Any errors, failures, interruptions, or delays experienced in connection with these third-party technologies and information services or our own systems could negatively impact our relationships with users and customers, adversely affect our brands and business, and expose us to third-party liabilities. The insurance coverage under our policies may not be adequate to compensate us for all losses that may occur. In addition, we cannot provide assurance that we will continue to be able to obtain adequate insurance coverage at an acceptable cost.
The reliability and performance of the Internet may be harmed by increased usage or by denial-of-service attacks. The Internet has experienced a variety of outages and other delays as a result of damages to portions of its infrastructure, and it could face outages and delays in the future. These outages and delays could reduce the level of Internet usage as well as the availability of the Internet to us for delivery of our Internet-based services.
We typically provide service level commitments under our customer contracts. If we fail to meet these contractual commitments, we could be obligated to provide credits or refunds for prepaid amounts related to unused subscription services or face contract terminations, which could adversely affect our results of operations.
Finally, recent changes in law could impact the cost and availability of necessary Internet infrastructure. Increased costs and/or decreased availability would negatively affect our results of operations.
Our Solution utilizes open-source software, and any failure to comply with the terms of one or more of these open-source licenses could adversely affect our business.
We use software modules licensed to us by third-party authors under “open-source” licenses in our Solution.Some open-source licenses contain affirmative obligations or restrictive terms that could adversely impact our business, such as restrictions on commercialization or obligations to make available modified or derivative works of certain open-source code.If we failwere to provide effective professional services and high-quality customer support,combine our business and reputation would suffer.
Our professional services and high-quality, ongoing customer support are importantproprietary software with certain open-source software subject to these licenses in a certain manner, we could, under certain open-source licenses, be required to release or otherwise make available the source code to our proprietary software to the successful marketingpublic. This would allow our competitors to create similar products with lower development effort and time and ultimately could result in a loss of product sales for us.
Although we employ practices designed to manage our compliance with open-source licenses and protect our proprietary source code, we may inadvertently use open-source software in a manner we do not intend and that could expose us to claims for breach of contract and intellectual property infringement.If we are held to have breached the terms of an open-source software license, we could be required to, among other things, seek licenses from third parties to continue offering our products on terms that are not economically feasible, pay damages to third parties, to re-engineer our products, to discontinue the sale of our products and services and for the renewal of existing customer agreements. Providing these services and support requires that our professional services and support personnel have healthcare, technical, and other knowledge and expertise, making it difficult for usif re-engineering cannot be accomplished on a timely basis, or to hire qualified personnel and scale our professional services and support operations. The demand on our customer support organization will increase as we expand our business and pursue new customers, and such increased support could require us to devote significant development services and support personnel, which could strain our team and infrastructure and reduce our profit margins. If we do not help our customers quickly resolve any post-implementation issues and provide effective ongoing customer support, our ability to sell additional products and services to existing and future customers could suffer and our reputation would be harmed.
Our sales cycles can be long and unpredictable, and our sales efforts requiremake generally available, in source code form, a considerable investment of time and expense. If our sales cycle lengthens or we invest substantial resources pursuing unsuccessful sales opportunities, our results of operations and growth would be harmed.
Our sales process entails planning discussions with prospective customers, analyzing their existing solutions and identifying how these potential customers can use and benefit from our Solution. The sales cycle for a new customer, from the time of prospect qualification to the completion of the first sale, has averaged 11 months and in some cases has exceeded 24 months. We spend substantial time, effort and money in our sales efforts without any assurance that our efforts will result in the saleportion of our Solution. In addition, our sales cycle and timing of sales can vary substantially from customer to customer because of various factors, including the discretionary nature of potential customers’ purchasing and budget decisions, the announcement or planned introduction of new analytics applications or services by us or our competitors, and the purchasing approval processes of potential customers. If our sales cycle lengthens or we invest substantial resources pursuing unsuccessful sales opportunities, our results of operations and growth would be harmed.
Our DOS platform or our analytics applications may not operate properly, which could damage our reputation, give rise to claims against us, or divert application of our resources from other purposes,proprietary code, any of which could harm our business and results of operations.
Proprietary software development is time-consuming, expensive, and complex. Unforeseen difficulties can arise. We may encounter technical obstacles, and it is possible that we will discover additional problems that prevent our applications from operating properly.
