The below contains confidential business information of athenahealth, Inc. This information may not be disclosed to third parties without the written consent of athenahealth, Inc.
athenahealth Service Proposal
311 Arsenal Street
Watertown, MA 02472
Order Fee ..............................$1.00 per Order
Subscription Fee……………...$150.00 per Month
You will be invoiced monthly and will pay the Subscription Fee plus the Per Order Fee as noted above.
For the athenaCoordinator® service, you will be charged $1.00 per Order (as defined in the athenaCoordinator® service description) received from athenaClinicals clients.
Travel expenses are not included in the fees listed above.
See "The athenaCoordinator Service Description" for more information on standard implementation activities and the process to request additional services. We look forward to doing business with you!
Proposal Number: ATHNCOCORE #001
ATHENAHEALTH MASTER SERVICES AGREEMENT
IMPORTANT - PLEASE READ CAREFULLY THE TERMS OF THIS ATHENAHEALTH MASTER SERVICES AGREEMENT. This Agreement is a binding, contractual agreement between You/Client and Athena (as defined below). This Agreement applies solely to Your/Client's access to and use of the athenaNet Services (as defined below).
BY CLICKING THE BUTTON BELOW LABELED "YES, I AGREE", YOU ARE INDICATING YOUR ACCEPTANCE AND AGREEING TO ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT. IF YOU DO NOT ACCEPT AND AGREE TO ALL OF THE FOLLOWING TERMS AND CONDITIONS, YOU MUST CLICK THE BUTTON LABELED "NO, I DO NOT AGREE," IN WHICH CASE YOU WILL NOT BE PERMITTED TO ACCESS OR USE THE ATHENANET SERVICES. YOUR CLICKING ON THE "YES, I AGREE" BUTTON CONSTITUTES YOUR ELECTRONIC SIGNATURE ON THIS AGREEMENT AND YOUR CONSENT TO EXECUTE THIS AGREEMENT ELECTRONICALLY. BY ACCEPTING THE AGREEMENT AS DESCRIBED ABOVE, (1) YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTAND, AND AGREE TO BE BOUND BY THIS AGREEMENT, (2) YOU REPRESENT THAT YOU ARE EIGHTEEN (18) YEARS OF AGE OR OLDER, AND (3) YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO ENTER INTO THIS AGREEMENT, PERSONALLY OR IF YOU HAVE NAMED A COMPANY, ON BEHALF OF THAT COMPANY (YOU OR ANY SUCH COMPANY, THE "CLIENT"), AND TO BIND THE CLIENT TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL TERMS AND CONDITIONS OF THIS AGREEMENT, OR IF YOU DO NOT HAVE SUCH AUTHORITY, YOU MUST NOT ACCEPT THIS AGREEMENT OR ACCESS THE ATHENANET SERVICES.
Section 1. Defined Terms.
"Agreement" means this Master Services Agreement, Exhibit A, the Third Party Terms, each Proposal, and each Service Description.
"Applicable Law" means all applicable federal, state, and local laws and regulations, including, without limitation, those relating to kickbacks, fraud and abuse, confidentiality (including HIPAA), Medicaid, or Medicare.
"Athena" is athenahealth, Inc. and its subsidiaries, 311 Arsenal St., Watertown, MA 02472; Tel: 617.402.1000; Fax: 617.402.1099.
"athenaNet" means the internet-based athenaNet® multi-user platform used to provide athenaNet Services, together with athenaNet Functionality and associated databases.
"athenaNet Content" means any data made available by Athena as part of any athenaNet Services and all documents, formats, forms, functions, and screens for organizing or presenting that data.
"athenaNet Functionality" means the software functionality of athenaNet that enables system access and use.
"athenaNet Services" means the services provided by Athena under this Agreement, including, but not limited to, access to and use of athenaNet by Client and the provision of athenaNet Content and Materials.
