The URL can be used to link to this page

Browse Search

Home My WebLink About20223239.tiffRESOLUTION RE: APPROVE SERVICE PROPOSAL, SERVICES AGREEMENT, AND AMENDMENT TO SERVICES AGREEMENT FOR ATHENAONE ESSENTIAL SERVICE FOR ELECTRONIC MEDICAL RECORDS (EMR) SOFTWARE SOLUTION, AND AUTHORIZE CHAIR TO SIGN - NORTH COLORADO HEALTH ALLIANCE AND ATHENAHEALTH, INC. WHEREAS, the Board of County Commissioners of Weld County, Colorado, pursuant to Colorado statute and the Weld County Home Rule Charter, is vested with the authority of administering the affairs of Weld County, Colorado, and WHEREAS, the Board has been presented with a Service Proposal, Services Agreement, and an Amendment to the Services Agreement for AthenaOne Essential Service for an Electronic Medical Records (EMR) Software Solution among the County of Weld, State of Colorado, by and through the Board of County Commissioners of Weld County, on behalf of the Department of Public Health and Environment, the North Colorado Health Alliance, and AthenaHealth, Inc., with further terms and conditions being as stated in said proposal, agreement, and amendment, and WHEREAS, after review, the Board deems it advisable to approve said proposal, agreement, and amendment, copies of which are attached hereto and incorporated herein by reference. NOW, THEREFORE, BE IT RESOLVED by the Board of County Commissioners of Weld County, Colorado, that the Service Proposal, Services Agreement, and Amendment to the Services Agreement for AthenaOne Essential Service for an Electronic Medical Records (EMR) Software Solution among the County of Weld, State of Colorado, by and through the Board of County Commissioners of Weld County, on behalf of the Department of Public Health and Environment, the North Colorado Health Alliance, and AthenaHealth, Inc., be, and hereby is, approved. BE IT FURTHER RESOLVED by the Board that the Chair be, and hereby is, authorized to sign said proposal, agreement, and amendment. Cc: HL(TO O I /w /23 2022-3239 HL0054 SERVICE PROPOSAL, SERVICES AGREEMENT, AND AMENDMENT TO SERVICES AGREEMENT FOR ATHENAONE ESSENTIAL SERVICE FOR ELECTRONIC MEDICAL RECORDS (EMR) SOFTWARE SOLUTION - NORTH COLORADO HEALTH ALLIANCE AND ATHENAHEALTH, INC. PAGE 2 The above and foregoing Resolution was, on motion duly made and seconded, adopted by the following vote on the 21st day of November, A.D., 2022. BOARD OF COUNTY COMMISSIONERS WEL COUNTY, COLORADO ATTEST: �j.2J G •aClto•(1 Weld County Clerk to the Board BY: eputy Clerk to the Board APPROVED AS TO FO Date of signature: II/a3 12'1 Scoff K. James, Chair Mike eman, Pro -T erry L. Bu teve Moreno Lori Saine 2022-3239 H L0054 Con+va chotut-1(44-1 Memorandum TO: Scott James, Chair Board of County Commissioners FROM: Gene O'Hara, Interim Executive Director Department of Public Health & Environment DATE: November 14, 2022 SUBJECT: AthenaHealth Service Proposal for Electronic Medical Records For the Board's approval is a Service Proposal between AthenaHealth and the County of Weld on behalf of the Weld County Department of Public Health and Environment (WCDPHE) for the provision of an enterprise Electronic Medical Records (EMR) software solution. This Service Proposal with AthenaHealth, effective upon full execution and extending for a period of four years, will provide WCDPHE with advanced AthenaOne EMR software that will support clinical, medical records, and financial/billing operations. Payments to AthenaHealth will be variable and based on actual Health First (Medicaid) revenues realized as a result of services provided to Health Department patients. Under the umbrella of the North Colorado Health Alliance (NCHA), for many years the Health Department has been given the ability to utilize a full -service, contemporary EMR while sharing the cost of the EMR with Sunrise Community Health, who is also a member of NCHA. Many other local public health agencies do not have this opportunity to partner in such a way that provides significantly reduced EMR costs. Without this collaboration, the Health Department would have to procure and support our own enterprise EMR solution, which would likely be an inferior product, and which would dramatically increase County costs and potentially reduce capabilities and functionalities. This partnership for a shared, high -functioning EMR also increases our ability to efficiently seek financial reimbursement for clinical services we provide from Medicaid, private insurance companies and grants, further reducing the county's costs for our clinical programs in Weld County and enhancing patient continuing and reducing duplicative services for patients that access medical services from both the Health Department and Sunrise. On October 31, 2022, Health Department staff and Assistant Weld County Attorney, Karin McDougal, met with the Board to discuss particular aspects of the AthenaHealth Service Proposal. At that time, Ms. McDougal recommended to the Board that given the low risk posed, Weld County would gain substantial benefits by signing the Service Proposal. I recommend the Board's approval for the Chair to sign the AthenaHealth Service Proposal. 2022-3239 ll /21 Service Proposal i Presented to NORTH COLORADO HEALTH ALLIANCE on behalf of County of Weld DBA Weld County Department of Public Health and Environment Presented by: David Gelman Sales Executive- SMI athenahealth, Inc. dgelman@athenahealth.com Prepared for: County of Weld 1555 N 17th Ave Greeley, CO 80631-9117 Presented on: 11/1/2022 Valid if accepted by: 11/21/2022 Oathenahealth Proposal Number: Q-181912-1 Page 1 of 4 What You Told Us About Your Organization Specialties Served Annual Collections Number of Providers Annual Visit Volume Family Practice $372,495.00 6 7,208 athenaOne athenaOne Essential Service Fee 5,34% of Collections Deposit Deposit $o.00 Onboarding Service Fees and Scope Scope Fees Implementation and Configuration Services Number of Locations Assessed Onsite Training (Person Days) Go -live Support (Person Days) Total Onboarding Service Fees 1 Location(s) o Day(s) o Day(s) $o.00 $o.00 $o.00 Promotions In the event that the Agreement is terminated for any reason prior to the eighteen (18) month anniversary of Client's first Go -Live Date, Client shall pay Athena a $10,000 termination fee, to be invoiced following such termination. For the first 6 months following Client's Go -Live Date, the Service Fee will be o% of Collections (with the first such month being the calendar month of the Go -Live Date). For months 7 through 18 following Client's Go -Live Date, the Service Fee will be Proposal Number Q-181912-1 Page 2 of 4 1. Beginning in month 19 following Client's Go -Live Date and thereafter, the Service Fee will be as set forth above (the "Final Service Fee"). Provided Client (i) executes the Agreement on or before 11/21/2022, (ii) has its first kick-off date within four (4) weeks of the Effective Date, and (iii) has its Go -Live Date within nine (9) months of the Effective Date, the Parties agree that the Onboarding Service Fees set forth above shall be waived. Provided that Client (i) executes the Agreement on or before 11/21/2022; (ii) has its first kick-off date within four (4) weeks of the Effective Date, (iii) has its Go -Live Date within nine (9) months of the Effective Date; and (iv) contracts with Aesto, LLC ("Aesto"), ELLKAY, LLC ("ELLKAY") or Emerge Clinical Solutions, LLC ("Emerge") and each of Aesto, ELLKAY and Emerge, (each a "Preferred Vendor") for data conversion and hosting services, then (1) Athena will cover the costs of data conversion and hosting services from Preferred Vendor for a period of one (1) year following the effective date of Client's services agreement with Preferred Vendor (the "Data Conversion Fees"); provided that, (x) the amount of the Data Conversion Fees that Athena will cover will be limited to the fees for a standard structured data import of key fields and a standard EMR archive (both the standard structured data import and standard EMR archive will be as determined by the agreement between Athena and Preferred Vendor); (y) Athena will not cover additional customizations that may result in payment of additional fees to Preferred Vendor; and (z) the amount of the Data Conversion Fees that Athena will cover will not exceed . Client shall pay Preferred Vendor directly for the Data Conversion Fees, and Athena will issue Client a credit or series of credits applied prospectively to Client's invoices beginning with the first invoice following the Effective Date. Client acknowledges that Emerge is an Athena MDP Partner, and that Athena has an economic interest in clients entering into agreements with MDP Partners. If at any time during the Initial Term Client's Annualized Collections are less than 75% of Client's annual Collections on the Effective Date as set forth in this Proposal (the "Trigger Date"), Client will pay Athena a fee calculated as follows: (i) Client's Annualized Collections in the 12 months immediately preceding the Trigger Date, divided by 12; (ii) multiply the quotient of (i) by the Final Service Fee, and (iii) multiply the product of (ii) by the number of months remaining in the Initial Term. For purposes of this Proposal, "Annualized Collections" refers to Client's Collections in the trailing 12 months preceding the date of any review. The pricing set forth in this Proposal is based on the Stated Client Metrics of all Clients under the MSO Agreement, in the aggregate (the "MSO Metrics"). In the event of a material change in such MSO Metrics, Athena may require Client to agree to additional or alternative terms or pricing. Proposal Number: Q-181912-1 Page 3 of 4 Additional Terms t. By executing this Proposal, each Party agrees and intends that the terms contained in the Agreement, including this Proposal and the applicable Service Description(s), related to the content and manner of a request for access, exchange, or use of electronic health information (as defined at d5 C.F.R. fi t-,1.102), including any and all terms related to fees, reflect the Parties' mutual agreement (in an arms' length transaction xvithout any coercion) and meet the "content" and "manner requested" conditions of the Content and Alanner Exception set forth at 4, C.1'.Ii See the athenaOne Essential Service Description for more information on standard unboarding activities, consulting services and the process to request additional services. 