If our systems do not function reliably or fail to meet user or customer expectations in terms of performance, customers could assert liability claims against us or attempt to cancel their contracts with us, and members could choose to terminate their use of our Solution. This could damage our reputation and impair our ability to attract or retain customers and members.
Information services as complex as those we offer have, in the past, contained, and may in the future develop or contain, undetected defects, vulnerabilities, or errors. We cannot be assured that material performance problems or defects in our software will not arise in the future. Errors may result from sources beyond our control, including the receipt, entry, or interpretation of patient information; the interface of our software with legacy systems that we did not develop; or errors in data provided by third parties. Despite testing, defects or errors may arise in our existing or new software or service processes following introduction to the market.
Customers rely on our Solution to collect, manage, and report clinical, financial, and operational data, and to provide timely and accurate information regarding medical treatment and care delivery patterns. They may have a greater sensitivity to service errors and security vulnerabilities than customers of software products in general. Clinicians may also rely on our predictive models for care delivery prioritization, and to inform treatment protocols. Limitations of liability and disclaimers that purport to limit our liability for damages related to defects in our software or content which we may include in our subscription and services agreements may not be enforced by a court or other tribunal or otherwise effectively protect us from related claims. In most cases, we maintain liability insurance coverage, including coverage for errors and omissions. However, it is possible that claims could exceed the amount of our applicable insurance coverage or that this coverage may not continue to be available on acceptable terms or in sufficient amounts.
In light of this, defects, vulnerabilities, and errors and any failure by us to identify and address them could result in loss of revenue or market share; liability to customers, members, their patients, or others; failure to achieve market acceptance or expansion; diversion of development and management resources; delays in the introduction of new services; injury to our reputation; and increased service and maintenance costs. Defects, vulnerabilities, or errors in our software and service processes might discourage existing or potential customers or members from purchasing services from us. Correction of defects, vulnerabilities, or errors could prove to be impossible or impracticable. The costs incurred in correcting any defects, vulnerabilities, or errors or in responding to resulting claims or liability may be substantial and could adversely affect our results of operations.
If we are not able to maintain and enhance our reputation and brand recognition, our business and results of operations will be harmed.
We believe that maintaining and enhancing our reputation and brand recognition is critical to our relationships with existing customers and to our ability to attract new customers. The promotion of our brands may require us to make substantial investments and we anticipate that, as our market becomes increasingly competitive, these marketing initiatives may become increasingly difficult and expensive. Our marketing activities may not be successful or yield increased revenue, and to the extent that these activities yield increased revenue, the increased revenue may not offset the expenses we incur and our results of operations could be harmed. In addition, any factor that diminishes our reputation or that of our management, including failing to meet the expectations of our customers, or any adverse publicity surrounding one of our investors or customers, could make it substantially more difficult for us to attract new customers. If we do not successfully maintain and enhance our reputation and brand recognition, our business may not grow and we could lose our relationships with customers, which would harm our business, results of operations, and financial condition.The terms of many open-source licenses have not been interpreted by U.S. courts, and, as a result, there is a risk that such licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to commercialize our Solution.
We employ third-party licensed software and software components for use in or with our Solution, and the inability to maintain these licenses or the presence of errors in the software we license could limit the functionality of our Solution and result in increased costs or reduced service levels, which would adversely affect our business.
Our software applications might incorporate or interact with certain third-party software and software components (other than open sourceopen-source software), such as data visualization software, obtained under licenses from other companies. We pay these third parties a license fee or royalty payment. We anticipate that we will continue to use such third-party software in the future.
Although we believe that there are commercially reasonable alternatives to the third-party software we currently make available, this may not always be the case, or it may be difficult or costly to replace. Furthermore, these third parties may increase the price for licensing their software, which could negatively impact our results of operations.
Our use of additional or alternative third-party software could require customers to enter into license agreements with third parties. In addition, if the third-party software we make available has errors or otherwise malfunctions, or if the third-party terminates its agreement with us, the functionality of our Solution may be negatively impacted and our business may suffer.
We derive a significant portion of our revenue from our largest customers. The loss, termination, or renegotiation of any contract could negatively impact our results.