"Authorized Users" means those users designated by Client on athenaNet control screens who are (i) employees of Client or (ii) other individuals, corporations, or entities that are not competitors of Athena and that have a valid HIPAA business associate agreement or other agreement with Client and have been granted access to athenaNet by Client in its exercise of reasonable discretion and with respect to which Client has obtained reasonable assurances that they will comply with the access and use terms and the confidentiality terms in this Agreement.
"Billable Provider" means a physician or licensed or specially trained non-physician who is credentialed with payers, linked to Client's organization, and performs health services for Client's customers.
"Collections" means all sums received by Client for any health care items or services furnished by Client to patients if such sums are posted in athenaNet or if athenaNet Services have been used to schedule such health care or to bill, track, or follow up on such sums. Collections include, without limitation, co-pays, withhold returns, surplus distributions, bonus payments, incentive program payments, revenue sharing, capitation payments, and other managed care payments. Collections do not include (i) payments for Client administrative services not performed using athenaNet or athenaNet Services and (ii) amounts refunded to or taken back by any payer during the term of this Agreement in regard to sums qualified as Collections during that time.
"Collections" means information that is disclosed by one Party to the other and that the receiving Party knows is confidential to the disclosing Party or that is of such a nature that someone familiar with the type of business of the disclosing Party would reasonably understand is confidential to it. Without limitation, Confidential Information includes financial and other business information of either Party, athenaNet Functionality, athenaNet Content, Materials, and each Service Description. Notwithstanding the foregoing, Confidential Information does not include PHI or information that the receiving Party can demonstrate: (i) is in the public domain or is generally publicly known through no improper action or inaction by the receiving Party; (ii) was rightfully in the receiving Party's possession or known by it prior to receipt from the disclosing Party; (iii) is rightfully disclosed without restriction to the receiving Party by a third party without violation of obligation to the disclosing Party; or (iv) is independently developed for the receiving Party by third parties without use of the Confidential Information of the disclosing Party.
"Effective Date" means the date Client clicks the button below labeled "Yes, I agree" and agrees to the terms and conditions of this Agreement.
"HIPAA" means the Health Insurance Portability and Accountability Act of 1996, and associated regulations, as may be amended from time to time.
"Materials" means all instructions, manuals, specifications, and training Athena provides in connection with any athenaNet Services.
"Notice" is defined in Section 13 of the Agreement.
"Party" means Athena or Client. "Parties" means Athena and Client.
"PHI" means "protected health information" as that term is used under HIPAA. "Client PHI" means PHI that Athena receives from or on behalf of Client or creates on behalf of Client.
"Privacy Rule" means the privacy standards in 45 C.F.R. Part 160 and Part 164, subparts A and E.
"Proposal" means Athena Proposal # ATHHCOCORE 001 (unique identifier) and each Athena Proposal entered into by the Parties after the Effective Date and incorporated herein by reference.
"Security Rule" means the Security Standards in 45 C.F.R. Part 160 and Part 164, subparts A and C.
"Service Description" means each document periodically updated by Athena and incorporated herein that contains a description of athenaNet Services.
"Third Party Items" means the third party products and services incorporated into athenaNet and sublicensed to Client hereunder.
"Third Party Terms" means the third party pass-through terms and conditions set forth at http://www.athenahealth.com/tpt and incorporated by reference herein pursuant to which the Third Party Items are sublicensed to Client.
Section 2. Athena Services and Payment.
(a) (a) Athena will provide athenaNet Services as described in each applicable Service Description. The Parties agree to perform their respective obligations as set forth in this Agreement.
(b) (b) Client will pay Athena the fees and expenses as set forth in this Agreement within 30 days of the invoice date by check or wire transfer. Athena may, at its option, impose a late charge of 1½% per month on all amounts overdue beyond 10 days, but this charge will not waive or extend any obligation of Client to make payments when due.
Section 3. Term and Termination.
(a) This Agreement will have a term of one year from the Effective Date, and will automatically extend for additional consecutive one-year terms unless either Party provides Notice to the other Party no less than 90 days prior to the renewal date that it is terminating this Agreement at the end of the then current term.
