DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on August 18, 2022, has been entered.

Status of Claims
Claims 1, 7, 12-13, and 15-16 are amended.
Claims 1-19 are pending.

Response to Remarks
35 U.S.C. § 103
Applicant’s remarks with respect to Ruff have been fully considered but are moot because the new ground of rejection does not rely on Ruff.  
Applicant’s remarks with respect to Haider have been fully considered but are not persuasive.  Applicant correctly contends that Haider initially describes the public key associated with a user identifier is used as a decryption key to decrypt a received digital signature.  However, Haider also describes in, for example ¶ 129, that the public key is later used to encrypt medical data requested by a patient.   

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 1, 7-13, and 15-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Pub. No. 2015/0032633 to Haider et al. in view of U.S. Patent Pub. No. 2018/0233225 to Experton et al. and U.S. Patent Pub. No. 2009/0049494 to Freundlich et al.
Per Claim 1: Haider discloses:
A method for receiving access to personal medical data, said method being executed on a mobile device and comprising: (see Haider at Abstract: An authentication system, a mobile electronic device, an instantiating unit and a method, as well as a computer program product are disclosed for the authentication of a patient against a central registry which exchanges data with a repository for the storage of medical data records.)
navigating a web client of the patient's mobile device to a web service; (see Haider at ¶ 111: After the encryption unit V has been installed locally on the device G, the user can on the first occasion subject himself to a registration process by way of the encryption unit V.)
receiving instructions from the web service for the web client to create a user account, the user account comprising an asymmetric key pair and a user identification (UID), the asymmetric key pair being formed by a public key and a private key, and the UID identifying the mobile device and referencing the public key of the asymmetric key pair stored in a data store; (see Haider at ¶ 76: To this end the encryption software is installed or loaded on the device. The user of the device can register himself on the device when first using same and subsequently carry out authentication processes.  See also ¶ 59: To this end, according to at least one embodiment of the invention the private key is stored in protected fashion (“hidden”) in the device and an associated public key is stored on the server.  See also ¶ 50: The instantiation is affected by the instantiating unit installing on the cell phone as part of the programs a key and the device ID in hidden fashion, in other words not readable, not recognizable by the device user/patient, not modifiable.  See also ¶ 55: The decryption unit exchanges data with the central protected memory in which an association between device ID and key is stored.)
storing the private key of the asymmetric key pair and the UID locally on the mobile device; (see Haider at ¶ 59: To this end, according to at least one embodiment of the invention the private key is stored in protected fashion (“hidden”) in the device and an associated public key is stored on the server.  See also ¶ 50: The instantiation is affected by the instantiating unit installing on the cell phone as part of the programs a key and the device ID in hidden fashion, in other words not readable, not recognizable by the device user/patient, not modifiable.)
preparing the public key of the asymmetric key pair to be filed in the data store under the UID, acting as key; (see Haider at ¶ 59: To this end, according to at least one embodiment of the invention the private key is stored in protected fashion (“hidden”) in the device and an associated public key is stored on the server.  See also ¶ 121: To this end the decryption unit E uses the device ID 50 to access the secure memory MEM in order to read out a decryption key 40′.)
generating a first code that encodes the UID such that the UID is represented in an encoded form and references the public key of the asymmetric key pair, [[the UID having a bit length that is less than a bit length of the public key;]] (see Haider at ¶ 54: The signature prototype is generated by appending the patient's name or the device ID to, or concatenating it with, a time stamp. The combined data record (with the device ID and the time stamp) is subsequently encrypted with the locally stored key. The resulting signature is then (preferably likewise initiated by the encryption unit) conveyed from the patient's local cell phone in the form of a message to the server.)
