Data encryption and data privacy technology are essential components of many Digital Health applications and platforms.  Increased scrutiny of privacy and cybersecurity practices by regulators, consumers and corporate risk management departments is driving innovation of newer and better data encryption technology.  But the speed of innovation for Digital Health and data encryption technology may lead to more patent disputes and questions regarding the patentability of software.  On September 10, 2015, the Patent Trial and Appeal Board (“Board”) initiated covered business method (“CBM”) review of Patent No. 8,473,452 B1 (“the patent”) in response to a petition filed by Symphony Health Solutions.  The patent involves aggregating, analyzing, de-identifying and encrypting protected health information (“PHI”) and other sensitive health-related information.  Symphony sought CBM review after being sued in U.S. district court for infringement by the patent’s owner, IMS Health.

The Board found that the patent was a “covered business method patent” and eligible for CBM review under Section 18 of the 2011 America Invents Act (“AIA”) because it claims a method for “performing data processing” in connection with a “financial product or service.”  PHI relates to pharmaceutical, medical and hospital claims used to make payments or reimbursements.  These data inform business decision-making, making the patent financial in the Board’s view.  The patent also was not an exempted “technological invention” because it uses “conventional computer equipment and programming” to process PHI.

The Board then considered whether the patent was more likely than not invalid.  The Patent Act, 35 U.S.C. §§ 101 and 103, respectively, provides that patents may not issue for abstract ideas or inventions that are obvious in light of prior knowledge.  The Board found that the patent was likely unpatentable on both grounds.

Under Section 101, the patent was “directed towards an abstraction—a ‘disembodied concept’ that represents a basic building block of human ingenuity,” because it describes encrypting, indexing and communicating data.  Reciting “databases and other conventional components” did not overcome the patent’s abstract nature because it used a computer simply to process data that “would be labor intensive and tedious if conducted by hand.”  Under Section 103, the Board found that the patent was likely obvious in light of several combinations of prior inventions.  A final written decision is expected by September 10, 2016.

The Board’s institution decision suggests that patents involving data processing may be subject to ongoing scrutiny as abstract or obvious.  Companies accused of infringement should consider CBM review as a faster and more cost-effective alternative to litigation to test the validity of patents, including those that do not immediately appear financial in nature.  This tool may be especially valuable to companies that regularly process and use encrypted data, especially health-care information and PHI, as part of their business.