3. Credit: card processing services will require the Client to complete an L:lat.on Merchant Agreement credit application via athenaheallh, and applicable 1lat-on fees for credit card transactions ,-till apply-. 4. Client is solely responsible for obtaining all necessary and appropriate patient consents and acknowledgments prior to utilizing the athenaTelehealth service or submitting claims for payment in connection with athenaTelehealth in accordance with Applicable 1: asv and any applicable payer requirements. Client acl:nott°leclges and agrees that it has all consents, licenses and waivers and has fulfilled all legal obligations that are necessary to participate in the athenaTelehealth beta and to utilize ,athenaTelehealth thereafter. Client acknowledges that then may be legal requirements, limitations, or other restrictions for the rendering of medical care via athenaTelehealth imposed by Applicable I itv or payer contracts. Client is solely responsible for ensuring its compliance, and its providers' compliance, with Applicable Law and all applicable payer requirements related to the provision of Telehealth Services via athenaTelehealth. It Notwithstanding anything to the contrary set tot th in the \greement, the: Amazon Chime technology used by Athena to provide the tithe rra"I'elehealtIt service is nut covered by Athena's Common Security Franaework ("C SF") certified status trorn Hi"1'111 45'. �. Vim will he invoiced and shrill pay the Onboarding Service Fees set forth above in the month alter your initial Go -Live Date. 8. Travel Lind expenses are not included in Ole fees listed above. You will he responsible for pitying all travel and expenses. y. Any work outside of the Onboarding type or scope, including phasing of the product roll -out or switching from Offsite lu Onsite Onboarding, will require a change order and will result in additional fees to. Any additional Onsite Training and/or Onsite Sit -Live Support will be billed at $1,Suo.uo per Person Day; and any additional Ollsite Training and / or Offsite Ciu Live Support will he billed at it t,2ou=uit per Person Day The atthttt i'uel Services covered in this Proposal may be subject to a discount and/or warrants= as described in this Proposal, itdnic.5 are intended tube structured consistent with the discount or warrant( regulator, ife harbor, as applicable, to the federal anlikickback statute set forth in _42 C.F.R. toot.tt,,t2(hj and I gl. respectively. and other applicable laws and regulations. To the extent that the value of any discount or warranty item is known as of the Effective Dale, that discount/warranty value is detailed in this Proposal and in the Additional Services section of the initial sales invoice.' to the extent that the value of any discount or warranty is not known as of the Effective Date, .Athena will provide to Client documentation of the calculation of the value of the liscount,'warrante identifying the specific goods or services purchased tow hick the discount/warranty will he applied at the time the discount/warranty is credited, earned, or redeemed. If the discount includes supplying one or more ;roods or services without charge or at a reduced charge in connection with the purchase of other goods or services. Client represents and warrants that to the extent any goods or services included in the transaction are reimbursed by a Federal health care program (in whole or in part), they are all reimbursed by the same Federal healthcarct pn igram using the s<trne methodology. If applicable, Client must fully and accurately report Che iiiscounliwarranly in its applicable oast reporlts) filed with the 1'.S. Department of Ilealth and Human Services (1111S) or applicable State agency. In addition, Client must provide, upon request of MIS or applicable State agency, information regarding the discount or Warranty in accordance With the safe harbor regulations. Proposal Number: Q-181912-1 Page 4 of 4 Addendum B ATHENA SERVICES AGREEMENT — MANAGED ENTITY Upon execution by Service Organization and the Client specified below and countersignature by an authorized Athena representative, this document will become effective as a binding agreement as of the Effective Date. 1. Defined Terms. The following terms are defined for purposes of this Services Agreement. Capitalized terms not defined in this Addendum B are defined in Addendum C "Terms and Conditions of Athena Services." "Athena" is athenahealth, Inc. and its majority -owned subsidiaries, 311 Arsenal St., Watertown, MA 02472; Tel: 617.402.1000; Fax: 617.402.1099. "Client" is County of Weld DBA Weld County Department of Public Health and Environment (use full legal name) Address: 1555 N. 17th Ave., Greeley, CO 80631 Tel: Fax: Client Tax I.D.: 84-6000813 E-mail: "Effective Date" means the date this document is countersigned by Athena. "Master Agreement° is the MSO Agreement for Athena Services between Athena and Service Organization dated: July 7, 2022 "Party" means Athena or Client (or Service Organization on behalf of Client, as authorized by Client). "Parties" means Athena and Client (or Service Organization on behalf of Client, as authorized by Client). "Service Organization" is NORTH COLORADO HEALTH ALLIANCE (use full legal name) Address: 2930 11TH AVE, Evans, CO 80620 Tel: 970-350-4673 Fax: Tax I.D.: 84-0613289 E-mail: 2. Services Agreement. In addition to the terms of this Addendum B the undersigned Parties will each be bound by the following, all of which are hereby incorporated into this "Services Agreement": • Terms and Conditions of Athena Services attached to the Master Agreement as Addendum C, including Exhibit A, the Third Party Terms, and each applicable Service Description • The Athena "Proposal" #O-181912-1 (must indicate unique identifier) and each Athena Proposal entered into by the Parties after the Effective Date and incorporated herein by reference Accepted and signed on Nov/28, 5022 athenahealth, Inc. By: PrinfiN aolO9b9ailiM7 EST) Title: Director, Finance Accepted and signed on Nov 41, 4022 Service Organization: NORTH COLORADO HEALTH ALI IANCE Q �� By: )'h,anik vW�� Print Name: Mark Wallace Title: Nov 21, 2022 Accepted and signed on NOV,21, 2022 Client County of Weld DBA Weld County Department of Public Health and Environment Scott eL7aotef By: Scott K James (Nov 21, 202212,43 MST) Print Name: SCOtt K James Title: Chairman MSO-FLEX 2021.v1 Addendum B — Page 1 of 1 Section 1. Defined Terms. "Applicable Law" means all federal, state, and local laws and regulations, including those relating to kickbacks, consumer protection, fraud and abuse, confidentiality (including HIPAA), Medicaid, and Medicare, in each case to the extent directly applicable to the respective Party's performance of its obligations under this Services Agreement. "Athena Property" means athenaNet, athenaNet Services, athenaNet Content, Materials, Service Descriptions, Athena's Confidential Information, proprietary methods, templates, spreadsheets, databases and other electronic tools created or owned by Athena, and all data and information in athenaNet that Athena compiles, sorts, integrates, normalizes, analyzes, maps, processes, selectively aggregates or combines with multiple disparate data sources, for comparison, benchmarking or other lawful purposes, as well as improvements, additions, modifications, interfaces, and derivative works prepared from or relating to any of the foregoing, and any and all tangible and intangible works of authorship, copyrights, patents, trademarks, trade secrets and trade dress, and all intellectual property rights in any of the foregoing. For the avoidance of doubt, Client owns Client Data and Client PHI. "athenaNet" means the platforms, including the athenaNet® multi- user platform, made available to Client or its Authorized Users or used to provide athenaNet Services, together with athenaNet Functionality and associated databases. "athenaNet Content" means any data made available by Athena as part of any athenaNet Services and all documents, formats, forms, functions, and screens for organizing or presenting that data. "athenaNet Functionality" means the software functionality of athenaNet that enables system access and use. "athenaNet Services" means the services provided by Athena under this Services Agreement, including access to and use of athenaNet by Client and the provision of athenaNet Content and Materials through athenaNet. "Authorized Users" means those users (a) who are designated by Client in athenaNet and who are (i) employees of Client, or (ii) other individuals, corporations, or entities that are not, and are not affiliated with, competitors of Athena, and have a valid HIPAA business associate agreement or other agreement with Client, and (b) who have been granted access to athenaNet by Client in its exercise of reasonable discretion relating to the receipt of athenaNet Services hereunder by Client, and (c) from whom Client has obtained reasonable assurances that they will comply with the access and use and confidentiality terms in this Services Agreement. "Billable Provider" means a physician or licensed or specially trained non -physician who is credentialed with payers, linked to Client's organization, and performs health services for Client's customers. "Client Data" means all data and information of Client provided by Client or its Authorized Users to Athena, or provided to Athena from third parties at Client's