preparing the generated first code for transmission to a hospital server [[using a nearfield data transmission;]] (see Haider at ¶ 54: The resulting signature is then (preferably likewise initiated by the encryption unit) conveyed from the patient's local cell phone in the form of a message to the server.)
extracting the UID from the first code to obtain the UID; (see Haider at ¶¶ 83-84: The message with the signature and the device ID are received and where necessary (optionally) symmetrically decrypted. The device ID is acquired.)
accessing the data store with the UID to obtain the public key; (see Haider at ¶ 85: With the device ID acquired, access is effected to the central protected memory in order to read out the corresponding key (associated with the device ID) in each case.)
encrypting images using only the public key obtained from the data store to generate encrypted images, and [[storing the encrypted images in the data store;]] (see Haider at ¶ 129: The data which has been requested by the device G and following a successful authentication process is to be sent from the repository 12 to the device G is encrypted with the public key of the device G or of the requesting patient P. To this end the repository 12 accesses the public key of the registry 10.)
receiving the encrypted images from the data store; and (see Haider at ¶ 129: As soon as the data is then received on the device the encryption unit V can be designed to decrypt the encrypted data with the secret or private key.)
decrypting the received encrypted images with the private key to provide decrypted personal medical data on the mobile device. (see Haider at ¶ 129: As soon as the data is then received on the device the encryption unit V can be designed to decrypt the encrypted data with the secret or private key.)
However, Haider fails to disclose, but Experton, an analogous art of electronic health data, discloses:
transmitting a code using nearfield data transmission; (see Experton at ¶ 129: The record owner may connect a flash drive, smart card, a wirelessly connectable storage device, or the like to the computer. In one example, the record owner may present an NFC device, such as an RFID, a smart watch, a health or fitness tracker, eyewear, or smart phone that responds to or activates an NFC receiver on a provider computing workstation. See also ¶ 61: The electronic credentials may comprise a smart card, a USB flash drive, and radio-frequency identification (RFID) device, a Near Field Communication (NFC) token, web-enabled phones, etc.)
storing the encrypted images in the data store; (see Experton at ¶ 115: Patient data such as health records and personal health information may be stored in encrypted form in mobile devices 302 and 308.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Haider so that the code including the UID is transmitted using NFC and that the encrypted health records are stored using the techniques disclosed in Experton.  One of ordinary skill in the art would have been motivated to do so to as it would have been obvious to try transmitting the code using one of a finite number of identified predictable solutions for transmitting data.
However, the combination of Haider and Experton fails to disclose, but Freundlich, an analogous art of user identifiers and public key lengths, discloses:
the UID having a bit length that is less than a bit length of the public key; (see Freundlich at ¶ 62: The MAC address and/or device ID number may include, for example, a string of a predefined length, for example, six or ten bytes. The registration information corresponding to the module may also include a public encryption key ("PBLC_KEY") assigned to the module. The public encryption key may have any suitable format, for example, a string having a length of ten or sixty-four bytes.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Haider so that the user identifier has a shorter length than the public key as disclosed in Freundlich.  The claimed invention would have been obvious as it would have been obvious to try modifying user identification length as there are only one of three options, i.e., shorter than, longer than, or same as, the public key length.

