DCT

9:25-cv-00087

Web 20 Tech LLC v. St Lukes Health Memorial Hospital

Log In
Key Events
Amended Complaint
complaint Intelligence

I. Executive Summary and Procedural Information

  • Parties & Counsel:
  • Case Identification: 9:25-cv-00087, E.D. Tex., 07/29/2025
  • Venue Allegations: Venue is alleged to be proper as the Defendant maintains a regular and established place of business in the Lufkin Division of the Eastern District of Texas, where acts of infringement are alleged to have occurred.
  • Core Dispute: Plaintiffs allege that Defendant's customized Electronic Health Record (EHR) systems, which are certified to comply with federal "Meaningful Use" standards, directly infringe two patents related to methods for managing online repositories of personal and health information.
  • Technical Context: The case centers on Electronic Health Record (EHR) systems, a technology domain heavily influenced by federal legislation, such as the HITECH Act, which incentivizes healthcare providers to adopt and demonstrate "Meaningful Use" of certified EHR technology to improve care quality and data interoperability.
  • Key Procedural History: The complaint does not mention any prior litigation, Inter Partes Review (IPR) proceedings, or licensing history related to the asserted patents.

Case Timeline

Date Event
2000-01-07 Earliest Priority Date for U.S. Patent No. 9,465,913
2000-01-07 Earliest Priority Date for U.S. Patent No. 9,886,594
2016-10-11 U.S. Patent No. 9,465,913 Issued
2018-01-01 EHR incentive program name changed to "Promoting Interoperability" (approximated from complaint)
2018-02-06 U.S. Patent No. 9,886,594 Issued
2025-07-29 Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 9,465,913 - Online Repository for Personal Information (issued Oct. 11, 2016)

The Invention Explained

  • Problem Addressed: The patent background describes inefficiencies and annoyances arising from the need to repeatedly provide personal information to various online and offline entities (e.g., websites, credit agencies, healthcare providers) Compl. ¶23 '913 Patent, col. 1:28-46 It notes the lack of a single, user-controlled system to store, manage, and selectively distribute this information.
  • The Patented Solution: The invention provides a method and system for a central server to act as a secure repository for a user's personal information. The user can establish an account, enter various types of personal data, and assign security levels to different pieces of information '913 Patent, col. 2:48-55 Authorized third-party "requesters" can then access specific portions of this information based on authorization provided by the user, with the system tracking all access for an audit trail '913 Patent, abstract '913 Patent, col. 7:1-9
  • Technical Importance: This approach provided a framework for centralizing user data management, giving the user control over selective disclosure to third parties and creating a verifiable record of access.

Key Claims at a Glance

  • The complaint asserts infringement of one or more claims, including independent claim 1 Compl. ¶28
  • The essential elements of independent claim 1 include:
    • A computer-implemented method of permitting access to a patient's personal health record (PHR) stored in an online repository.
    • Establishing an account for a patient on a server computer.
    • Storing the patient's PHR in a data storage area associated with the account.
    • Associating patient-established control settings with the PHR, where these settings can restrict access to designated requesters.
    • Receiving an access request from a designated requester accompanied by an identifier and authorization.
    • Verifying the authorization information.
    • Selecting and sending a portion of the PHR to the requester in accord with the control settings.
    • Recording each access of the PHR.
    • Enabling access to the PHR in a medical emergency.
    • Receiving and storing updates to the PHR from an authorized party.
    • Automatically notifying the patient if the PHR is changed.
  • The complaint reserves the right to assert other claims as discovery progresses Compl. ¶34

U.S. Patent No. 9,886,594 - Online Electronic Health Record (issued Feb. 6, 2018)

The Invention Explained

  • Problem Addressed: The patent background identifies a need for a method and system to improve upon existing online personal libraries and information repositories, particularly in the context of sharing restricted or sensitive information in a controlled manner '594 Patent, col. 1:10-14 '594 Patent, col. 2:1-7
  • The Patented Solution: The invention describes a server-based method for managing a multi-user repository of electronic health records. The system establishes accounts for a plurality of users (e.g., patients), receives medical information from them, and stores it '594 Patent, abstract It allows a second, authorized user (e.g., a doctor) to provide updates to a first user's (e.g., a patient's) medical information, verifies the identity of that second user, and stores the updated information '594 Patent, claim 1
  • Technical Importance: The technology provides a structured method for multiple authenticated users to interact with and update a centralized health record, a foundational concept for interoperable electronic health systems.