Historically, we have relied on a limited number of customers for a significant portion of our total revenue and accounts receivable. Our three largest customers during the six months ended June 30, 2019 comprised 4.9%, 3.9%, and 3.8% of our revenue, or 12.6% in the aggregate. Our three largest customers during the six months ended June 30, 2018 comprised 7.8%, 6.9%, and 5.0% of our revenue, or 19.7% in the aggregate. The sudden loss of any of our largest customers or the renegotiation of any of our largest customer contracts could adversely affect our results of operations. In the ordinary course of business, we engage in active discussions and renegotiations with our customers in respect of the solutions we provide and the terms of our customer agreements, including our fees. As our customers’ businesses respond to market dynamics and financial pressures, and as our customers make strategic business decisions in respect of the lines of business they pursue and programs in which they participate, we expect that certain of our customers will, from time to time, seek to restructure their agreements with us. In the ordinary course, we renegotiate the terms of our agreements with our customers in connection with renewals or extensions of these agreements. These discussions and future discussions could result in reductions to the fees and changes to the scope of services contemplated by our original customer contracts and consequently could negatively impact our revenue, business, and prospects.
Because we rely on a limited number of customers for a significant portion of our revenue, we depend on the creditworthiness of these customers. Our customers are subject to a number of risks including reductions in payment rates from governmental payors, higher than expected health care costs, and lack of predictability of financial results when entering new lines of business. If the financial condition of our customers declines, our credit risk could increase. Should one or more of our significant customers declare bankruptcy, be declared insolvent, or otherwise be restricted by state or federal laws or regulation from continuing in some or all of their operations, this could adversely affect our ongoing revenue, the collectability of our accounts receivable, and affect our bad debt reserves and net income.
We may not grow at the rates we historically have achieved or at all, even if our key metrics may indicate growth.
We have experienced significant growth in the last five years. Future revenue may not grow at these same rates or may decline. Our future growth will depend, in part, on our ability to grow our revenue from existing customers, to complete sales to potential future customers, to expand our customer and member bases, to develop new solutions, and to expand internationally. We can provide no assurances that we will be successful in executing on these growth strategies or that we will continue to grow our revenue or to generate net income. Our historical results may not be indicative of future performance. Our ability to execute on our existing sales pipeline, create additional sales pipelines, and expand our customer base depends on, among other things, the attractiveness of our Solution relative to those offered by our competitors, our ability to demonstrate the value of our existing and future services, and our ability to attract and retain a sufficient number of qualified sales and marketing leadership and support personnel. In addition, our existing customers may be slower to adopt our Solution than we currently anticipate, which could adversely affect our results of operations and growth prospects.
Changes in the healthcare industry could affect the demand for our Solution, cause our existing contracts to be terminated, and negatively impact the process of negotiating future contracts.
As the healthcare industry evolves, changes in our customer and vendor bases may reduce the demand for our Solution, result in the termination of existing contracts or certain services provided under existing contracts, and make it more difficult to negotiate new contracts on terms that are acceptable to us.
For example, the increasing market share of EHR companies in data analytic services at hospital systems may cause our existing customers to terminate contracts with us in order to engage EHR companies to provide these services. Similarly, customer and vendor consolidation results in fewer, larger entities with increased bargaining power and the ability to demand terms that are unfavorable to us. If these trends continue, we cannot assure you that we will be able to continue to maintain or expand our customer base, negotiate contracts with acceptable terms, or maintain our current pricing structure, and our revenue may decrease.
General reductions in expenditures by healthcare organizations, or reductions in such expenditures within market segments that we serve, could have similar impacts with regard to our Solution. Such reductions may result from, among other things, reduced governmental funding for healthcare; a decrease in the number of, or the market exclusivity available to, new drugs coming to market; or adverse changes in business or economic conditions affecting healthcare payors or providers, the pharmaceutical industry, or other healthcare companies that purchase our services (e.g., changes in the design of health plans). In addition, changes in government regulation of the healthcare industry could potentially negatively impact our existing and future contracts. Any of these changes could reduce the purchase of our Solution by such customers, reducing our revenue and possibly requiring us to materially revise our offerings. In addition, our customers’ expectations regarding pending or potential industry developments may also affect their budgeting processes and spending plans with respect to our Solution.
Because we generally recognize technology and professional services revenue ratably over the term of the contract for our services, a significant downturn in our business may not be reflected immediately in our results of operations, which increases the difficulty of evaluating our future financial performance.