Per Claim 12: Haider discloses:
A method for providing access to personal medical data, the method being executed on a server, and comprising: (see Haider at Abstract: An authentication system, a mobile electronic device, an instantiating unit and a method, as well as a computer program product are disclosed for the authentication of a patient against a central registry which exchanges data with a repository for the storage of medical data records.) 
receiving a code that encodes a user identification (UID) such that the UID is represented in an encoded form, wherein the UID identifies a mobile device and references a public key stored in a data store, the public key and a private key forming an asymmetric key pair, [[and the UID identifying the mobile device and having a bit length that is less than a bit length of the public key;]] (see Haider at ¶ 54: The resulting signature is then (preferably likewise initiated by the encryption unit) conveyed from the patient's local cell phone in the form of a message to the server.  See also ¶ 76: To this end the encryption software is installed or loaded on the device. The user of the device can register himself on the device when first using same and subsequently carry out authentication processes.  See also ¶ 59: To this end, according to at least one embodiment of the invention the private key is stored in protected fashion (“hidden”) in the device and an associated public key is stored on the server.  See also ¶ 50: The instantiation is affected by the instantiating unit installing on the cell phone as part of the programs a key and the device ID in hidden fashion, in other words not readable, not recognizable by the device user/patient, not modifiable.  See also ¶ 55: The decryption unit exchanges data with the central protected memory in which an association between device ID and key is stored.) 
extracting the UID from the received code; (see Haider at ¶¶ 83-84: The message with the signature and the device ID are received and where necessary (optionally) symmetrically decrypted. The device ID is acquired.)
accessing the data store with the extracted UID to obtain the associated public key of the asymmetric key pair; (see Haider at ¶ 85: With the device ID acquired, access is effected to the central protected memory in order to read out the corresponding key (associated with the device ID) in each case.)
encrypting personal medical data using only the public key obtained from the data store to generate encrypted personal medical data; and (see Haider at ¶ 129: The data which has been requested by the device G and following a successful authentication process is to be sent from the repository 12 to the device G is encrypted with the public key of the device G or of the requesting patient P. To this end the repository 12 accesses the public key of the registry 10.)
However, Haider fails to disclose, but Experton discloses:
sending the encrypted personal medical data to the data store so as to make the encrypted personal medical data accessible by the mobile device. (see Experton at ¶ 115: Patient data such as health records and personal health information may be stored in encrypted form in mobile devices 302 and 308.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Haider so that the medical records are stored in an encrypted form in a database using the techniques disclosed in Experton.  One of ordinary skill in the art would have been motivated to do so to securely store the sensitive medical information.
However, the combination of Haider and Experton fails to disclose, but Freundlich discloses:
the UID having a bit length that is less than a bit length of the public key; (see Freundlich at ¶ 62: The MAC address and/or device ID number may include, for example, a string of a predefined length, for example, six or ten bytes. The registration information corresponding to the module may also include a public encryption key ("PBLC_KEY") assigned to the module. The public encryption key may have any suitable format, for example, a string having a length of ten or sixty-four bytes.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Haider so that the user identifier has a shorter length than the public key as disclosed in Freundlich.  The claimed invention would have been obvious as it would have been obvious to try modifying user identification length as there are only one of three options, i.e., shorter than, longer than, or same as, the public key length.

