule, and for g) aggregating anonymized information into requested statistics, and for h) transmitting statistics to device. 
However, Aunger discloses: 
c)  receiving a request to access one or more aggregated operational statistics; authenticating a device sending the request; and e) retrieving one or more records based on the request and extract information related to the requested one or more statistics from each record. (see Aunger paragraph [0071], lines 16-22: information can be anonymized by the medical trust system, such that clinical researchers gain the benefits of large quantities of data without patients exposing personally identifiable information; analytic information provides statistical information related to the data, such as information identifying recent accesses; paragraph [0096], lines 1-7: medical trust system determines whether received authentication information is valid, and upon authentication, generates an encrypted token to be provided to the user device for access; (user authentication))    
d)  selecting one of a plurality of anonymization rules; and f) anonymizing the extracted information according to the selected anonymization rule; (see Aunger paragraph [0038], lines 5-13: application-layer protocol (health communication protocol) passes encrypted information from system to user devices; to decrypt the information, one or more constraints or requirements need to be satisfied; constraints are specified via the protocol; a particular person may need to be logged into a user device, a particular user device may need to be utilized or a particular application may be required to view the received information)        
g)  aggregating the anonymized information into the requested one or more statistics; (see Aunger paragraph [0071], lines 16-22: information can be anonymized by the medical trust system, such that clinical researchers gain the benefits of large quantities of data without patients exposing personally identifiable information; analytic information provides statistical information related to the data) and 
h)  transmitting the one or more statistics to the device. (see Aunger paragraph [0071], lines 16-22: analytic information provides statistical information related to the data, such as information identifying recent accesses; paragraph [0096], lines 1-7: medical trust system determines whether received authentication information is valid)    
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Lim for c) access aggregated operational statistics; authenticating device sending request, and for f) anonymizing extracted information according to a selected anonymization rule, and for g) aggregating anonymized information into requested statistics, and for h) transmitting statistics to device as taught by Aunger.  One of ordinary skill in the art would have been motivated to employ the teachings of Aunger for the benefits achieved from a system that enables multiple access policies or rules to control access to user health information.  (see Aunger paragraph [0006], lines 8-17)

Regarding Claim 12, Lim-Aunger discloses the system of claim 11, the operations further comprising determining an authorization of the device. 
Lim does not specifically disclose selected anonymization rule selected based on determined authorization. 
However, Aunger discloses wherein the selected anonymization rule is selected based on the determined authorization. (see Aunger paragraph [0009], lines 11-16: system associates an anonymized identifier with each patient; medical information of each patient references the anonymized identifier while not referencing personally identifiable information of patient; system determines access rights to medical information of a patient based on associated identifier)    
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Lim for selected anonymization rule selected based on determined authorization as taught by Aunger.  One of ordinary skill in the art would have been motivated to employ the teachings of Aunger for the benefits achieved from a system that enables multiple access policies or rules to control access to user health information.  (see Aunger paragraph [0006], lines 8-17)

Regarding Claim 13, Lim-Aunger discloses the system of claim 11, wherein the one or more records are stored in one or more databases. (see Lim paragraph [0111], lines 1-5: metadata DB configured including a file metadata DB for storing file metadata for searching for or viewing the personal health records by each document unit and a record metadata DB for searching for and viewing the personal health records by each record; (at least two databases for storing health related and record information))    

Regarding Claim 14, Lim-Aunger discloses the system of claim 1, the operations further comprising extracting a data string from the request. (see Lim paragraph [0058], lines 1-6: user may activate the account of the personal cloud repository through cloud server and performs an authentication on personal cloud repository by receiving a user ID, a password, and information of a corresponding personal repository for the personal cloud repository; (identifier analogous to userID (i.e. extracted string) associated with a particular single individual))    

Regarding Claim 15, Lim-Aunger discloses the system of claim 13, the operations further comprising identifying the one or more records based on the extracted data string. (see Lim paragraph [0058], lines 1-6: user may activate the account of the personal cloud repository through the cloud server and performs an authentication on the personal cloud repository by receiving a user ID, a password, and information of a corresponding personal repository for the personal cloud repository; (identifier analogous to userID (i.e. extracted string) associated with a particular single individual))    

Regarding Claim 16, Lim-Aunger discloses the system of claim 11, wherein the request contains an identifier of information requested. (see Lim paragraph [0058], lines 1-6: user may activate the account of the personal cloud repository through the cloud server and performs an authentication on the personal cloud repository by receiving a user ID, a password, and information of a corresponding personal repository for the personal cloud repository; (identifier analogous to userID (i.e. extracted string, identifier) associated with a particular single individual))    

Regarding Claim 17, Lim-Aunger discloses the system of claim 16, wherein the one or more records are selected from among a dataset based on the identifier. (see Lim paragraph [0058], lines 1-6: user may activate the account of the personal cloud repository through the cloud server and performs an authentication on the personal cloud repository by receiving a user ID, a password, and information of a corresponding personal repository for the personal cloud repository; (identifier analogous to userID (i.e. extracted string) associated with a particular individual))    

Regarding Claim 18, Lim-Aunger discloses the system of claim 16, wherein a first portion of the one or more records are retrieved from a first database and the first database propagates the request to a second database. (see Lim paragraph [0127], lines 1-8: divide the personal health records by a record unit and search for the personal health records, personal health records are required to be divided by a record unit according to an accurate schema, and if schema of the personal health records is not implemented properly or is defective or damaged and not able to verify access; paragraph [128], lines 1-9: procedure when schema of personal health records is not implemented properly or is defective or damaged, based on a result obtained by verifying schema of personal health records; if there is an issue based on the verification result, notifying user that a processing process such as searching for or storing corresponding personal health records cannot be performed)    

Regarding Claim 19, Lim-Aunger discloses the system of claim 18, wherein a second portion of the one or more records are retrieved from the second database based on the identifier. (see Lim paragraph [0058], lines 1-6: user may activate the account of the personal cloud repository through the cloud server and performs an authentication on the personal cloud repository by receiving a user ID, a password, and information of a corresponding personal repository for the personal cloud repository; (identifier analogous to userID (i.e. extracted string) associated with a particular individual))     

Regarding Claim 20, Lim-Aunger discloses the system of claim 11. 
Lim does not specifically disclose statistics transmitted to a database table viewable by device. 
However, wherein the statistics are transmitted to a database table viewable by the device. (see Aunger paragraph [0038], lines 5-13: application-layer protocol (i.e. health communication protocol) passes encrypted information from system to user devices; to decrypt information, one or more constraints or requirements need to be satisfied; constraints are specified via protocol; a particular person may need to be logged into a user device, a particular user device may need to be utilized or a particular application may be required in order to view received information)    
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Lim for statistics transmitted to a database table viewable by device as taught by Aunger.  One of ordinary skill in the art would have been motivated to employ the teachings of Aunger for the benefits achieved from a system that enables multiple access policies or rules to control access to user health information.  (see Aunger paragraph [0006], lines 8-17))

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CARLTON JOHNSON whose telephone number is (571)270-1032. The examiner can normally be reached Work: 12-9PM (most days).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CJ/
June 23, 2022

/SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436