direction, including through athenaNet. Client Data includes Client's Confidential Information but does not include Client PHI. "Client PHI" means PHI that Athena receives from or on behalf of Client or creates on behalf of Client. Use and disclosure of Client PHI is govemed by the terms of Exhibit A. "Collections" means all sums received by Client for any health care items or services furnished by Client to patients if (a) such sums are posted in athenaNet, or (b) if athenaNet Services have been used to schedule such health care or to bill, track, or follow up on such sums. Collections include co -pays, withhold retums, surplus distributions, bonus payments, incentive program payments, revenue sharing, capitation and other managed care payments, cost report settlements, wrap -around payments, and all sums processed using Athena's credit card processing services. Collections do not include payments for Client administrative services not performed using athenaNet or athenaNet Services. Any amounts refunded to Addendum C Terms and Conditions of Athena Services or taken back by any payer during the term of this Services Agreement in regard to sums qualified as Collections during that time will be treated as negative adjustments to Client's Collections in the month in which such refunds or takebacks occur. "Confidential Information" means information that is disclosed by one Party to the other and that the receiving Party knows is confidential to the disclosing Party or that is of such a nature that someone familiar with the type of business of the disclosing Party would reasonably understand is confidential to it. Confidential Information includes financial and other business information of either Party. With respect to Athena, Confidential Information includes Athena Property and the terms of this Services Agreement, and in each case, any visual reproduction thereof. Notwithstanding the foregoing, Confidential Information does not include PHI or information that the receiving Party can demonstrate: (a) is in the public domain or is generally publicly known through no improper action or inaction by the receiving Party; (b) was rightfully in the receiving Party's possession or known by it prior to receipt from the disclosing Party; (c) is rightfully disclosed without restriction to the receiving Party by a third party without violation of obligation to the disclosing Party; or (d) is independently developed for the receiving Party by third parties without use of the Confidential Information of the disclosing Party. "Force Majeure Event" means, with respect to a Party, any event or circumstance, whether or not foreseeable, that was not caused by that Party and any consequences of that event or circumstance. "Go -Live Date" has the meaning set forth in the applicable Service Description. "HIPAA" means the Health Insurance Portability and Accountability Act of 1996 and associated regulations, as may be amended from time to time. "Materials" means all instructions, manuals, specifications, and training Athena provides in connection with any athenaNet Services. "Notice" is defined in Section 13 of this Services Agreement. "PHI" means "protected health information" as that tern is used under HIPAA. "Privacy Rule" means the privacy standards in 45 C.F.R. Part 160 and Part 164, subparts A and E. "Security Rule" means the Security Standards in 45 C.F.R. Part 160 and Part 164, subparts A and C. "Service Description" means each document periodically updated by Athena that contains a description of athenaNet Services. "Third Party Items" means the third party products and services accessible through athenaNet. "Third Party Terms" means the pass -through terms and conditions set forth at http://www.athenahealth.com/tpt applicable to Client's access to and use of certain Third Party Items. Section 2. Athena Services and Payment. (a) Client represents to Athena on a continuing basis that Service Organization, whether in whole or in part, owns or acts as management services provider to it and is authorized generally to bargain and arrange for services under this Services Agreement on its behalf. (b) For the term of this Services Agreement, Client appoints Service Organization as its sole and exclusive agent to (i) give and receive Notices required or allowed under this Services Agreement; (ii) to administer and amend this Services Agreement on its behalf; and (iii) to receive and pay invoices from Athena on its behalf as set forth herein. (c) For the term of this Services Agreement, Client appoints Service Organization as an agent to (i) give all instructions to Athena and provide Athena with all information on its behalf in connection with athenaNet Services; (ii) accept, approve, and utilize all athenaNet Services on its behalf; and (iii) access and use athenaNet on its behalf as its agent under this Services Agreement. (d) Client authorizes Service Organization to designate Authorized Users under this Services Agreement and authorizes and directs MSO-FLEX 2021.v1 Addendum C — Page 1 of 5 Addendum C Terms and Conditions of Athena Services Athena to communicate information in connection with this Services Agreement to Service Organization as fully as if Service Organization was Client itself. (e) Athena shall provide athenaNet Services as described in each applicable Service Description. The Parties shall perform their respective obligations as set forth in this Services Agreement. (f) Athena will send all invoices to Service Organization for payment by it under the Master Agreement. If Service Organization does not make timely payment under the Master Agreement of invoices properly due, Athena may provide Notice to Client, and Client will pay such invoices promptly. (g) Service Organization (or Client if Service Organization fails to pay) shall pay Athena the fees and expenses as set forth in this Services Agreement. Athena may impose a late charge equal to the lesser of (i) 1'A%, or (ii) the highest rate permitted by Applicable Law, each month on all amounts overdue beyond 10 days, but this charge will not waive or extend any obligation of Service Organization or Client to make payments when due. (h) If Athena is required by Applicable Law, legal process, or government action to produce information or personnel as witnesses with respect to the athenaNet Services or this Agreement, Client shall reimburse Athena for any professional time, fees, and expenses (including reasonable external and intemal legal costs) incurred to respond to the request, unless Athena is a party to the proceeding or the subject of the investigation. Section 3. Term and Termination. (a) This Services Agreement will have a term of one year from the Effective Date and will automatically extend for additional consecutive one-year terms unless terminated as set forth below. (b) Either Party may terminate this Services Agreement or any athenaNet Services at any time, with or without cause, by providing the other Party with no less than 90 days' Notice. (c) Either Party may terminate this Services Agreement effective upon Notice to the other Party if (i) the other Party defaults in performance of any material provision of this Services Agreement and such default is not cured within 30 days following Notice describing the specific default (10 days in the event of failure to pay amounts owed); (ii) the other Party violates Applicable Law; (iii) the other Party files a voluntary petition in bankruptcy or an involuntary petition is filed against it; (iv) the other Party is adjudged bankrupt; (v) a court assumes jurisdiction of the assets of the other Party under a federal reorganization act or other statute; (vi) a trustee or receiver is appointed by a court for all or a substantial portion of the assets of the other Party; (vii) the other Party becomes insolvent, suspends business or ceases to conduct its business in the ordinary course; or (viii) the other Party makes an assignment of its assets for the benefit of its creditors. Termination of this Services Agreement by Athena for Service Organization or Client's failure to pay amounts owed will not constitute irreparable harm to Client. (d) Athena may terminate this Services Agreement for cause effective upon Notice if Client (i) violates any System and Service Access and Use provision in Section 4 herein or (ii) has breached or breaches the warranty in Section 8(b)(iv) herein. (e) Notwithstanding anything to the contrary set forth in this Services Agreement, beginning on or around the 15 -month anniversary of Client's first Go -Live Date and no more frequently than every 24 months thereafter (each such date, a "Review Date"), Athena may review Client's information actually recorded in athenaNet (such actual data/information on any Review Date, the "Actual Client Metrics") against any Client information set forth in this Services Agreement, including, but not limited to, Client size, type, specialty, configuration, annual volume of Client claims or visits, annual Collections, or payer mix (any such Client information, "Stated Client Metrics"). If, upon such review, Athena determines that any of the Stated Client Metrics is materially inaccurate, incomplete, or varies by at least 15% from the Actual Client Metrics, Athena may require Service Organization and/or Client to agree to additional or alternative terms or pricing; provided, that if the Parties cannot reach mutual agreement after good faith discussion as to such alternative terms or pricing, either Party may terminate this Services Agreement upon 30 days' Notice to the other Party. (f) Client may terminate this Services Agreement upon 15 days' Notice to Athena if any revision by Athena of a Service Description materially and adversely affects the athenaNet Service that it receives, provided that such Notice must be provided within 60 days after Client is first informed of such revision. (g) Upon termination of this