Per Claim 13: Claim 13 is a combination of claims 1 and 12, discussed above.  Therefore, claim 13 is rejected under the combination of Haider, Experton, and Freundlich for the same reasons claims 1 and 12 are rejected.

Per Claim 15: Haider discloses:
A hospital server for providing access to personal medical data, said hospital server comprising: (see Haider at Abstract: An authentication system, a mobile electronic device, an instantiating unit and a method, as well as a computer program product are disclosed for the authentication of a patient against a central registry which exchanges data with a repository for the storage of medical data records.)
a code interface configured to receive a code that encodes a user identification (UID) such that the UID is represented in an encoded form, wherein the UID identifies a mobile device and references a public key stored in a data store, the public key and a private key forming, the public key and a private key forming an asymmetric key pair, [[the UID having a bit length that is less than a bit length of the public key;]] see Haider at ¶ 54: The resulting signature is then (preferably likewise initiated by the encryption unit) conveyed from the patient's local cell phone in the form of a message to the server.  See also ¶ 76: To this end the encryption software is installed or loaded on the device. The user of the device can register himself on the device when first using same and subsequently carry out authentication processes.  See also ¶ 59: To this end, according to at least one embodiment of the invention the private key is stored in protected fashion (“hidden”) in the device and an associated public key is stored on the server.  See also ¶ 50: The instantiation is affected by the instantiating unit installing on the cell phone as part of the programs a key and the device ID in hidden fashion, in other words not readable, not recognizable by the device user/patient, not modifiable.  See also ¶ 55: The decryption unit exchanges data with the central protected memory in which an association between device ID and key is stored.)
a processor configured to extract the UID from the received code; and (see Haider at ¶¶ 83-84: The message with the signature and the device ID are received and where necessary (optionally) symmetrically decrypted. The device ID is acquired.)
a data store interface configured to access the data store using the extracted UID to obtain the associated public key of the asymmetric key pair, (see Haider at ¶ 85: With the device ID acquired, access is effected to the central protected memory in order to read out the corresponding key (associated with the device ID) in each case.)
wherein the processor is further configured to use only the public key obtained from the data store to encrypt personal medical data to generate encrypted medical data, and (see Haider at ¶ 129: The data which has been requested by the device G and following a successful authentication process is to be sent from the repository 12 to the device G is encrypted with the public key of the device G or of the requesting patient P. To this end the repository 12 accesses the public key of the registry 10.)
However, Haider fails to disclose, but Experton discloses:
send the encrypted personal medical data to the data store to make the encrypted personal medical data accessible by the mobile device. (see Experton at ¶ 115: Patient data such as health records and personal health information may be stored in encrypted form in mobile devices 302 and 308.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Haider so that the medical records are stored in an encrypted form in a database using the techniques disclosed in Experton.  One of ordinary skill in the art would have been motivated to do so to securely store the sensitive medical information.
However, the combination of Haider and Experton fails to disclose, but Freundlich discloses:
the UID having a bit length that is less than a bit length of the public key; (see Freundlich at ¶ 62: The MAC address and/or device ID number may include, for example, a string of a predefined length, for example, six or ten bytes. The registration information corresponding to the module may also include a public encryption key ("PBLC_KEY") assigned to the module. The public encryption key may have any suitable format, for example, a string having a length of ten or sixty-four bytes.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Haider so that the user identifier has a shorter length than the public key as disclosed in Freundlich.  The claimed invention would have been obvious as it would have been obvious to try modifying user identification length as there are only one of three options, i.e., shorter than, longer than, or same as, the public key length.