(b) Either Party may terminate this Agreement or any athenaNet Services at any time, with or without cause, by providing the other Party with no less than 90 days Notice.
(c) Either Party may terminate this Agreement effective upon Notice to the other if (i) the other Party defaults in performance of any material provision of this Agreement and such default is not cured within a period of 30 days following Notice describing the specific default (10 days in the event of failure to pay amounts owed); (ii) the other Party violates Applicable Law (iii) voluntary or involuntary proceedings are commenced for the bankruptcy, receivership, insolvency, winding up, or dissolution of the other Party; or (iv) any right of the other Party under this Agreement becomes subject to any levy, seizure, assignment, application, or sale for or by any creditor or governmental agency.
(d) Athena may terminate this Agreement effective upon Notice if Client (i) violates the System and Service Access and Use provisions in Section 4 herein or (ii) violates the warranty in Section 7(f) herein.
(e) If Athena determines that any material Client information (including, but not limited to, Client size, type, specialty, configuration, annual volume of Client claims, or annual fee for service collections) is materially inaccurate, incomplete, or varies from the information actually recorded in athenaNet by at least 15%, Athena may require Client to agree to additional or alternative terms or pricing. If the Parties cannot reach mutual agreement after good faith discussion as to such alternative terms or pricing, Athena may terminate this Agreement upon 30 days Notice to Client.
(f) Client may terminate this Agreement upon 15 days Notice to Athena if any revision by Athena of a Service Description materially and adversely affects the service that it receives, provided that such Notice must be provided within 60 days after Client is first informed of such revision.
(g) Upon expiration or termination of this Agreement or any athenaNet Service, Client will immediately pay to Athena all amounts due hereunder for all services rendered through the date of termination.
Section 4. System and Service Access and Use.
(a) Access to athenaNet is provided solely to facilitate access to athenaNet Services. Client access to athenaNet is on a limited, non-exclusive, non-transferable basis only during the term of this Agreement. Client agrees that it will access athenaNet only (i) through its Authorized Users acting within the scope of their service for Client; (ii) on Athena's servers as authorized by Athena; (iii) for the internal use of Client; and (iv) from and within the United States. Client will not split patient service related billing and billing-related office workflow between different billing systems unless Client (i) uses a different tax identification number for claims submitted through a different billing system or (ii) agrees to use Athena's mixed remittance process with respect to such claims.
(b) Client will ensure that each Authorized User will comply with this Agreement as well as Applicable Law. Client will terminate any Authorized User's access to athenaNet (i) when an Authorized User ceases to perform work on behalf of Client or (ii) if an Authorized User breaches any term of this Agreement. Client is responsible for all acts and omissions of any Authorized User in connection with that Authorized User's access and use of athenaNet. Athena reserves the right to restrict or terminate an Authorized User's access to athenaNet if Athena determines in its reasonable discretion that such access has an adverse effect on Athena, including, without limitation, with respect to Athena's business or athenaNet.
(c) Client will not (i) access or use athenaNet in connection with the provision of any services to third parties (except the provision of health services by Client to its own patients); (ii) resell, lease, encumber, copy, distribute, publish, exhibit, or transmit athenaNet to any third party; (iii) derive specifications from, reverse engineer, reverse compile, disassemble, translate, record, or create derivative works based on athenaNet or any content contained therein; (iv) use athenaNet in a manner that delays, impairs, or interferes with system functionality for others or that compromises the security or integrity of any data, equipment, software, or system input or output; (v) enter data in athenaNet that is threatening, harmful, lewd, offensive, defamatory, or that injures or infringes the rights of others; (vi) apply systems to extract or modify information in athenaNet using technology or methods such as those commonly referred to as "web scraping," "data scraping," or "screen scraping"; or (vii) use athenaNet Services or any part or aspect of them for any unlawful purpose or to mislead or harass anyone. Use of or access to athenaNet not in accordance with the terms of this Agreement is strictly prohibited. Athena may, in its sole discretion, limit or suspend permission to access or use athenaNet immediately if the terms of this Section 4 are violated. Client agrees that such violation would cause Athena irreparable and immediate harm and that Athena is entitled to injunctive relief to prevent such violation.