We generally recognize technology and professional services revenue ratably over the term of a contract. As a result, a substantial portion of our revenue is generated from contracts entered into during prior periods. Consequently, a decline in new contracts in any quarter may not affect our results of operations in that quarter but could reduce our revenue in future quarters. Additionally, the timing of renewals or non-renewals of a contract during any quarter may only affect our financial performance in future quarters. For example, the non-renewal of a subscription agreement late in a quarter will have minimal impact on revenue for that quarter but will reduce our revenue in future quarters. Accordingly, the effect of significant declines in sales may not be reflected in our short-term results of operations, which would make these reported results less indicative of our future financial results. By contrast, a non-renewal occurring early in a quarter may have a significant negative impact on revenue for that quarter and we may not be able to offset a decline in revenue due to non-renewal with revenue from new contracts entered into in the same quarter. In addition, we may be unable to quickly adjust our costs in response to reduced revenue.
The estimates of market opportunity and forecasts of market growth included herein may prove to be inaccurate, and even if the markets in which we compete achieve the forecasted growth, our business may not grow at similar rates, or at all.
Market opportunity estimates and growth forecasts included herein are subject to significant uncertainty and are based on assumptions and estimates which may not prove to be accurate. The estimates and forecasts included herein relating to size and expected growth of our target market may prove to be inaccurate. Even if the markets in which we compete meet the size estimates and growth forecasts included herein, our business may not grow at similar rates, or at all. Our growth is subject to many factors, including our success in implementing our business strategy, which is subject to many risks and uncertainties.
We have experienced significant net losses since inception, we expect to incur losses in the future, and we may not be able to generate sufficient revenue to achieve and maintain profitability.
We have incurred significant net losses in the past, including net losses of $24.4 million and $62.0 million in the six months ended June 30, 2019 and the year ended December 31, 2018, respectively. We had an accumulated deficit of $557.2 million as of June 30, 2019. We expect our costs will increase over time as we continue to invest to grow our business and build relationships with customers, develop our platform, develop new solutions, and operate as a public company. These efforts may prove to be more expensive than we currently anticipate, and we may not succeed in increasing our revenue sufficiently to offset these higher expenses.
As a result, we may need to raise additional capital through equity and debt financings in order to fund our operations. To date, we have financed our operations principally from the sale of redeemable convertible preferred stock, revenue from sales of our Solution and the incurrence of indebtedness. We may also fail to improve the gross margins of our business. If we are unable to effectively manage these risks and difficulties as we encounter them, our business, financial condition, and results of operations would be adversely affected. Our failure to achieve or maintain profitability could negatively impact the value of our common stock.
Because competition for our target employees is intense, we may not be able to attract and retain the highly skilled employees we need to support our continued growth.
To continue to execute on our growth plan, we must attract and retain highly qualified personnel. Competition for such personnel is intense, especially for senior sales executives and software engineers with high levels of experience in designing and developing applications and consulting and analytics services. We may not be successful in attracting and retaining qualified personnel. We have from time to time in the past experienced, and we expect to continue to experience in the future, difficulty in hiring and retaining highly skilled employees with appropriate qualifications. In addition, our search for replacements for departed employees may cause uncertainty regarding the future of our business, impact employee hiring and retention, and adversely impact our revenue, results of operations, and financial condition.
Many of the companies with which we compete for experienced personnel have greater resources than we have. In addition, in making employment decisions, particularly in the Internet and high-technology industries, job candidates often consider the value of the equity awards they may receive in connection with their employment. Volatility in the price of our stock or failure to obtain stockholder approval for increases in the number of shares available for grant under our equity plans may, therefore, adversely affect our ability to attract or retain key employees. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business and future growth prospects could be severely harmed.
We depend on our senior management team, and the loss of one or more of our executive officers or key employees or an inability to attract and retain highly skilled employees could adversely affect our business.