Per Claim 16: Haider discloses:
A system for communication of personal medical data between a hospital server and a mobile device, comprising: (see Haider at Abstract: An authentication system, a mobile electronic device, an instantiating unit and a method, as well as a computer program product are disclosed for the authentication of a patient against a central registry which exchanges data with a repository for the storage of medical data records.)
a mobile device with a web client for receiving instructions from a web service; (see Haider at ¶ 76: To this end the encryption software is installed or loaded on the device. The user of the device can register himself on the device when first using same and subsequently carry out authentication processes.)
a data store in which a public key of an asymmetric key pair has been filed under a patient user identification (UID), acting as key, [[and in which personal medical data of the patient are stored in an encrypted form,]] the personal medical data being encrypted with the public key of the asymmetric key pair that is formed by the public key and a private key; and (see Haider at ¶ 59: To this end, according to at least one embodiment of the invention the private key is stored in protected fashion (“hidden”) in the device and an associated public key is stored on the server.  See also ¶ 121: To this end the decryption unit E uses the device ID 50 to access the secure memory MEM in order to read out a decryption key 40′.  See also ¶ 129: The data which has been requested by the device G and following a successful authentication process is to be sent from the repository 12 to the device G is encrypted with the public key of the device G or of the requesting patient P. To this end the repository 12 accesses the public key of the registry 10.)
a hospital server comprising a code interface configured to receive a code that encodes the user identification (UID) such that the UID is represented in an encoded form, wherein the UID identifies a mobile device and references the public key stored in the data store, [[the UID having a bit length that is less than a bit length of the public key;]] (see Haider at ¶ 54: The resulting signature is then (preferably likewise initiated by the encryption unit) conveyed from the patient's local cell phone in the form of a message to the server.  See also ¶ 76: To this end the encryption software is installed or loaded on the device. The user of the device can register himself on the device when first using same and subsequently carry out authentication processes.  See also ¶ 59: To this end, according to at least one embodiment of the invention the private key is stored in protected fashion (“hidden”) in the device and an associated public key is stored on the server.  See also ¶ 50: The instantiation is affected by the instantiating unit installing on the cell phone as part of the programs a key and the device ID in hidden fashion, in other words not readable, not recognizable by the device user/patient, not modifiable.  See also ¶ 55: The decryption unit exchanges data with the central protected memory in which an association between device ID and key is stored.)
a processor configured to extract the user identification from the received code; and (see Haider at ¶¶ 83-84: The message with the signature and the device ID are received and where necessary (optionally) symmetrically decrypted. The device ID is acquired.)
a data store interface configured to access a data store using the extracted UID to obtain the associated public key of the asymmetric key pair, (see Haider at ¶ 85: With the device ID acquired, access is effected to the central protected memory in order to read out the corresponding key (associated with the device ID) in each case.)
wherein the processor is further configured to use only the public key obtained from the data store to encrypt the personal medical data to generate the personal medical data in encrypted form, and (see Haider at ¶ 129: The data which has been requested by the device G and following a successful authentication process is to be sent from the repository 12 to the device G is encrypted with the public key of the device G or of the requesting patient P. To this end the repository 12 accesses the public key of the registry 10.)
However, Haider fails to disclose, but Experton discloses:
send the personal medical data in encrypted form to the data store to make the encrypted personal medical data in encrypted form accessible by the mobile device. (see Experton at ¶ 115: Patient data such as health records and personal health information may be stored in encrypted form in mobile devices 302 and 308.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Haider so that the medical records are stored in an encrypted form in a database using the techniques disclosed in Experton.  One of ordinary skill in the art would have been motivated to do so to securely store the sensitive medical information.
However, the combination of Haider and Experton fails to disclose, but Freundlich discloses:
the UID having a bit length that is less than a bit length of the public key; (see Freundlich at ¶ 62: The MAC address and/or device ID number may include, for example, a string of a predefined length, for example, six or ten bytes. The registration information corresponding to the module may also include a public encryption key ("PBLC_KEY") assigned to the module. The public encryption key may have any suitable format, for example, a string having a length of ten or sixty-four bytes.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Haider so that the user identifier has a shorter length than the public key as disclosed in Freundlich.  The claimed invention would have been obvious as it would have been obvious to try modifying user identification length as there are only one of three options, i.e., shorter than, longer than, or same as, the public key length.

Per Claim 7: The combination of Haider, Experton, and Freundlich discloses the subject matter of claim 1, from which claim 7 depends.  Haider further discloses:
wherein the first code encodes the UID so as to indirectly reference the public key of the asymmetric key pair stored in the data store. (see Haider at ¶ 55: The decryption unit exchanges data with the central protected memory in which an association between device ID and key is stored.)

Per Claim 8: The combination of Haider, Experton, and Freundlich discloses the subject matter of claim 1, from which claim 8 depends.  However, Haider fails to disclose, but Experton discloses:
wherein the nearfield data transmission transmits digital signals conditioned upon a personal presence of a patient identified with the mobile device and a user operating the hospital server. (see Experton at ¶ 129: The record owner may connect a flash drive, smart card, a wirelessly connectable storage device, or the like to the computer. In one example, the record owner may present an NFC device, such as an RFID, a smart watch, a health or fitness tracker, eyewear, or smart phone that responds to or activates an NFC receiver on a provider computing workstation.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Experton to transmit the user identifier using NFC using the techniques disclosed in Experton.  One of ordinary skill in the art would have been motivated to do so to enable a patient to present the identifier in person at a doctor’s office, for example.