Section 5. Confidential Information. Each Party will take reasonable steps and exercise reasonable care to hold any Confidential Information in confidence and not use it or disclose it to any other person or entity, except (i) as permitted under this Agreement or as reasonably necessary for the performance or enforcement of this Agreement; (ii) as agreed in writing by the other Party; (iii) for the Party's proper management and administration (provided that it obtains reasonable assurances from all recipients it will keep confidential and use it only for the purpose of its disclosure); or (iv) as required by law. The Parties will also comply with the terms set forth in Exhibit A hereto.
Section 6. Usage and Ownership. Except for the right to use athenaNet Services subject to the terms and conditions contained herein, this Agreement does not confer on Client a license in, ownership of, or interest in athenaNet Services. Athena developed athenaNet exclusively at its private expense. Client agrees that athenaNet, athenaNet Services, and all right, title, and interest in and to any aspect of them and all edits, improvements, additions, modifications, interfaces and derivative works prepared from or relating to them are and will remain the exclusive property of Athena. Athena will have the unrestricted and permanent right to use and implement all ideas, advice, recommendations, or proposals of Client with respect to athenaNet Services in any manner and in any media.
Section 7. Compliance.
(a) Each Party will comply with Applicable Law.
(b) The Parties acknowledge and agree that (i) any fees charged or amounts paid hereunder are not intended, nor will they be construed to be, an inducement or payment for referral of patients among Athena, Client, or any third party and (ii) they will not enter into any agreements, or otherwise make any payments, for the purpose of rewarding the referral of patients among Athena, Client, or any third party.
(c) The Parties will each separately maintain effective compliance programs consistent with the relevant compliance guidelines set forth by the Office of the Inspector General of the Department of Health and Human Services. The Parties will cooperate with each other to provide accurate and full responses to any material inquiry or concern of either Party related to compliance and to any reasonable request by either Party for clarification, documentation, or further information concerning Client billing or Client's provision of, or referrals related to, health services for its patients.
(d) Client warrants to Athena on a continuing basis throughout the term of this Agreement that Client will not bill or claim payment in any form, directly or indirectly, from any government health care program or other third-party payer for the cost of any athenaNet Services, including, without limitation, on a government cost report.
(e) No payment to or receivable of Client or any Billable Provider is assigned to Athena, and Athena is not the beneficiary of any such payment or receivable. All such payments and receivables (including, but not limited to, checks and electronic fund transfers) will be payable to Client or the Billable Provider and will remain the property of Client or the Billable Provider. Athena will not endorse or sign any such check or instrument. Any lockbox or other account into which Client payments or receivables are deposited will remain in the name of, and under the sole ownership and control of, Client or the Billable Provider and subject only to the instructions of Client or the Billable Provider. Athena will not be a signatory on or have any power to transfer or withdraw from any account into which Client or Billable Provider payments or receivables from any federally funded program are deposited.
(f) Each Party warrants that neither it nor any of its personnel to its knowledge (i) has been convicted of any crime arising from claims or other transactions, financial relationships, or financial dealings in connection with health care or (ii) has been excluded from any federal or state health care program. Client warrants to Athena that it and its Billable Providers are and will be duly licensed and authorized to provide and bill for the health services that they render.