Services Agreement or any athenaNet Service for any reason, Service Organization (or Client if Service Organization fails to pay) shall pay to Athena all amounts due hereunder for all services rendered through the date of termination in accordance with the terms of the Master Agreement. Section 4. System and Service Access and Use. (a) Client's access to athenaNet is provided by Athena solely to facilitate Client's access to athenaNet Services. Subject to compliance with the terms and conditions of this Services Agreement, Athena grants to Client and its Authorized Users a right to access and use athenaNet on a limited, non-exclusive, non- transferable basis only during the term of this Services Agreement. Client shall access athenaNet only (i) through its Authorized Users acting within the scope of their service for Client; (ii) on Athena's servers or as otherwise authorized by Athena; (iii) for the internal use of Client; and (iv) from and within the United States. If Client is live on the athenaCollector Service, Client shall not use, directly or indirectly, any patient service -related billing system or method other than athenaNet and the athenaNet Services, including cash billing systems, unless Client (A) uses a different tax identification number for claims submitted through a different billing system, or (B) agrees to use Athena's mixed remittance process with respect to such claims. (b) Client shall ensure that each Authorized User complies with the terms of this Services Agreement as well as Applicable Law. Client shall terminate any Authorized User's access to athenaNet (i) when such person no longer meets the definition of "Authorized User;" (ii) if conduct by such Authorized User breaches any term of this Services Agreement; or (iii) upon such Authorized User's indictment, arrest, or conviction of any crime related to claims or other transactions, financial relationships, or financial dealings in connection with health care, and Client shall immediately inform Athena of any such indictment, arrest, or conviction.. Client is responsible for all acts and omissions of any Authorized User in connection with such Authorized User's access and use of athenaNet. Athena may restrict, suspend, or terminate an Authorized User's access to athenaNet if Athena determines in its reasonable discretion that such access has an adverse effect on Athena or any of its Clients. (c) Client shall require Authorized Users to protect their passwords and log in credentials. Client is responsible for any use of data, information, or services obtained through athenaNet by Authorized Users. Except as expressly permitted under this Services Agreement, Client shall not and shall cause its Authorized Users not to: (i) access or use Athena Property in connection with the provision of any services to third parties; (ii) resell, rent, license, lease, provide service bureau or timeshare services, transfer, encumber, copy, distribute, publish, exhibit, transmit, or otherwise make available to any third party any Athena Property; (iii) derive specifications from, reverse engineer, reverse compile, disassemble, translate, record, or create derivative works based on Athena Property; (iv) use Athena Property in a manner that delays, impairs, or interferes with system functionality for others or that compromises the security or integrity of any data, equipment, software, or system input or output, including but not limited to introduction of any viruses or malware into athenaNet; (v) enter data in athenaNet that is threatening, harmful, lewd, offensive, defamatory, or that injures or infringes the rights of others; (vi) apply systems to extract or modify information in athenaNet using MSO-FLEX 2021.v1 Addendum C — Page 2 of 5 Addendum C Terms and Conditions of Athena Services technology or methods such as those commonly referred to as "web scraping," "data scraping," or "screen scraping"; (vii) use Athena Property or any part or aspect thereof for any unlawful purpose or to mislead or harass anyone; or (viii) use Athena Property except as specifically permitted under this Services Agreement. Use of or access to Athena Property not in accordance with the terms of this Services Agreement is strictly prohibited. Any violation of this Section 4 will cause Athena irreparable and immediate harm, and Athena is entitled to injunctive relief to prevent such violation. Section 5. Confidential Information. Each Party shall exercise reasonable care to hold Confidential Information in confidence and not use it or disclose it to any other person or entity, except (a) as permitted under this Services Agreement or as reasonably necessary for the performance or enforcement of this Services Agreement; (b) as agreed in writing by the other Party; (c) for the Party's proper management and administration (provided that it obtains reasonable assurances from all recipients that they will keep the information confidential and use it only for the purpose of its disclosure; and provided further that it is responsible for all acts and omissions of any such recipient in violation of this Section 5); or (d) as required by law. Any violation of this Section 5 may cause the non -violating Party irreparable and immediate harm, and such Party is entitled to injunctive relief to prevent such violation. Section 6. Usage and Ownership. Except for the right to use Athena Property subject to the terms and conditions contained herein, this Services Agreement does not confer on Client a license in, ownership of, or interest in Athena Property. Athena developed or acquired Athena Property exclusively at its private expense. As between the Parties, Athena Property and all right, title, and interest in and toto it is and will remain the exclusive property of Athena. Any ideas, advice, recommendations, suggestions, enhancement requests, feedback or proposals provided by or on behalf of Client or its personnel to Athena related to Athena Property ("Feedback"), (a) is given to Athena without claim of intellectual property right by Client, (b) by its receipt grants Athena a royalty free, worldwide, transferable, sub -licensable, irrevocable, perpetual license to commercialize, use and incorporate such Feedback into its software, services or systems or use as it otherwise deems necessary or desirable in its business, and (c) will not enable Client to claim any interest in or ownership of Athena Property. As between Athena and Client, Client retains all right, title and ownership interest in and to Client Data. Client hereby grants to Athena a fully - paid up, worldwide, sub -licensable, perpetual, right and license to Client Data for the purpose of creating Athena Property. Section 7. Compliance. (a) Each Party shall comply with Applicable Law. Client is solely responsible for compliance with all legal and regulatory requirements with respect to Client's use of athenaNet and athenaNet Services. (b) The Parties agree that (i) any fees charged or amounts paid hereunder are not intended to be an inducement or payment, either directly or indirectly, for the referral of patients or furnishing of other healthcare services to Client or any third party, and (ii) neither Party will enter into any agreements, or otherwise make any inducements or payments, either directly or indirectly, for the purpose of referring patients or furnishing other healthcare services to Client or any third party. (c) The Parties shall each separately maintain effective compliance programs consistent with the relevant compliance guidelines set forth by the Office of the Inspector General of the Department of Health and Human Services. The Parties shall cooperate with each other to provide prompt, accurate, and full responses to any material inquiry or concern of either Party related to compliance and to any reasonable request by either Party for clarification, documentation, or further information concerning Client billing or Client's provision of, or referrals related to, health services for its patients. (d) Client agrees that (i) no payment to or receivable of Client or any Billable Provider is or will be assigned to Athena, and Athena is not and will not be deemed to be the beneficiary of any such payment or receivable, and all such payments and receivables (including, but not limited to, checks and electronic fund transfers) will be payable to and will remain the property of Client or the Billable Provider; (ii) Athena will not endorse or sign any check or instrument; (iii) any lockbox or other account into which Client payments or receivables are properly deposited will remain in the name of, and under the sole ownership and control of, Client or the Billable Provider; (iv) Athena will not be a signatory on or have any power to transfer or withdraw from any account into which Client or Billable Provider payments or receivables from any federally funded program are properly deposited; and (v) in the event funds are deposited in error to Client's lockbox or other Client account, Client shall promptly repay an amount equal to such deposited amount as directed by Athena. (e) Client shall verify and is solely responsible for the accuracy, completeness, and appropriateness of all information entered into or selected in athenaNet or the Third Party Items by it and its Authorized Users. The professional duty to treat the patient lies solely with Client and use of information contained in or entered into athenaNet or provided through athenaNet Services in no way replaces or substitutes for the professional judgment or skill of Client. Client is responsible and liable for the treatment of patients whom Client and its personnel treat in the course of accessing or using athenaNet Services, including responsibility for personal injury or loss of life. Client represents and warrants to Athena that (i) all data it provides to Athena or that it selects in athenaNet, including, but not