Per Claim 9: The combination of Haider, Experton, and Freundlich discloses the subject matter of claim 1, from which claim 9 depends.  However, Haider fails to disclose, but Experton discloses:
wherein the nearfield data transmission comprises transmitting the generated first code using digital signals via an optical data transmission. (see Experton at ¶ 129: The record owner may also exchange authentication information with a provider using an optical reader or camera capture barcodes displayed by user or provider, and/or to capture biometric information that automatically enables access to the EHR information.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Haider so that the code is transmitted using optical transmission as disclosed in Experton.  The claimed invention would have been obvious as it would have been obvious to try an optical transmission as one of a number of identified, predictable solutions.

Per Claim 10: The combination of Haider, Experton, and Freundlich discloses the subject matter of claim 1, from which claim 10 depends.  However, Haider fails to disclose, but Experton discloses:
using, as the nearfield data transmission, a nearfield data transmission selected from the group consisting of a transmission of a QR code, transmission via a nearfield communication (NFC), and a Bluetooth connection. (see Experton at ¶ 129: The record owner may connect a flash drive, smart card, a wirelessly connectable storage device, or the like to the computer. In one example, the record owner may present an NFC device, such as an RFID, a smart watch, a health or fitness tracker, eyewear, or smart phone that responds to or activates an NFC receiver on a provider computing workstation. See also ¶ 61: The electronic credentials may comprise a smart card, a USB flash drive, and radio-frequency identification (RFID) device, a Near Field Communication (NFC) token, web-enabled phones, etc.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Haider so that the code including the UID is transmitted using NFC and that the encrypted health records are stored using the techniques disclosed in Experton.  One of ordinary skill in the art would have been motivated to do so to as it would have been obvious to try transmitting the code using one of a finite number of identified predictable solutions for transmitting data.

Per Claim 11: The combination of Haider, Experton, and Freundlich discloses the subject matter of claim 1, from which claim 11 depends.  Haider further discloses:
wherein the data store comprises a cloud server to be accessed via an internet protocol or within a hospital network in which the data store is operated by the hospital server. (see Haider at ¶ 50: The data exchange between instantiating unit and server can be a digital network (for example an internet-based network), a local network and where applicable also a mobile radio network.)

Per Claim 17: The combination of Haider, Experton, and Freundlich discloses the subject matter of claim 1, from which claim 17 depends.  However, Haider fails to disclose, but Experton discloses:
wherein the first code that encodes the UID represents a QR code. (see Experton at ¶ 43: In one example, a quick response code (QRC) may be presented to a healthcare provider, whereby the QRC includes information that can be used to identify a network location of the records, cryptographic keys necessary to decrypt the records once retrieved from the network location, and other information.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Haider so that the UID is transmitted via a QR code as disclosed in Experton.  One of ordinary skill in the art would have been motivated to do so to as it would have been obvious to try transmitting the code using one of a finite number of identified predictable solutions for transmitting data.

Per Claim 18: The combination of Haider, Experton, and Freundlich discloses the subject matter of claim 1, from which claim 18 depends.  However, Haider fails to disclose, but Experton discloses:
wherein the first code that encodes the UID represents a barcode. (see Experton at ¶ 129: The record owner may also exchange authentication information with a provider using an optical reader or camera capture barcodes displayed by user or provider, and/or to capture biometric information that automatically enables access to the EHR information.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Haider so that the UID is transmitted via a barcode as disclosed in Experton.  One of ordinary skill in the art would have been motivated to do so to as it would have been obvious to try transmitting the code using one of a finite number of identified predictable solutions for transmitting data.

Per Claim 19: The combination of Haider, Experton, and Freundlich discloses the subject matter of claim 1, from which claim 19 depends.  However, the combination of Haider and Experton fails to disclose, but Freundlich discloses:
wherein the bit length of the UID is 128 bits. (see Freundlich at ¶ 62: The MAC address and/or device ID number may include, for example, a string of a predefined length, for example, six or ten bytes. The registration information corresponding to the module may also include a public encryption key ("PBLC_KEY") assigned to the module. The public encryption key may have any suitable format, for example, a string having a length of ten or sixty-four bytes.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Haider so that the user identifier is 128 bits long using the techniques disclosed in Freundlich.  The claimed invention would have been obvious as the number of bits of the user identifier is a matter of trial and error rather than inventive concept.