(g) Client must verify the accuracy, completeness, and appropriateness of all information entered into or selected in athenaNet, including information from the Third Party Items, before such information is utilized. Client acknowledges and agrees that the professional duty to treat the patient lies solely with Client, and use of information contained in or entered into athenaNet or provided through athenaNet Services, in no way replaces or substitutes for the professional judgment or skill of Client. Client is responsible and liable for the treatment of patients as to whom Client and its personnel access or use the athenaNet Services, including responsibility for personal injury or loss of life. Client represents and warrants to Athena that (i) all data it provides to Athena or that it selects in athenaNet, including, but not limited to, codes and practitioner identifiers, are accurate and in conformity with all legal requirements; (ii) its medical records appropriately support all codes that it enters, selects or approves; (iii) it and its personnel are duly authorized to enter and access such data; (iv) and Athena is duly authorized to receive, use, and disclose such data subject to the terms of this Agreement. Athena is not a health plan or healthcare provider and it cannot and does not independently review or verify the medical accuracy or completeness the medical information entered into, or made available to it in, athenaNet. Use of and access to athenaNet Services, including, but not limited to, clinical information in athenaNet, is at the sole risk and responsibility of Client and any practitioner or health care provider or facility using data provided by Athena as part of athenaNet Services. Athena shall not be liable for any action or inaction of Client which may give rise to liability under the federal False Claims Act or any state version thereof.
Section 8. Warranties and Limitations.
(a) Athena warrants to Client that, to Athena's knowledge, athenaNet Functionality, when used properly and as expressly authorized by Athena does not infringe any valid patent, registered copyright, or other registered intellectual property right under laws of the United States, provided that Athena makes no warranty to the extent that such infringement results from (i) use or access of athenaNet by Client in combination with any data, software, or equipment provided by Client or any third party that could have been avoided by use or access of athenaNet without such data, software, or equipment or (ii) any breach of any agreement by, or any negligent or other wrongful act or omission of, Client or any third party acting on behalf of Client.
(b) Except as otherwise expressly provided herein, Athena undertakes no obligation to provide error-free or fault-free items or services, and athenaNet Services are provided "as is" with all faults and defects. EXCEPT AS EXPRESSLY PROVIDED HEREIN, ATHENA DISCLAIMS ALL REPRESENTATIONS AND WARRANTIES OF ANY KIND OR NATURE, EXPRESS OR IMPLIED (EITHER IN FACT OR BY OPERATION OF LAW), WITH RESPECT TO ANY SERVICE OR ITEM PROVIDED HEREUNDER, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY OF MERCHANTABILITY, TITLE, NON-INFRINGEMENT, OR FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY ARISING FROM CONDUCT, COURSE OF DEALING, CUSTOM, OR USAGE IN TRADE.
(c) No claim against Athena of any kind under any circumstances will be filed more than one year after Client knows of, or in the exercise of reasonable care could know of, such claim or an act or omission of Athena that would give rise to such claim.
(d) The remedy of a credit with respect to any "Minimum Service Commitment" described in the applicable Service Description will be the sole and exclusive remedy for the acts or omissions of Athena relating to the performance of that Minimum Service Commitment. Notwithstanding any provision in this Agreement to the contrary, the combined aggregate credit remedy with respect to all Minimum Service Commitments on account of any month is limited to a maximum of 20% of the monthly service fee for that month.
(e) Athena's cumulative, aggregate liability in connection with or arising in any way or in any degree from this Agreement, from athenaNet Services, or otherwise from the acts or omissions of Athena under any and all legal theories will not exceed the lesser of (i) $500,000 or (ii) the total amount paid by Client to Athena in the 12 months before such claim arose. If damages are measured by the cost of medical services provided or the dollar value of claims submitted, Athena's liability for such damages will not exceed the service fees attributable to such services or claims. Athena will not be liable for and will not incur any credit or remedy against it for failure to provide services or functionality with respect to any claim, statement, or transaction that it believes in good faith contains inaccurate, misleading, or otherwise improper information. NOTWITHSTANDING ANYTHING TO THE CONTRARY, ATHENA WILL NOT BE LIABLE UNDER ANY LEGAL THEORY FOR INDIRECT, EXEMPLARY, PUNITIVE, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OR LOSSES; LOST PROFITS OR BUSINESS OPPORTUNITIES; OR THE COST OF PROCUREMENT OF SUBSTITUTE ITEMS OR SERVICES. Client hereby acknowledges that the remedies set forth above are reasonable and will not fail of their essential purpose.
