This Authorization and Consent (the "Authorization") is delivered to athenahealth, Inc. ("Athena") and is effective as of the date submitted on behalf of the Practice identified below ("Client") (Athena and Client collectively referred to as the "Parties").

The Parties have entered into an athenahealth Master Services Agreement, athenahealth Services Agreement, athenahealth Services Acknowledgment, or similar agreement (the "Athena Services Agreement") pursuant to which Client receives certain services from Athena. All capitalized terms used but not defined herein shall have the meanings assigned to them in the Athena Services Agreement.

Client also receives certain services from partner identified above (the "Partner"), and Partner is a Business Associate (as that term is used under HIPAA) of Client.

For purposes of this Authorization and Consent, "athenaNet" means the platforms, including the athenaNet^® multi-user platform, made available to Client or through which Athena provides services to clients, and the divisions within the athenaNet multi-user platform to differentiate the services Athena provides, and the data of, Client from the services Athena provides, and the data of, other clients are referred to as "Tablespaces". Each Tablespace has a unique identifier, known as a Context ID.

Client acknowledges and agrees that it is solely responsible for reviewing and vetting Partner systems and workflows, including but not limited to the privacy and security of those systems and workflows, to ensure Client can meet its obligations under applicable state or federal law.

Notwithstanding anything in the Athena Services Agreement to the contrary, by delivering this Authorization to Athena, as part of the athenaNet Services provided by Athena to Client, Client hereby authorizes Athena to, and requests that Athena:

(i) at Partner’s direction and on behalf of Client, provide Partner with access to Client’s data in the Tablespace(s) (Context IDs) listed below("Authorized Data"), which includes Client’s confidential information and "protected health information" or "PHI" as that term is used under the Health Insurance Portability and Accountability Act of 1996, and associated regulations ("HIPAA"), which may require Athena to aggregate Authorized Data with the data of other Athena clients; and

(ii) at Partner’s direction and on behalf of Client, enable Partner to send, receive, or exchange Authorized Data between athenaNet and Partner’s system(s) or third party system(s).

This Authorization will remain in full force and effect until revoked by Client. Client may revoke this Authorization by notifying Athena.

Client represents and warrants to Athena that it has all right, title, interest, consents or licenses necessary to deliver this Authorization with respect to the Tablespace(s) listed below. If Client operates in a Shared Tablespace (as defined below), the following additional terms apply:

1. Under the Athena Services Agreement, Client utilizes athenaNet to enter data and access the athenaNet Services.

2. Athena differentiates the data associated with, and athenaNet Services it performs for, Client from the data of, and athenaNet Services performed for, other clients by creating divisions within the athenaNet multi-user platform known as tablespaces ("Tablespaces"). The standard configuration for Athena clients’ use of the athenaNet Services is for each client to separately operate in one or more Tablespaces to the exclusion of other clients.

3. While it is possible to further subdivide a Tablespace (and data contained therein) into divisions known as provider groups ("Provider Groups") and to restrict certain data so that it is not shared among Provider Groups within a single Tablespace within the athenaNet multi-user platform, such divisions and restrictions are not available within any other athenaNet platform.

4. Client represents and warrants that it operates, along with one or more other Athena client(s), within one or more shared Tablespace(s) (the "Shared Tablespace(s)") in a manner that is consistent with Applicable Laws, including, without limitation, HIPAA and the regulations thereunder.

5. Client hereby acknowledges and agrees that if it is infeasible to return or destroy Client’s Authorized Data within the Shared Tablespace, Client’s Authorized Data will permanently remain in the Shared Tablespace following termination of the Athena Services Agreement or the Authorization, pursuant to which Partner may continue to have access to such Authorized Data in the Shared Tablespace or in another athenaNet platform.

6. Client represents and warrants on a continuing basis that its use and disclosure of, and access to, PHI and operation within the Shared Tablespace with each client therein is premised upon and in furtherance of the operational integration of Client and each other client within the Shared Tablespace for purposes permitted under the HIPAA Privacy Rule as Treatment, Payment, or permitted Health Care Operations (each as defined under the HIPAA Privacy Rule), and that the Shared Tablespace configuration is appropriate under Applicable Law, including but not limited to HIPAA and all state laws regarding patient privacy and data sharing.