Claim(s) 2 and 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Haider, Experton, and Freundlich as applied to claim 1 above, and further in view of U.S. Patent Pub. No. 2017/0277831 to Ruff et al.
Per Claim 2: The combination of Haider, Experton, and Freundlich discloses the subject matter of claim 1, from which claim 2 depends.  However, the combination of Haider, Experton, and Freundlich fails to disclose, but Ruff, an analogous art of accessing medical records, discloses:
executing the method as a web client with a web browser on the mobile device. (see Ruff at ¶ 19: Using a local computing device, such as a laptop, smartphone or tablet, a user will login, sending credentials to a registration server.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Haider so that a web browser rather than a dedicated application is used to access the health records as disclosed in Haider.  One of ordinary skill in the art would have been motivated to do so to as it would have been obvious to try as there are only a limited number of ways to access a web resource.

Per Claim 5: The combination of Haider, Experton, and Freundlich discloses the subject matter of claim 1, from which claim 5 depends.  However, the combination of Haider, Experton, and Freundlich fails to disclose, but Ruff discloses:
wherein the personal medical data comprises protected health information that is stored in the data store in encrypted form. (see Ruff at ¶ 32: The user will use the medical imaging device to capture an image.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Haider so that the data is stored in encrypted form using the techniques disclosed in Ruff.  One of ordinary skill in the art would have been motivated to do so to increase the security of the system.

Claim(s) 3-4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Haider, Experton, and Freundlich as applied to claim 1 above, and further in view of U.S. Patent Pub. No. 2013/0179194 to Lorsch.
Per Claim 3: The combination of Haider, Experton, and Freundlich discloses the subject matter of claim 1, from which claim 3 depends.  However, the combination of Haider, Experton, and Freundlich fails to disclose, but Lorsch, an analogous art of personal health records, discloses:
navigating the web client of the mobile device to a web service by accessing a Uniform Resource Locator (URL) link, where the web service is accessible. (see Lorsch at ¶ 73: There is access information 914 which includes a uniform resource locator (URL) such as a web site address which a cardholder may visit to activate a new account.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Haider so that the application accesses the hospital server by using a link as disclosed in Lorsch.  One of ordinary skill in the art would have been motivated to do so to make it easier for the patient to reach the image service.

Per Claim 4: The combination of Haider, Experton, and Freundlich discloses the subject matter of claim 1, from which claim 4 depends.  However, the combination of Haider, Experton, and Freundlich fails to disclose, but Lorsch discloses:
navigating the web client of the mobile device to a web service by scanning a provided second code, which directs the web client to a Uniform Resource Locator (URL) link, where the web service is accessible. (see Lorsch at ¶ 73: Alternatively such information may be provided by a QR-code or other type of bar code.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Haider so that a user navigates to the image service by scanning a code as disclosed in Lorsch.  One of ordinary skill in the art would have been motivated to do so to make it easier for the patient to reach the image service.

Claim(s) 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Haider, Experton, and Freundlich as applied to claim 1 above, and further in view of U.S. Patent Pub. No. 2003/0033168 to Califano et al.
Per Claim 6: The combination of Haider, Experton, and Freundlich discloses the subject matter of claim 1, from which claim 6 depends.  However, Haider fails to disclose, but Experton discloses:
receiving a patient consent form on the mobile device, the consent form being uniquely dedicated to the mobile device based on the extracted UID; (see Experton at ¶ 102: In some instances, consent is affirmatively provided. A healthcare application may notify the patient that EHRs are to be transferred and may explicitly request affirmation of the desire to transfer the EHRs.)
providing a completed consent form; (see Experton at ¶ 102: In some instances, consent is affirmatively provided. A healthcare application may notify the patient that EHRs are to be transferred and may explicitly request affirmation of the desire to transfer the EHRs.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Haider to include informed consent when sharing healthcare data using the techniques disclosed in Experton.  One of ordinary skill in the art would have been motivated to do so to enable a patient to control who may view sensitive health information.
However, the combination of Haider, Experton, and Freundlich fails to disclose, but Califano, an analogous art of informed consent, discloses:
signing the completed consent form with the private key; and preparing the signed completed consent form for transmission to the data store. (see Califano at ¶ 119: In alternative practices different kinds of execution may be employed such as digital signatures, biometric identity verifications and authorizations and other similar types of processes.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Experton to sign the consent forms as disclosed in Califano.  One of ordinary skill in the art would have been motivated to do so to increase the security of the system.