Section 9. Section 9. Sublicensed Intellectual Property. As applicable in connection with athenaNet Services, Athena hereby grants to Client a limited, non-exclusive, non-transferable, non-sublicensable and royalty-free sublicense to the Third Party Items subject to the Third Party Terms. Athena reserves the right to modify the Third Party Terms in the event Athena adds or replaces Third Party Items or as required in connection with changes to the third party license agreements for the Third Party Items. Athena agrees to use commercially reasonable efforts to post the current Third Party Terms on athenaNet and notify Client through an alert on athenaNet when Athena has posted revised Third Party Terms. The Third Party Items will not be deemed part of athenaNet, athenaNet Content, athenaNet Functionality, or athenaNet Services. All sublicenses granted hereunder are solely for Client's use in connection with athenaNet Services and will terminate on the earlier of expiration or termination of (i) this Agreement or (ii) the applicable agreement between Athena and the licensor of the Third Party Items.
Section 10. Force Majeure. No failure, delay, or default in performance of any obligation under this Agreement (other than payment obligations) will constitute a breach of this Agreement if it is caused by strike, fire, shortage of materials, act of a public authority, civil disorder, riot, vandalism, war, severe weather, natural disaster or other act of god; terrorism; or other cause that is beyond the reasonable control of the Party otherwise chargeable, for so long as such cause continues and for a reasonable period of time thereafter.
Section 11. Mediation. The Parties agree to submit all claims or controversies arising out of or relating to this Agreement to mediation in Boston, Massachusetts, in accordance with the American Health Lawyers Association (AHLA) Alternative Dispute Resolution Service Rules of Procedure for Mediation. Either Party may initiate such mediation by providing Notice to the other Party of demand for mediation and notifying the AHLA Alternative Dispute Resolution Service. The Parties will equally share the costs of the mediation. If the dispute is not resolved by mediation, the Party seeking relief will have the right to pursue all remedies available at law. Notwithstanding the foregoing, either Party may (i) terminate this Agreement according to its terms or (ii) seek injunctive relief to prevent irreparable and immediate harm.
Section 12. Choice of Law, Forum. This Agreement will be governed by the laws of the Commonwealth of Massachusetts applicable to agreements made and to be performed wholly within Massachusetts, without regard to its conflicts of laws principles. The Federal District Court for the District of Massachusetts or the business litigation section of the state superior court of Massachusetts will be the exclusive venue for any court proceeding between the Parties arising out of, or in connection with, this Agreement. The Parties hereby submit to and consent irrevocably to the jurisdiction of such courts for these purposes.
Section 13. Notice. Notice under this Agreement will mean written notification addressed to the individual signing this Agreement at the address listed above that is (i) delivered by hand, (ii) sent by traceable nationwide parcel delivery service, overnight or next business day service, or (iii) sent by certified United States mail. Properly mailed Notice will be deemed given 3 days after the date of mailing, and other Notice will be deemed made when received. A Party may change its address for Notice purposes by providing written Notice of such change to the other Party.
Section 14. Miscellaneous. This Agreement constitutes the entire agreement between the Parties relating to athenaNet Services and supersedes all prior agreements, understandings, and representations relating to athenaNet Services. No change in this Agreement will be effective or binding unless signed by Client and a duly authorized officer of Athena. Neither Party will assign this Agreement without the written consent of the other, provided that either Party may assign this Agreement with no less than 90 days prior Notice as part of a corporate reorganization, consolidation, merger, change of control with respect to its outstanding stock, or sale of substantially all of its assets, and provided further that the assigning Party and the assignee will remain liable for any unperformed obligations under this Agreement arising prior to the effective date of any such transaction. This Agreement will be binding on the Parties and their successors and permitted assigns. Nothing contained in this Agreement will be construed to create a joint venture, partnership, or like relationship between the Parties, and their relationship is and will remain that of independent Parties to a contractual service relationship. In no event will either Party be liable for the debts or obligations of the other Party. Client may not advertise, market, promote, or publicize in any manner its use of and access to athenaNet Services without the express written consent of Athena in each instance. Except as explicitly set forth herein, none of the provisions of this Agreement will be for the benefit of or enforceable by any third party. Section titles are for convenience only and will not affect the meaning of this Agreement. No failure by a Party to insist upon the strict performance of any term or condition of this Agreement or to exercise any right or remedy hereunder will constitute a waiver. In connection with athenaNet Services, a copy of a signed document sent by PDF or telephone fax will be deemed an original in the hands of the recipient. If any term or provision of this Agreement is invalid, illegal or unenforceable, such invalidity, illegality or unenforceability shall not affect any other term or provision of this Agreement or invalidate or render unenforceable such other term or provision. The following portions of this Agreement will survive termination and continue in force: Sections 5, 6, 8(b)-(e), 9, and 11 through 14.