limited to, codes and practitioner identifiers, are accurate and in conformity with all legal requirements; (ii) its medical records appropriately support all codes that it enters, selects, or approves; (iii) it and its personnel are duly authorized to enter and access such data; and (iv) Athena is duly authorized to receive, use, and disclose such data subject to the terms of this Services Agreement. Athena is not a health plan or healthcare provider, and it cannot and does not independently review or verify the medical accuracy or completeness of the medical information entered into, or made available to it in, athenaNet. Use of and access to athenaNet Services, including, but not limited to, clinical information in athenaNet, is at the sole risk and responsibility of Client, Authorized Users, and any practitioner or health care provider or facility using data provided by Athena as part of athenaNet Services. Athena will not be liable for any action or inaction of Client which may give rise to liability under the federal False Claims Act or any state version thereof. Section 8. Warranties and Limitations. (a) Athena warrants to Client that, to Athena's knowledge, athenaNet Functionality, when used properly and as expressly authorized by Athena, does not infringe any valid patent, registered copyright, or other registered intellectual property right under the laws of the United States, provided that Athena makes no warranty to the extent that such infringement results from (i) use or access of athenaNet by Client in combination with any data, software, or equipment provided by Client or any third party that could have been avoided by use or access of athenaNet without such data, software, or equipment, or (ii) any breach of an agreement by, or any negligent or other wrongful actor omission of, Client or any party acting on behalf of Client. (b) Each Party represents and warrants to the other Party that (i) it has the requisite corporate power and authority to execute and perform its obligations under this Services Agreement; (ii) the person executing this Services Agreement on its behalf has the authority to bind it hereunder and that such Party's execution of this Services Agreement is not in violation of such Party's bylaws, certificate of incorporation or other comparable document; (iii) the execution, delivery, or performance of this Services Agreement will not violate or conflict with, require consent under, or result in any breach or default of (A) Applicable Law, or (B) any covenants or agreements by which such Party or any of its assets are bound; and MSO-FLEX 2021.v1 Addendum C — Page 3 of 5 program. (c) Client represents, warrants, and covenants to Athena that (i) it and its Billable Providers are, and will be, duly licensed and authorized to provide and bill for the health services they render; and (ii) all athenaNet local rule requests, technical requests, or other requests, waivers, or directives by or on behalf of Client are and shall remain compliant with Applicable Law and all applicable payer requirements. Client agrees that it has not relied on any representations, warranties, or statements of fact not specifically included in this Services Agreement, and shall not assert, and shall cause its affiliates and personnel not to assert, any claim against Athena with respect to its or their reliance on any representations, warranties or statements of fact not specifically included in this Services Agreement. (d) Except as expressly provided herein, Athena disclaims all representations and warranties of any kind or nature, express or implied (either in fact or by operation of law), with respect to any service or item provided hereunder. Except as expressly provided herein, Athena Property is provided "as is." Athena does not warrant that Athena Property will be error -free or will be provided (or available) without interruption or meet Client's business or operational needs. (e) No claim against Athena of any kind under any circumstances may be asserted or filed more than one year after Client knows, or in the exercise of reasonable care could know, of any circumstances, whether by act or omission, that may give rise to such claim. (f) The remedy of a credit with respect to any "Minimum Service Commitment" described in the applicable Service Description will be the sole and exclusive remedy for the acts or omissions of Athena relating to the performance of that Minimum Service Commitment. Notwithstanding any provision in this Services Agreement to the contrary, the combined aggregate credit remedy with respect to all Minimum Service Commitments on account of any month is limited to a maximum of 20% of Client's monthly service fee for that month. (g) Athena's cumulative, aggregate liability in connection with or arising in any way or in any degree from this Services Agreement, from athenaNet Services, or otherwise from the acts or omissions of Athena will not exceed the total amount paid by Service Organization on behalf of Client and/or paid by Client (cumulatively and in the aggregate) to Athena in the 12 months before such claim arose. Notwithstanding the foregoing, if damages are measured by the cost of medical services provided or the dollar value of claims submitted, Athena's liability for such damages will not exceed the service fees attributable to such services or claims. Athena will not be liable for any failure to provide services, content, or functionality with respect to any claim, statement, or transaction that Athena believes in good faith arises from, in connection with, or contains inaccurate, misleading, or otherwise improper information. Notwithstanding anything to the contrary, Athena will not be liable for indirect exemplary, punitive, special, incidental, or consequential damages or losses; additional overhead and payroll; lost profits or business opportunities; loss of data; or the cost of procurement of substitute items or services. Client hereby acknowledges that the remedies set forth above are reasonable and will not fail of their essential purpose. Section 9. Third -Party Items. As applicable in connection with athenaNet Services, Athena hereby grants to Client and its Authorized Users a limited, non-exclusive, non -transferable, non - licensable right to access and use the Third Party Items through athenaNet during the term of this Services Agreement. Athena may modify the Third Party Terms in the event Athena adds or replaces Addendum C Terms and Conditions of Athena Services (iv) neither it nor any of its personnel to its knowledge (A) has been Third Party Items or as required in connection with changes to the convicted of any crime arising from claims or other transactions, applicable third party agreements for the Third Party Items. Athena financial relationships, or financial dealings in connection with health agrees to use commercially reasonable efforts to post the current care, or (B) has been excluded from any federal or state health care Third Party Terms on athenaNet and notify Client through an alert on athenaNet when Athena has posted revised Third Party Terms. The Third Party Items will not be deemed part of Athena Property. All rights granted in this Section 9 are solely for Client and its Authorized Users' use in connection with athenaNet Services and will terminate on the earlier of expiration or termination of (a) this Services Agreement or (b) the applicable agreement between Athena and the licensor of the Third Party Items. Section 10. Force Majeure. (a) If a Force Majeure Event prevents a Party from complying with any one or more obligations under this Services Agreement, that inability to comply will not constitute breach if (i) that Party uses reasonable efforts to perform those obligations; (ii) that Party's inability to perform those obligations is not due to its failure to (A) take reasonable measures to protect itself against events or circumstances of the same type as that Force Majeure Event, or (B) develop and maintain a reasonable contingency plan to respond to events or circumstances of the same type as that Force Majeure Event; and (iii) that Party complies with its obligations under Section 1O21. (b) During a Force Majeure Event, the noncomplying Party shall use reasonable efforts to limit damages to the other Party and to resume its performance under this Services Agreement. Section 11. Mediation. The Parties shall submit any and all disputes, claims, controversies, or actions based upon, arising out of or relating in any way to this Services Agreement or any athenaNet Services, including any question regarding the negotiation, execution or performance of this Services Agreement and any conduct related to or arising out of this Services Agreement following termination hereof (each a "Dispute") in the first instance to JAMS, or its successor, for non -binding mediation in Boston, Massachusetts. Either Party may commence mediation by providing to JAMS and the other Party a written request for mediation, which must set forth the subject of the Dispute, the relief requested, and the factual and legal bases for such relief. The Parties shall cooperate with JAMS and with one another in selecting a mediator from the JAMS panel of neutrals and in scheduling the mediation proceedings. The Parties shall participate in the mediation in good faith and equally share the costs of the mediation. If the Dispute is not resolved through mediation, the Party seeking relief may pursue all remedies available at law, subject to the terms of this Services Agreement. Notwithstanding this Section 11, either Party may (a) terminate this Services Agreement according to its terms or (b) seek injunctive relief. Section 12. Choice of Law; Forum. This Services Agreement and any Dispute, including any conduct related to this Services Agreement following termination hereof will be governed exclusively by, construed and enforced