Our success depends largely upon the continued services of our key executive officers and recruitment of additional highly skilled employees. From time to time, there may be changes in our senior management team resulting from the hiring or departure of executives, which could disrupt our business. Several of our senior leaders are active members of the Church of Jesus Christ of Latter-Day Saints. There is a risk that in the future, one or more of these individuals could receive a call to serve in a full-time capacity for the church. This has already occurred with one of the two co-founders of our company, Steven Barlow, who in November 2016 was called to serve from June 2017 to June 2020 in a full-time capacity. At the time of his call, he was serving as the President of our professional services organization and was one of the most senior leaders of our company. In connection with this call to serve, Mr. Barlow took a leave-of-absence from his company responsibilities starting in March 2017, and his leave of absence will likely extend until August 2020. Hiring executives with needed skills or the replacement of one or more of our executive officers or other key employees would likely involve significant time and costs and may significantly delay or prevent the achievement of our business objectives.
In addition, competition for qualified management in our industry is intense. Many of the companies with which we compete for management personnel have greater financial and other resources than we do. We have not entered into term-based employment agreements with our executive officers. All of our employees are “at-will” employees, and their employment can be terminated by us or them at any time, for any reason. The departure of key personnel could adversely affect the conduct of our business. In such event, we would be required to hire other personnel to manage and operate our business, and there can be no assurance that we would be able to employ a suitable replacement for the departing individual, or that a replacement could be hired on terms that are favorable to us. In addition, volatility or lack of performance in our stock price may affect our ability to attract replacements should key personnel depart. If we are not able to retain any of our key management personnel, our business could be harmed.
Our corporate culture has contributed to our success, and if we cannot maintain this culture as we grow, we could lose the innovation, creativity, and teamwork fostered by our culture, which could harm our business.
We believe that our corporate culture has been an important contributor to our success, which we believe fosters innovation, teamwork, and passion for providing high levels of customer satisfaction. Most of our employees have been with us for fewer than three years as a result of our rapid growth. As we continue to grow, we must effectively integrate, develop, and motivate a growing number of new employees. As a result, we may find it difficult to maintain our corporate culture, which could limit our ability to innovate and operate effectively. Any failure to preserve our culture could also negatively affect our ability to retain and recruit personnel, maintain our performance, or execute on our business strategy.
The terms of our credit facility require us to meet certain operating and financial covenants and place restrictions on our operating and financial flexibility. If we raise additional capital through debt financing, the terms of any new debt could further restrict our ability to operate our business.
On February 6, 2019, we entered into a term loan facility with OrbiMed Royalty Opportunities II, LP (OrbiMed) in the amount of $80.0 million (the OrbiMed Credit Facility) as further described in detail in Note 9 in the consolidated financial statements. The OrbiMed Credit Facility is secured by a lien covering substantially all of our assets, including our intellectual property. Subject to the terms of the Credit Agreement entered into in connection with the OrbiMed Credit Facility (the Credit Agreement), amounts borrowed under the facility are repaid in twelve monthly installments beginning on the amortization commencement date, as defined in the Credit Agreement, prior to the February 6, 2024 maturity date, at which time all amounts borrowed will be due and payable. In addition, our revolving line of credit with Silicon Valley Bank (SVB) includes certain restrictive covenants.
The Credit Agreement contains customary affirmative and negative covenants, indemnification provisions, and events of default. The affirmative covenants include, among others, covenants requiring us to maintain our legal existence and regulatory authorizations, deliver certain financial reports, and maintain certain intellectual property rights. The negative covenants include, among others, restrictions on transferring or licensing our assets, changing our business, incurring additional indebtedness, engaging in mergers or acquisitions, paying dividends or making other distributions, and creating other liens on our assets, in each case subject to customary exceptions. If we default under the Credit Agreement, the lender will be able to declare all obligations immediately due and payable and take control of our pledged assets, potentially requiring us to renegotiate our agreement on terms less favorable to us or to immediately cease operations. Further, if we are liquidated, the lender’s rights to repayment would be senior to the rights of the holders of our common stock to receive any proceeds from the liquidation. The lender could declare a default under the Credit Agreement upon the occurrence of any event that has had or could reasonably be expected to have a material adverse effect as defined under the Credit Agreement, thereby requiring us to repay the loan immediately or to attempt to reverse the declaration of default through negotiation or litigation. Any declaration by the lender of an event of default could significantly harm our business and prospects and could cause the price of our common shares to decline. If we raise any additional debt financing, the terms of such additional debt could further restrict our operating and financial flexibility.