Article 1 - Definitions. For purposes of this Exhibit A:
(a) "Agreement" means the Master Services Agreement to which this Exhibit A is attached.
(b) (b) The following terms used in this Exhibit A have the same meaning as those terms under HIPAA: Accounting of Disclosures; Breach; Business Associate; Designated Record Set; HITECH Act; Individual; and Unsecured PHI.
Article 2 - Athena's Duties. Athena will:
(a) not use or disclose Client PHI except (i) as required or permitted by law; (ii) as permitted under the terms of the Agreement or any permission of Client under the Agreement; or (iii) as incidental under HIPAA to another permitted use or disclosure;
(b) use reasonable and appropriate safeguards to prevent use or disclosure of Client PHI other than as provided in the Agreement;
(c) implement administrative, physical, and technical standards in accordance with the Security Rule to protect the confidentiality, integrity, and availability of Client PHI in electronic form ("EPHI");
(d) mitigate, to the extent practicable, any harmful effect of a use or disclosure of Client PHI by Athena that is known to Athena to violate the requirements of the Agreement;
(e) limit its request for Client PHI to the minimum amount necessary to accomplish the intended purpose of requests for, and uses and disclosures of, Client PHI in accordance with 45 C.F.R. 502(b)(1);
(f) report to Client as soon as practicable and as required by HIPAA and the HITECH Act any known use or disclosure of Client PHI by Athena not as provided by the Agreement and any "Security Incident" with respect to Client EPHI as defined in the Security Rule. Additionally, Athena will notify Client of any Breach of Unsecured PHI, and such notification shall be made without unreasonable delay following the date of discovery to enable Client to comply with the Breach disclosure requirements under the HITECH Act. Athena shall include within such notice identification, to the extent possible, of each Individual whose Unsecured PHI has been, or is reasonably believed by Athena to have been, accessed, used, or disclosed through the Breach and any other valuable information known to Athena that Client is required to include in its notice to affected Individuals. The reporting requirement set forth hereunder shall include, without limitation, disclosures that Athena is aware of that would need to be included in Client's Accounting of Disclosures under HIPAA and/or HITECH Act, provided that Athena is required by HIPAA and the HITECH Act as a Business Associate of Client to include such disclosures;
(g) require any agent, including a subcontractor, under the Agreement that creates, receives, maintains, or transmits Client PHI on behalf of Athena to agree in writing to substantially the same restrictions and conditions with respect to Client PHI and Client EPHI that apply through this Exhibit A to Athena with respect to such PHI;
(h) at the request of Client, provide access to Client PHI in a Designated Record Set to Client or, as properly directed by Client, to an Individual in order to meet the requirements under 45 C.F.R. §164.524;
(i) at the request of Client, make any amendment to Client PHI in a Designated Record Set that Client properly directs or agrees to pursuant to 45 C.F.R. §164.526;
(j) make its internal practices, books, and records relating to the use and disclosure of Client PHI available to the Secretary of Health and Human Services for purposes of the Secretary's determination of Client's compliance with HIPAA requirements;
(k) document such disclosures of Client PHI and information related to such disclosures as would be required for Client to respond to a request by an Individual for an Accounting of Disclosures of it in accordance with 45 C.F.R. §164.528;
(l) provide to Client information collected in accordance with this Article 2 to permit Client to respond to an appropriate request for an Accounting of Disclosures of Client PHI in accordance with 45 C.F.R. §164.528; and
(m) to the extent that Athena is to carry out any Client obligation(s) under subpart E of 45 C.F.R. Part 164, comply with the requirements of subpart E of 45 C.F.R. Part 164 that apply to Client in the performance of such obligation(s).