Key Claims at a Glance

  • The complaint asserts infringement of one or more claims, including independent claim 1 Compl. ¶36
  • The essential elements of independent claim 1 include:
    • A method performed by a server computer.
    • Establishing accounts for a plurality of users.
    • Receiving a first user's medical information from a client computer.
    • Establishing an account for the first user if one does not already exist.
    • Storing an indication of the first user's medical information in their account.
    • Receiving an update to the first user's medical information from a second user, who is authorized by the first user.
    • Verifying the identity of the second user.
    • Receiving approval or disapproval for the update from one or more registered users.
    • Storing identifying information of the user(s) who approved or disapproved the update.
    • Storing the updated medical information.
    • Automatically sending the updated information to a designated requester.
  • The complaint reserves the right to assert other claims as discovery progresses Compl. ¶42

III. The Accused Instrumentality

Product Identification

The accused instrumentalities are "customized EHR systems, platforms, and/or services" that Defendant designs, develops, uses, or maintains Compl. ¶8

Functionality and Market Context

  • The complaint alleges that the accused EHR systems are designed and configured to comply with the federal "Meaningful Use" ("MU") program, now known as "Promoting Interoperability," and Certified Electronic Health Record Technology (CEHRT) standards Compl. ¶8 Compl. ¶14
  • This functionality is alleged to include the electronic exchange of health information, improving care coordination, ensuring privacy and security, and engaging patients in their own healthcare Compl. ¶11 The complaint's exhibits allege these systems operate in compliance with specific federal regulations governing patient data access, authentication, and information sharing Compl. Ex. 2 at 3 Compl. Ex. 4 at 3 The complaint includes a screenshot of Defendant's "Notice of Privacy Practices" to support the allegation that Defendant operates systems for managing and sharing electronic patient health information Compl. Ex. 2 at 4
  • Plaintiffs allege Defendant uses these infringing systems to qualify for federal financial incentives and avoid penalties associated with non-compliance with the MU standards Compl. ¶12 Compl. ¶13

IV. Analysis of Infringement Allegations

'913 Patent Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
A computer implemented method of permitting access to a patient's personal health record (PHR) stored in an online repository... Defendant's use of Certified EHR systems, which are required by HIPAA, the HITECH Act, and CEHRT to permit the sharing of patients' personal health records stored in an online repository with designated requestors. ¶30 col. 2:48-55
establishing an account for a patient with a server computer, the account being associated with data storage area configured to store patient's personal health information; Certified EHR systems establish a patient account by creating an electronic health record, which is defined as an electronic record of health-related information on an individual managed by authorized health care staff. ¶30 col. 9:45-50
associating patient-established control settings with the patient's personal health information stored in the PHR, the patient-established control settings enable the patient to restrict access... to one or more designated requesters; Certified EHR systems provide patient engagement tools that allow patients to authorize designated requesters to access their PHR, and implement access controls to allow access only to persons or software programs with granted rights. ¶30 col. 12:40-47
receiving from a designated requester an access request via a second computer, the access request being accompanied by an identifier for the patient and authorization information... Certified EHR systems receive requests and verify that a person seeking access to electronic health information is the one claimed and is authorized, based on unique identifiers. ¶30 col. 11:1-5
enabling access to the patient's PHR in the case of a medical emergency involving the patient; The EHR systems operate under regulations (45 C.F.R. § 164.510) that permit the disclosure of a patient's health records without the patient's agreement in emergency circumstances, based on professional judgment. ¶30 col. 12:35-39
if the patient's PHR is changed, then automatically notifying the patient via an electronic message that a change has been made to the patient's PHR. Certified EHR systems are required under federal regulations (45 C.F.R. 164.404) to notify an individual following the discovery of a breach of their protected health information, or to inform the individual when a requested amendment to their record is accepted. ¶30 col. 2:61-64

Identified Points of Contention:

  • Scope Questions: A central question may be whether the term "patient-established control settings" as used in the patent can be construed to cover the provider-managed, HIPAA-regulated access controls of a CEHRT system. The analysis may explore the degree of control a patient actually has versus the control retained by the healthcare provider ("covered entity").
  • Technical Questions: The infringement theory for "automatically notifying the patient" relies on regulations for breach notification and amendment acceptance. A point of contention could be whether these specific, event-triggered notifications meet the broader claim limitation of notifying the patient whenever the "PHR is changed," which could be interpreted to cover any data entry or routine update.

'594 Patent Infringement Allegations

Claim Element (from Independent Claim 1) Alleged Infringing Functionality Complaint Citation Patent Citation
A method... performed by a server computer: establish accounts for each of a plurality of users; Certified EHR systems establish accounts for a plurality of users (patients), with each account being equivalent to an EHR that stores health-related information. ¶38 col. 17:55-61
receive from the client computer the first user's medical information; Certified EHR systems receive and record a user's health-related information, which is created, gathered, managed, and consulted by authorized clinicians and staff. ¶38 col. 18:43-50
receive, from a second user, an update to the first user's medical information, the second user being authorized by the first user to make such update to the first user's medical information; The system allows a patient to authorize a designated requestor (a second user) to access or obtain information from the patient's record, and the record can be updated by other providers. ¶38 col. 17:6-14
verify the identity of the second user; Certified EHR systems are required to verify against a unique identifier (e.g., username) that a person seeking access is the one claimed and is authorized to access the information. ¶38 col. 17:1-5
receive approval or disapproval for the update from one or more users registered with the server computer system; Certified EHR systems operate under regulations allowing a covered entity to accept or deny a patient's request for an amendment to their health information. ¶38 col. 18:66-col. 19:4
automatically send the updated first user's medical information to a designated requestor. Once an amendment is accepted, the covered entity must make reasonable efforts to inform and provide the amendment to persons identified by the individual as needing it. ¶38 col. 20:6-12