We may acquire other companies or technologies, which could divert our management’s attention, result in dilution to our stockholders, and otherwise disrupt our operations and we may have difficulty integrating any such acquisitions successfully or realizing the anticipated benefits therefrom, any of which could have an adverse effect on our business, financial condition, and results of operations.
We may seek to acquire or invest in businesses, applications, and services, or technologies that we believe could complement or expand our Solution, enhance our technical capabilities, or otherwise offer growth opportunities. The pursuit of potential acquisitions may divert the attention of management and cause us to incur various expenses in identifying, investigating, and pursuing suitable acquisitions, whether or not they are consummated. We have in the past and may in the future have difficulty integrating acquired businesses. For example, in June 2018 we acquired the interoperability services of the Medicity business, which we are in the process of integrating with our other services. We may have difficulty cross-selling our Solution to acquired customers, and we may have difficulty integrating newly acquired team members.
We have limited experience in acquiring other businesses. If we acquire additional businesses, we may not be able to integrate the acquired personnel, operations, and technologies successfully, or effectively manage the combined business following the acquisition. We also may not achieve the anticipated benefits from the acquired business due to a number of factors, including, but not limited to:
inability to integrate or benefit from acquired technologies or services in a profitable manner;
unanticipated costs or liabilities associated with the acquisition;
difficulty integrating the accounting systems, operations, and personnel of the acquired business;
difficulties and additional expenses associated with supporting legacy products and hosting infrastructure of the acquired business;
difficulty converting the customers of the acquired business onto our platform and contract terms, including disparities in the revenue, licensing, support, or professional services model of the acquired company;
diversion of management’s attention from other business concerns;
adverse effects on our existing business relationships with business partners and customers as a result of the acquisition;
the potential loss of key employees;
use of resources that are needed in other parts of our business; and
use of substantial portions of our available cash to consummate the acquisition.
In addition, a significant portion of the purchase price of companies we acquire may be allocated to acquired goodwill and other intangible assets, which must be assessed for impairment at least annually. In the future, if our acquisitions do not yield expected returns, we may be required to take charges to our results of operations based on this impairment assessment process, which could adversely affect our results of operations.
Acquisitions could also result in dilutive issuances of equity securities or the incurrence of debt, which could adversely affect our results of operations. In addition, if an acquired business fails to meet our expectations, our business, financial condition, and results of operations may suffer.
Also, the anticipated benefit of any acquisition may not materialize or may be prohibited. In February 2019, we entered into the OrbiMed Credit Facility. The Credit Agreement restricts our ability to pursue certain mergers, acquisitions, or consolidations that we may believe to be in our best interest. Additionally, future acquisitions or dispositions could result in potentially dilutive issuances of our equity securities, the incurrence of debt, contingent liabilities, or amortization expenses or write-offs of goodwill, any of which could harm our financial condition. We cannot predict the number, timing or size of future acquisitions, or the effect that any such transactions might have on our results of operations.
We may not be able to generate sufficient cash to service our indebtedness.
It is possible that we will in the future draw down on our credit facilities with OrbiMed or SVB or enter into new debt obligations. Our ability to make scheduled payments or to refinance such debt obligations depends on numerous factors, including the amount of our cash balances and our actual and projected financial and operating performance. We may be unable to maintain a level of cash balances or cash flows sufficient to permit us to pay the principal, premium, if any, and interest on our existing or future indebtedness. If our cash flows and capital resources are insufficient to fund our debt service obligations, we may be forced to reduce or delay capital expenditures, sell assets or operations, seek additional capital, or restructure or refinance our indebtedness.
We may not be able to take any of these actions, and even if we are, these actions may be insufficient to permit us to meet our scheduled debt service obligations. In addition, in the event of our breach of the Credit Agreement, we may be required to repay any outstanding amounts earlier than anticipated. If for any reason we become unable to service our debt obligations under the Credit Agreement, or any new debt obligations that we may enter into from time to time, holders of our common stock would be exposed to the risk that their holdings could be lost in an event of a default under such debt obligations and a foreclosure and sale of our assets for an amount that is less than the outstanding debt.
Any failure to protect our intellectual property rights could impair our ability to protect our proprietary technology and our brand.