Claim(s) 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Haider, Experton, and Freundlich as applied to claim 13 above, and further in view of U.S. Patent Pub. No. 2010/0174551 to Kiley.
Per Claim 14: The combination of Haider, Experton, and Freundlich discloses the subject matter of claim 13, from which claim 14 depends.  However, the combination of Haider, Experton, and Freundlich fails to disclose, but Kiley, an analogous art of healthcare, discloses:
via the hospital server: accessing a Radiology Information System to calculate an estimated waiting time for a scheduled medical examination for the patient; and transmitting the estimating waiting time in an estimated-wait-message to the mobile device. (see Kiley at ¶ 6: The method comprises receiving a username and a corresponding password; determining an emergency medical facility associated with the username; receiving an estimated waiting time; updating a current waiting time associated with the emergency medical facility; and providing notification of the updated current waiting time to a patient having a reserved visitation time for the emergency medical facility.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Haider to provide estimated wait times to a patient as disclosed in Kiley.  One of ordinary skill in the art would have been motivated to do so to keep patients apprised of the expected schedule.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
U.S. Patent Pub. No. 2010/0277274 discloses a system and method of issuing patient identification devices to patients in a self service fashion at a provider facility. The system includes a processor for obtaining first patient identification information from a patient, for retrieving second patient identification information from patient records, for positively identifying the patient by comparing the first identification information to the second identification information, for initiating a patient identification device with a code unique to the patient, for issuing the identification device to the patient, and for storing an indication that the identification device has been initiated and issued.
U.S. Patent Pub. No. 2014/0156988 discloses a method, system, and/or computer program product provides medical information on a communication network. Encrypted medical information in a decryption request is received from a first computer connected to the communication network at a second computer, the second computer holding decryption information. The second computer determines whether or not the second computer holds decryption information for decrypting the encrypted medical information. In response to the second computer determining that the second computer holds the decryption information, the second computer checks with a third computer as to whether the first computer is authenticated. In response to the first computer being authenticated, the second computer: acquires the encryption information from the third computer; decrypts the encrypted medical information to create decrypted medical information; encrypts the decrypted medical information to create encrypted decrypted medical information; and sends the encrypted decrypted medical information to a sender that has sent the encrypted medical information.
U.S. Patent Pub. No. 2017/0303119 discloses an information processing system includes an information processing device including a processor, an electronic tag configured to store first identification information used for identifying a monitor target, and a sensor device configured to acquire first monitor information of the monitor target, wherein the processor is configured to transmit, to the sensor device and a server device, a first encryption key corresponding to the first identification information, and transmit, to the sensor device and a server device, second identification information used for identifying the first encryption key, and the sensor device is configured to acquire the first identification information from the electronic tag, encrypt the first monitor information using the first encryption key that corresponds to the first identification information, and transmit, to the server device, the encrypted first monitor information and the second identification information.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NILESH B KHATRI whose telephone number is (571)270-7083. The examiner can normally be reached 8:30 AM - 5:30 PM Monday-Friday, alternating Fridays off.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on (571) 270-1492. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/N.B.K./Examiner, Art Unit 3685                                                                                                                                                                                                        

/NEHA PATEL/Supervisory Patent Examiner, Art Unit 3685