in accordance with the laws of the State of Delaware, without regard to its conflicts of laws principles. The applicable Federal District Court for the state in which the Party named as Defendant has its principal place of business (with respect to Athena, the Commonwealth of Massachusetts) will be the exclusive venue for any resolution of any Dispute. If such Federal District Court does not have subject matter jurisdiction, the courts of the same state in which such Federal District Court is located shall be the exclusive venue for any resolution of any Dispute. The Parties hereby submit to and consent irrevocably to the jurisdiction of such courts for these purposes. The Parties hereby irrevocably waive any and all right to trial by jury in any legal proceeding arising out of any Dispute. Section 13. Notice. Notice under this Services Agreement means written notification addressed to the individual signing this Services Agreement at the address listed in this Services Agreement, with a copy to the notified Party's legal department that is (a) delivered by hand; (b) sent by traceable nationwide parcel delivery service, overnight or next business day service; or (c) sent by certified United States mail. Properly mailed Notice will be deemed given 3 days after the date of mailing, and other Notice will be deemed MSO-FLEX 2021.v1 Addendum C — Page 4 of 5 Addendum C Terms and Conditions of Athena Services made when received. A Party may change its address for notice purposes by providing Notice of such change to the other Party. Section 14. Certified athenaNet Services. (a) Notwithstanding anything to the contrary in this Services Agreement, Client may make a communication for any of the following purposes about (i) the usability of Certified athenaNet Services, (ii) the interoperability of the Certified athenaNet Services, (iii) the security of the Certified athenaNet Services, (iv) relevant information regarding users' experience with the Certified athenaNet Services, (v) Athena's business practices related to exchanging electronic health information (as defined at 45 C.F.R. § 171.102), or (vi) the manner in which a user of the Certified athenaNet Services has used the technology: (A) making a disclosure required by law; (B) communicating information about adverse events, hazards, and other unsafe conditions to government agencies, health care accreditation organizations, and patient safety organizations; (C) communicating information about cybersecurity threats and incidents to government agencies; (D) communicating information about information blocking and other unlawful practices to government agencies; or (E) communicating information about Athena's failure to comply with a Condition of Certification requirement or other requirement of 45 C.F.R. Part 170 to the Office of the National Coordinator for Health IT ("ONC") or an ONC-Authorized Certification Body ("ONC ACB"). (b) Client shall not disclose Athena Confidential Information about non -user facing aspects of Certified athenaNet Services. Client shall not disclose Athena Property or a third party's intellectual property existing in Certified athenaNet Services, except that Client may publicly display a portion of Certified athenaNet Services that is subject to copyright protection where such display would reasonably constitute "fair use" of Certified athenaNet Services, as provided by 45 C.F.R. § 170.403(a)(2)(ii)(C), and the display concerns one or more of the six subject areas set forth in Section 14(a). (c) If Client discloses a screenshot or video of Certified athenaNet Services which contains Athena Confidential Information, Client shall (i) not alter the screenshots or video, except to annotate the screenshots or video or resize the screenshots or video; (ii) limit the sharing of screenshots to the relevant number of screenshots needed to communicate about Certified athenaNet Services regarding one or more of the six subject areas set forth in Section 14(a); and (iii) limit the sharing of video to (A) the relevant amount of video needed to communicate about Certified athenaNet Services regarding one or more of the six subject areas set forth in Section 14(a), and (B) only videos that address temporal matters that cannot be communicated through screenshots or other forms of communication. For the avoidance of doubt, this Services Agreement shall not be construed to prohibit or restrict any communication in a manner that violates the Condition of Certification set forth at 45 C.F.R. 170.403(a). For purposes of this Section 14, "Certified athenaNet Services" means athenaClinicals or athenaClinicals for Hospitals and Health Systems, as applicable, and associated workflows certified to ONC or an ONC-ACB as part of the ONC Health IT Certification Program. Section 15. Miscellaneous. This Services Agreement constitutes the entire agreement between the Parties relating to athenaNet Services and supersedes all prior agreements, understandings, and representations relating to athenaNet Services. Except as otherwise provided herein, no change to this Services Agreement will be effective or binding unless signed by Client and a duly authorized representative of Athena. Neither Party may assign this Services Agreement or any right under this Services Agreement, in each case by operation of law or otherwise, except as otherwise permitted hereunder without the prior written consent of the other Party, and any attempt to assign this Services Agreement or any right under this Services Agreement in breach of the provisions of this Section 15 shall be null and void. The foregoing notwithstanding, either Party may assign this Services Agreement upon Notice to the other Party in connection with (a) any reorganization, conversion, consolidation or merger of such Party, (b) any transaction resulting in the holders (together with their affiliates) of a majority of the voting securities, membership interest or right to appoint a majority of the members of the board of directors or similar governing body of such Party as of immediately prior to such transaction, holding less than such a majority as of immediately after such transaction, or (c) any sale, transfer or exclusive license of all or a majority of the assets of such Party that are pertinent to this Services Agreement or, in each case of (a) through (c) whether consummated in one transaction or a series of related transactions. For the avoidance of doubt, the assigning Party and the assignee will remain liable jointly and severally for any unperformed obligations under this Services Agreement or any breach hereof arising prior to the effective date of any assignment of this Services Agreement. This Services Agreement is binding on the Parties and their successors and permitted assigns. The Parties agree that they will not take any action that aims to invalidate this Agreement or seeks to prohibit the other Party from realizing the benefits of the provisions herein relating to the dispute resolution, choice of law, forum, or liability limitations. The Parties intend that nothing contained in this Services Agreement be construed to create a joint venture, partnership, or like relationship between the Parties, and their relationship is and will remain that of independent Parties to a contractual service relationship. Neither Party will be liable for the debts or obligations of the other Party. Client will obtain Athena's consent before using Athena's name, trademarks, or logo in any manner. Except as explicitly set forth herein, none of the provisions of this Services Agreement will be for the benefit of or enforceable by any third party. Section titles are for convenience only and will not affect the meaning of this Services Agreement. When used in this Services Agreement, "including" means "including without limitation." No failure by a Party to insist upon the strict performance of any term or condition of this Services Agreement or to exercise any right or remedy hereunder will constitute a waiver. Despite the possibility that one Party or its representatives may have prepared the initial draft of this Services Agreement or any provision hereof or played a greater role in the preparation of subsequent drafts, neither Party shall be deemed the drafter of this Services Agreement and no provision hereof shall be construed in favor of one Party on the ground that such provision was drafted by the other. Client shall not join or consolidate claims by other clients or pursue any claim as a representative or class action or in a private attorney general capacity. In connection with athenaNet Services, a copy of a signed document sent by PDF or telephone fax will be deemed an original in the hands of the recipient. If any term or provision of this Services Agreement is invalid, illegal, or unenforceable, such invalidity, illegality, or unenforceability will not affect any other term or provision of this Services Agreement or invalidate or render unenforceable such other term or provision. This Services Agreement may be executed in counterparts and exchanged by electronic means, each of which shall be deemed an original, and both of which together constitute only one agreement between the Parties. The following Sections of this Services Agreement will survive termination and continue in force: Sections 1, 2(g) -(h), 1(5), 5, 6, 7(d)(v), 8(c) -(q), and 11 through 15. MSO-FLEX 2021.v1 Addendum C — Page 5 of 5 Exhibit A to Athena Services Agreement Business Associate Agreement Article 1 - Definitions. Capitalized terms used but not defined herein have the meaning attributed to them (i) in the Services Agreement; or (ii) under HIPAA. In the event of a conflict, the definition under HIPAA controls. "HITECH Act" means the Health Information Technology for Economic and Clinical Health Act of 2009, as may be amended from time to time. "Unsuccessful Security Incident" means activities