Identified Points of Contention:

  • Scope Questions: The claim requires receiving "approval or disapproval for the update from one or more users." The complaint maps this to a healthcare provider's (covered entity's) right to accept or deny a patient's requested amendment. A potential dispute is whether a "user" in the context of the claim can be the provider entity itself, or if the claim contemplates a different type of user-to-user approval mechanism.
  • Technical Questions: It may be contested whether the regulatory process for a patient requesting an amendment, which the provider then accepts or denies, is the same as the claimed step of the system receiving an update from an already-authorized second user and then separately receiving approval for that update. The sequence and nature of the actions may not align.

V. Key Claim Terms for Construction

For the '913 Patent

  • The Term: "patient-established control settings"
  • Context and Importance: This term is critical because the degree of control the "patient" must "establish" is central to the infringement allegation. The accused systems are governed by a complex regulatory framework where the healthcare provider, as a "covered entity," has significant control and legal obligations over data access. The definition of this term will determine whether the access permissions within a CEHRT system, which are co-managed by the provider, can be considered "patient-established."
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The specification discusses the user's ability to "selectively authorize" information to be distributed, which could suggest any mechanism through which the patient initiates or consents to access restrictions falls within the term's scope '913 Patent, col. 2:60-63
    • Evidence for a Narrower Interpretation: The detailed description of the "security module" and assigning security levels to individual "information objects" could support a narrower reading that requires the patient to have direct, granular control over specific data fields, rather than just general consent for access by certain provider types '913 Patent, col. 12:40-56

For the '594 Patent

  • The Term: "user"
  • Context and Importance: The claim recites a "first user" (from whom information is received), a "second user" (who provides an update), and "one or more users" (who approve/disapprove the update). The complaint's infringement theory appears to map the "first user" to the patient and the "second user" to an authorized provider. The "approving user" is mapped to the provider entity itself when it denies or accepts a requested amendment. Practitioners may focus on whether the term "user" can consistently encompass these distinct roles (patient, provider, provider-as-gatekeeper) within the context of a single claim.
  • Intrinsic Evidence for Interpretation:
    • Evidence for a Broader Interpretation: The patent defines a "user" as "a person or a computer program that creates or effectively 'owns' the online personal library" '594 Patent, col. 2:30-33 This broad definition could support an interpretation where different entities can be a "user" in different contexts.
    • Evidence for a Narrower Interpretation: The claim structure distinguishes between the "first user" and "second user," suggesting they are distinct actors. The further step of receiving approval from "one or more users" could imply a third category of actor is required, potentially raising questions about an interpretation where the "second user" (provider) and the "approving user" (provider entity) are the same.

VI. Other Allegations

  • Indirect Infringement: The complaint does not contain allegations of induced or contributory infringement. Both counts allege direct infringement under 35 U.S.C. § 271(a) Compl. ¶28 Compl. ¶36
  • Willful Infringement: The complaint does not explicitly allege willful infringement. The prayer for relief requests a finding that the case is "exceptional" under 35 U.S.C. § 285 for the purpose of awarding attorneys' fees, but does not plead the facts typically associated with a willfulness claim Compl. Prayer C

VII. Analyst's Conclusion: Key Questions for the Case

This case will likely depend on the court's interpretation of broad patent claims as applied to the highly specific, regulated environment of modern EHR systems. The central questions for the court appear to be:

  1. A core issue will be one of definitional scope: Can the term "patient-established control settings" from the '913 patent, which implies direct user control, be construed to cover the provider-administered access protocols required in a HIPAA-compliant EHR system where the healthcare entity retains ultimate control and legal responsibility?
  2. A key legal and factual question will be one of functional mapping: Do the specific, regulated workflows of a CEHRT system-such as a patient requesting an amendment that a provider then approves-perform the same steps in the same way as the method claimed in the '594 patent, which recites a system receiving an update from one authorized user and then separately receiving approval for it from another?
  3. An overarching question will be one of technological congruence: Do the generalized methods for managing personal information, conceived around the year 2000, align with the specific architecture and government-mandated functionalities of the accused Certified EHR systems, or is there a fundamental mismatch between the patented concepts and the accused technology?