Article 3 - Client's Duties. Client will:
(a) not request, direct, or cause Athena to use or disclose PHI unless the use or disclosure is in compliance with applicable law relating to the privacy and security of patient data and is the minimum amount necessary for the legitimate purpose of such use or disclosure;
(b) notify Athena of any limitation in its notice of privacy practices in accordance with 45 C.F.R. §164.520, to the extent that such limitation may affect Athena's use or disclosure of Client PHI;
(c) notify Athena of any changes in, or revocation of permission by, an Individual to use or disclose Client PHI, to the extent that such changes may affect Athena's use or disclosure of Client PHI; and
(d) notify Athena of any restriction on the use or disclosure of Client PHI that Client has agreed to in accordance with 45 C.F.R. §164.522, to the extent that such restriction may affect Athena's use or disclosure of Client PHI.
Article 4 - Business Associate Permitted Purposes. Athena's use and disclosure of Client PHI is permitted for the following purposes:
(a) to provide athenaNet Services (including, but not limited to, receipt from and disclosure to payers, patients, vendors, and others in order to provide athenaNet Services);
(b) for "payment," "healthcare operations," and "treatment" as defined in HIPAA regulations (including, without limitation, testing and set up of electronic linkages for "payment" transactions);
(c) as expressly permitted in the Agreement;
(d) as required by law;
(e) to provide data aggregation services as permitted by 45 C.F.R. §164.504(e)(2)(i)(B);
(f) for the proper management and administration of Athena, including, without limitation, making and maintaining reasonable business records of transactions in which Athena has participated or athenaNet has been used (including back-up documentation); and
(g) to de-identify Client PHI and use such de-identified information in accordance with 45 C.F.R. §164.514(b).
To the extent Athena uses or discloses Client PHI for the purposes set forth in Article 4(f) or to carry out Athena's legal responsibilities, Athena will ensure that (i) such disclosures are required by Applicable Law or (ii) Athena obtains prior written reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by Applicable Law or for the purpose(s) for which it was disclosed to the person, and the person notifies Athena of any instances of which it is aware in which the confidentiality of the information has been breached in accordance with the breach notification requirements of this Exhibit A.
Article 5 - Business Associate Termination. Upon termination of the Agreement, Athena will return, destroy, or continue to extend protections to and limit the use and disclosure of Client PHI to the extent required by and in accordance with 45 C.F.R. §164.504(e)(2)(ii)(J), provided that the Parties agree that it is not feasible in light of reasonable business requirements, regulatory compliance requirements, and the rights and obligations under the Agreement for Athena to return or destroy its business records and transaction databases, including, but not limited to, records and databases of transactions for which Client has used athenaNet or in which Athena has engaged on behalf of Client or records and databases that reflect the use of athenaNet and information that Client or Athena has entered in athenaNet in the course of the Agreement to enable or perform athenaNet Services.
Article 6 - Business Associate Default. Any material default by Athena of its obligations under Articles 2 through 4 will be deemed a default of a material provision of the Agreement, and, if cure of such default and termination of the Agreement are not feasible, Client may report the default to the U.S. Secretary of Health and Human Services.
Article 7 - Athena Business Records. Subject to the other requirements and limitations of this Exhibit A, the business records of Athena and all other records, electronic or otherwise, created or maintained by Athena in performance of the Agreement will be and remain the property of Athena, even though they may reflect or contain Client PHI, Confidential Business Information of Client, or other information concerning or provided by Client. All de-identified information created by Athena in compliance with the Agreement will belong exclusively to Athena, provided that Client will not hereby be prevented from itself creating and using its own de-identified information.