such as pings and other broadcast attacks on firewalls, port scans, unsuccessful log -on attempts, denials of service, and any combination of the foregoing, so long as no such incident results in unauthorized access, use, disclosure, modification, or destruction of Client PHI. Article 2 -Athena's Duties. Athena shall: (a) not Use or Disclose Client PHI except (i) as required or permitted by Applicable Law; (ii) as permitted under the terms of the Services Agreement or as otherwise authorized by Client; or (iii) as incidental under HIPAA to another permitted Use or Disclosure; (b) use reasonable and appropriate safeguards designed to prevent Use or Disclosure of Client PHI other than as provided in the Services Agreement, and implement administrative, physical, and technical standards in accordance with the Security Rule designed to protect the confidentiality, integrity, and availability of Client PHI; (c) mitigate, to the extent practicable, any harmful effect of a Use or Disclosure of Client PHI by Athena that is known to Athena to violate the requirements of the Services Agreement; (d) limit its request for Client PHI to the minimum amount necessary to accomplish the intended purpose of requests for, and Uses and Disclosures of, Client PHI in accordance with 45 C.F.R. §164.502(b); (e) report to Client to the extent required by HIPAA and the HITECH Act any known Use or Disclosure of Client PHI by Athena in violation of the Services Agreement resulting in a Breach of Unsecured PHI. Such notification shall be made without unreasonable delay following the date of discovery to enable Client to comply with the Breach disclosure requirements under the HITECH Act Athena shall include within such notice identification, to the extent possible, of each Individual whose Unsecured PHI has been, or is reasonably believed by Athena to have been, accessed, used, or disclosed through the Breach and any other valuable information known to Athena that Client is required to include in its notice to affected Individuals; (f) report to Client any Security Incident with respect to Client PHI as required by HIPAA and the HITECH Act. This Article 2(f) constitutes notice by Athena to Client of the ongoing existence, occurrence, or attempts of Unsuccessful Security Incidents, for which no additional notice to Client is required; (g) require any agent, including a subcontractor, under the Services Agreement that creates, receives, maintains, or transmits Client PHI on behalf of Athena to agree in writing to substantially the same restrictions and conditions with respect to Client PHI that apply through this Exhibit A to Athena with respect to such PHI; (h) at the request of Client, provide access to Client PHI in a Designated Record Set to Client or, as properly directed by Client, to an Individual in order to meet the requirements under 45 C.F.R. §164.524; (i) at the request of Client, make any amendment to Client PHI in a Designated Record Set that Client properly directs or agrees to pursuant to 45 C.F.R. §164.526; (j) maintain and make available the information required to provide an Accounting of Disclosures to Client (or an Individual, as applicable) as necessary to satisfy Client's obligations under 45 C.F.R. §164.528; (k) make its internal practices, books, and records relating to the Use and Disclosure of Client PHI available to the Secretary of Health and Human Services for purposes of the Secretary's determination of Client's compliance with HIPAA requirements; and (I) to the extent that Athena agrees to carry out any Client obligation(s) under the Privacy Rule, comply with the requirements of the Privacy Rule that apply to Client in the performance of such obligation(s). Article 3 - Client's Duties. Client shall: (a) not request, direct, or cause Athena to Use or Disclose PHI unless such Use or Disclosure is in compliance with Applicable Law relating to the privacy and security of patient data and is the minimum amount necessary for the legitimate purpose of such Use or Disclosure; (b) notify Athena of any limitation in its notice of privacy practices in accordance with 45 C.F.R. §164.520, to the extent that such limitation may affect Athena's Use or Disclosure of Client PHI; (c) notify Athena of any changes in, or revocation of permission by, an Individual to Use or Disclose Client PHI, to the extent that such changes may affect Athena's Use or Disclosure of Client PHI; and (d) notify Athena of any restriction on the Use or Disclosure of Client PHI that Client has agreed to in accordance with 45 C.F.R. §164.522, to the extent that such restriction may affect Athena's Use or Disclosure of Client PHI. Article 4 - Business Associate Permitted Purposes. (a) Athena's Use and Disclosure of Client PHI is permitted for the following purposes: (i) to provide athenaNet Services (including receipt from and disclosure to payers, patients, vendors, and others in order to provide athenaNet Services); (ii) for Payment, Health Care Operations, and Treatment (including testing and set up of electronic linkages for Payment transactions); (iii) as requested by Client or an authorized governmental agent for the public health activities and purposes set forth at 45 C.F.R. § 164.512(b); (iv) to provide data aggregation services as permitted by 45 C.F.R. §164.504(e)(2)(i)(B); and (v) to de -identify Client PHI in accordance with 45 C.F.R. §164.514(b), and use or disclose such de -identified information as permitted by Applicable Law. All de -identified information created by Athena in compliance with the Services Agreement will belong exclusively to Athena, provided that Client will not hereby be prevented from itself creating and using its own de -identified information. (b) Athena may Use Client PHI to carry out its legal responsibilities or for its proper management and administration, including making and maintaining reasonable business records of transactions in which Athena has participated or athenaNet has been used (including back-up documentation). (c) Athena may Disclose Client PHI to carry out its legal responsibilities or for its proper management and administration; provided that (i) such disclosures are required by Applicable Law; or (ii) Athena obtains prior written reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by Applicable Law or for the purpose(s) for which it was disclosed to the person, and the person notifies Athena of any instances of which it is aware in which the confidentiality of the information has been breached in accordance with the breach notification requirements of this Exhibit A. Article 5 - Business Associate Termination. Upon termination of the Services Agreement, to the extent feasible, Athena shall return or destroy, or, to the extent return or destruction is infeasible, continue to extend protections to and limit the use and disclosure of, Client PHI to the extent required by and in accordance with 45 C.F.R. §164.504(e)(2)(ii)(J). It is not feasible in light of reasonable business requirements, regulatory compliance requirements, and the rights and obligations under the Services Agreement for Athena to return or destroy its business records and transaction databases, including, but not limited to, databases that reflect the use of athenaNet and information that Client or Athena has entered in athenaNet in the course of the Services Agreement to enable or perform athenaNet Services. Article 6 - Business Associate Default. Any material default by Athena of its obligations under Articles 2 through 4 will be deemed a default of a material provision of the Services Agreement, and, if cure of such default and termination of the Services Agreement are not feasible, Client may report the default to the U.S. Secretary of Health and Human Services and shall provide the same information to Athena concurrently, where permitted by Applicable Law. Article 7 -Athena Business Records. Subject to the other requirements and limitations of this Exhibit A, the business records of Athena and all other records, electronic or otherwise, created or maintained by Athena in performance of the Services Agreement will be and remain the property of Athena, even though they may reflect or contain Client PHI. Article 8 — Ownership of Client PHI. As between the Parties, all Client PHI shall at all times be and remain the sole and exclusive property of Client. MSO-FLEX 2021.01 Exhibit A— Page 1 of 1 Amendment to ATHENA SERVICES AGREEMENT - MANAGED ENTITY This Amendment to ATHENA SERVICES AGREEMENT - MANAGED ENTITY (this "Amendment") is entered into by and between athenahealth, Inc., a Delaware corporation with a place of business at 311 Arsenal Street, Watertown, MA 02472 ("Athena") and NORTH COLORADO HEALTH ALLIANCE ("Service Organization") (Athena and Service Organization collectively referred to as the "Parties"). WHEREAS, the Parties have entered into an ATHENA SERVICES AGREEMENT - MANAGED ENTITY (the "Services Agreement") and desire to amend the Services Agreement as set forth below; NOW, THEREFORE, in consideration of the mutual covenants contained herein, the Parties agree as follows: 1. All capitalized terms used but not defined herein shall have the meanings assigned to them in the Services Agreement. 2. For a period of four (4) years from the Amendment Effective Date (the "Contract Lock Period"), neither Party shall exercise its right to terminate the Services Agreement or any athenaNet Service without cause pursuant to Section 3(b) of the Services Agreement. 3. Except as expressly amended or modified herein, the terms of the Services Agreement remain in full force and effect. To the extent of any conflict between the terms of this Amendment and those of the Services Agreement in effect immediately prior to amendment hereby, the terms of this Amendment shall control. This Amendment may be executed and delivered by fax or PDF file and in counterparts, each of which shall be deemed an original and all of which together shall constitute one single agreement between the Parties. [SIGNATURE PAGE FOLLOWS] Page 1 of 2 IN WITNESS WHEREOF, the Parties hereto have executed this Amendment as a sealed instrument to be effective as of the date countersigned by Athena (the "Amendment Effective Date"). ATHENAHEALTH, INC. Service Organization: NORTH COLORADO HEALTH ALLIANCE By. Xiaoxiao Zhao (Nov 28, 202210:07 EST) Name: Xiaoxiao Zhao Title: Director, Finance Date: Nov 28, 2022 By. )h,../' Name: Mark Wallace Title: CEO/CMO Date. Nov 21, 2022 Client County of Weld DBA Weld County Department of Public Health and Environment siGOttc7Gwer Y' Scott K James (Nov 21, 202212:43 MST) Name: Scott K James Title: Chairman Date: Nov 21, 2022 Page 2 of 2 Amendment to Athena Services Agreement — Managed Practice This Amendment to Athena Services Agreement — Managed Practice (this "Amendment") is entered into by and between athenahealth, Inc., a Delaware corporation with a place of business at 311 Arsenal Street, Watertown, MA 02472 ("Athena"), the Service Organization set forth below ("NORTH COLORADO HEALTH ALLIANCE"), and the Client set forth below ("County of Weld DBA Weld County Department of Public Health and Environment") (Athena, Service Organization, and Client are referred to collectively herein as the "Parties"). WHEREAS, the Parties have entered into an Athena Services Agreement — Managed Practice (the "Agreement"); WHEREAS, under the Agreement, Client utilizes athenaNet to enter data and access the athenaNet Services; WHEREAS, Athena differentiates the data associated with, and athenaNet Services it performs for, Client from the data of, and athenaNet Services performed for, other clients by creating divisions within athenaNet known as tablespaces ("Tablespaces"); WHEREAS, the standard configuration for Athena clients' use of the athenaNet Services is for each client to separately operate in one or more Tablespaces to the exclusion of other clients; WHEREAS, it is possible to further subdivide a Tablespace (and data contained therein) into divisions known as provider groups ("Provider Groups") and to restrict certain data so that it is not shared among Provider Groups within a single Tablespace. This functionality in athenaNet is called Enterprise Configuration ("Enterprise Configuration"); WHEREAS, Client desires to operate, along with one or more other Athena client(s), within one or more shared athenaNet Tablespace(s) (the "Shared Tablespace(s)") in a manner that is consistent with Applicable Laws, including, without limitation, HIPAA and the regulations thereunder; and WHEREAS, Athena has agreed to comply with such request, subject to the terms and conditions herein. NOW, THEREFORE, in consideration of the mutual covenants contained herein, the Parties agree as follows: 1. All capitalized terms used but not defined herein shall have the meanings assigned to them in the Agreement. 2. The recitals set forth above constitute an integral part of this Amendment. 3. Client hereby acknowledges and agrees that: a. it shall use, disclose or access PHI and other data within the Shared Tablespace(s) only in a manner that is compliant with all Applicable Laws including, but not limited to, HIPAA and the regulations thereunder; b. it shall only use, disclose or access PHI as permitted by agreement(s) between the Athena client(s) within the Shared Tablespace(s); c. notwithstanding the ability to restrict certain data to a single Provider Group, certain athenaNet settings will apply to all Athena clients in the entire Shared Tablespace and cannot be separated for each client operating therein; 1 d. certain user permissions govern the entire Shared Tablespace, the granting of which will allow certain users access to data of other Athena client(s) within the Shared Tablespace, as well as access to and/or control over user permissions of other Athena client(s) within the Shared Tablespace(s); e. notwithstanding the enabling of Enterprise Configuration, it is infeasible to return or destroy Client's data within the Shared Tablespace, Client's data will permanently remain in the Shared Tablespace following termination of the Agreement; f. it is solely responsible for and will manage athenaNet user access and permissions of its Authorized Users and configuration settings in accordance with agreements with other Athena client(s) in the Shared Tablespace and Applicable Law; g. any clinical data entered into or available from a shared clinical chart ("Chart Group") within the Shared Tablespace(s) will be co -mingled; Athena cannot segregate, and will not be able to segregate in the future, any such co -mingled clinical data within a Chart Group; h. upon termination or expiration of the Agreement, Athena will provide to Client a copy of its data from the Shared Tablespace(s) in accordance with the relevant Service Description and subject to the technical limitations of the Shared Tablespace configuration. If Client elected to share clinical data in a Chart Group with other clients within the Shared Tablespace, Athena will provide Client with a copy of all charts for patients: (i) registered in Client's Provider Groups, and (ii) to which Client contributed documentation in athenaNet; and upon termination or expiration of the Agreement, or other relevant change in the relationship of the Athena clients within the Shared Tablespace of which Athena becomes aware, Athena may elect, in its sole discretion, to provide the athenaNet Services to each client in separate Tablespaces, in which case Athena will: (i) require each client within the Shared Tablespace to be implemented in a new Tablespace, and (ii) after a reasonable wind down period, render the Shared Tablespace inaccessible to Client and all other clients to which the athenaNet Services were provided within the Shared Tablespace. 4. Client represents and warrants on a continuing basis that its use and disclosure of, and access to, PHI and operation within the Shared Tablespace with each client therein is premised upon and in furtherance of the operational integration of Client and each other client within the Shared Tablespace for purposes permitted under the HIPAA Privacy Rule as Treatment, Payment, or permitted Health Care Operations (each as defined under the HIPAA Privacy Rule), and that the Shared Tablespace configuration is appropriate under Applicable Law, including but not limited to HIPAA and all state laws regarding patient privacy and data sharing. 5. Client hereby waives any and all claims and actions against Athena arising from, or in connection with, the Shared Tablespace(s) and shall indemnify, hold harmless, and defend Athena and its officers, directors, employees, agents, affiliates, successors, and permitted assigns (collectively, "Indemnified Party") against any and all losses, damages, liabilities, deficiencies, claims, actions, judgments, settlements, interest, awards, penalties, fines, costs, or expenses of whatever kind, including reasonable attorneys' fees, that are incurred by Indemnified Party (collectively, "Losses") due to, arising from, or in connection with, the Shared Tablespace(s). 6. Except as expressly amended or modified herein, the terms of the Agreement remain in full force and effect. To the extent of any conflict between the terms of this Amendment 2 and those of the Agreement in effect immediately prior to amendment hereby, the terms of this Amendment shall control. This Amendment may be executed and delivered by fax or PDF file and in counterparts, each of which shall be deemed an original and all of which together shall constitute one single agreement between the Parties. IN WITNESS WHEREOF, the Parties hereto have executed this Amendment to be effective as of the date executed by Athena below. ATHENAHEALTH, INC. Service Organization: NORTH COLORADO HEALTH ALLIANCE By: „,„„nThan,Nnv,R,„„,„„„T, �nn�� Name: Xiaoxiao Zhao By: U4"`"" —J Title: Director, Finance Date: Nov 28, 2022 3 Name: Mark Wallace Title: CEO/CMO Date: Nov 21, 2022 Client County of Weld DBA Weld County Department of Public Health and Environment Sott yafrar By: Scott K James (Nov 21, 202212:43 MST) Name: Scott K James Title: Chairman Date: Nov 21, 2022 Contract Form New Contract Reran -es.≥ Entity Name* ATHENAHEALTH INC Entity ID* O00046395 ❑ New Entity? Contract Name* Contract ID ATHENAHEALTH SERVICE PROPOSAL FOR ELECTRONIC 6494 MEDICAL RECORDS Contract Status CTB REVIEW Contract Lead* AGOMEZ Contract Lead Entail agomez@weldgov.com Contract Description* FOUR YEAR SERVICE PROPOSAL WITH ATHENAHEALTH FOR ELECTRONIC MEDICAL RECORD Contract Description 2 Contract Type AGREEMENT Amount. $0.00 Renewable* NO Automatic Renewal NO Grant NO IGA NO Department. HEALTH Department Email CM-HealthOweldgov.com Department Head Email CM-Health- DeptHeadreweldgov.com County Attorney GENERAL COUNTY ATTORNEY EMAIL County Attorney Email CM- COU NTYATTORN EYC'WEL DG OV,COM Requested BOCC Agenda Date* 11/21/2022 Parent Contract ID Requires Board Approval'. YES Department Project # Due Date 11/17/2022 Will a work session with BOCC be required?* HAD Does Contract require Purchasing Dept. to be included? NO If this is a renewal enter previous Contract ID If this is part of a MSA enter M'SA Contract ID Note: the Previous, Contract Number and Master Services Agreement Number should be left blankif those contracts are not in OnBase Contract D Effective Date 11/21/2022 Termination Notice Period Review Date. 09/01/2026 Committed Delivery Date. Renewal Date 11/2112026 Expiration Date* 11/2©/2026 Purchasing Approved Date Purchasing Approver Appr al Process: Department Head TANYA GEISER • OH Approved Date 11/17/202.2 8OCC Approved BOCC Signed Date BOCC Agenda Date 11/21/2022 Originator AGOMEZ li! Finance Approver CHRIS D"OVIDIO Finance Approved Date 11/18/2022 i8 Tyler Ref # AG 112122 Legal Counsel KARIN MCDOUGAL Legal Counsel Approved Date 11/18/2022 Hello