Our success and ability to compete depend in part upon our intellectual property. As of June 30, 2019,December 31, 2021, we had filed applications for a number of patents, and we have eighttwelve issued U.S. andpatents, three issued Canadian patents.patents, one issued Great Britain patent, and one issued European patent, as well as two patent applications pending in the United States and one patent application pending in Canada. We also have twenty-fivehad thirty registered trademarks in the United States, Canada, China,Singapore, United Arab Emirates, and the European Union, and five trademark applications in the United States.China. We also rely on copyright and trademark laws, trade secret protection, and confidentiality or license agreements with our employees, customers, partners, and others to protect our intellectual property rights. However, the steps we take to protect our intellectual property rights may be inadequate.
For example, other parties, including our competitors, may independently develop similar technology, duplicate our services, or design around our intellectual property and, in such cases, we may not be able to assert our intellectual property rights against such parties. Further, our contractual arrangements may not effectively prevent disclosure of our confidential information or provide an adequate remedy in the event of unauthorized disclosure of our confidential information, and we may be unable to detect the unauthorized use of, or take appropriate steps to enforce, our intellectual property rights.
We make business decisions about when to seek patent protection for a particular technology and when to rely upon trade secret protection, and the approach we select may ultimately prove to be inadequate. Even in cases where we seek patent protection, there is no assurance that the resulting patents will effectively protect every significant feature of our Solution, technology, or proprietary information, or provide us with any competitive advantages. Moreover, we cannot guarantee that any of our pending patent applications will issue or be approved. The United States Patent and Trademark Office and various foreign governmental patent agencies also require compliance with a number of procedural, documentary, fee payment, and other similar provisions during the patent application process and after a patent has issued. There are situations in which noncompliance can result in abandonment or lapse of the patent, or patent application, resulting in partial or complete loss of patent rights in the relevant jurisdiction. If this occurs, our competitors might be able to enter the market, which would have a material adverse effect on our business. Effective trademark, copyright, patent, and trade secret protection may not be available in every country in which we conduct business. Further, intellectual property law, including statutory and case law, particularly in the United States, is constantly developing, and any changes in the law could make it harder for us to enforce our rights.
In order to protect our intellectual property rights, we may be required to spend significant resources to monitor and protect these rights. Litigation brought to protect and enforce our intellectual property rights could be costly, time-consuming,time consuming, and distracting to management and could result in the impairment or loss of portions of our intellectual property. Furthermore, our efforts to enforce our intellectual property rights may be met with defenses, counterclaims, and countersuits attacking the validity and enforceability of our intellectual property rights.
An adverse determination of any litigation proceedings could put our intellectual property at risk of being invalidated or interpreted narrowly and could put our related pending patent applications at risk of not issuing. Furthermore, because of the substantial amount of discovery required in connection with intellectual property litigation, there is a risk that some of our confidential or sensitive information could be compromised by disclosure in the event of litigation. In addition, during the course of litigation, there could be public announcements of the results of hearings, motions or other interim proceedings or developments. If securities analysts or investors perceive these results to be negative, it could have a substantial adverse effect on the price of our common stock.
Negative publicity related to a decision by us to initiate such enforcement actions against a customer or former customer, regardless of its accuracy, may adversely impact our other customer relationships or prospective customer relationships, harm our brand and business, and could cause the market price of our common stock to decline. Our failure to secure, protect, and enforce our intellectual property rights could adversely affect our brand and our business.
We may be sued by third parties for alleged infringement of their proprietary rights or misappropriation of intellectual property.
There is considerable patent and other intellectual property development activity in our industry. Our future success depends in part on not infringing upon the intellectual property rights of others. Our competitors, as well as a number of other entities and individuals, including so-called non-practicing entities (NPEs), may own or claim to own intellectual property relating to our Solution. From time to time, third parties may claim that we are infringing upon their intellectual property rights or that we have misappropriated their intellectual property. For example, in some cases, very broad patents are granted that may be interpreted as covering a wide field of healthcare data storage and analytics solutions or machine learning and predictive modeling methods in healthcare. As competition in our market grows, the possibility of patent infringement, trademark infringement, and other intellectual property claims against us increases.
In the future, we expect others to claim that our Solution and underlying technology infringe or violate their intellectual property rights. In a patent infringement claim against us, we may assert, as a defense, that we do not infringe the relevant patent claims, that the patent is invalid or both. The strength of our defenses will depend on the patents asserted, the interpretation of these patents, and our ability to invalidate the asserted patents. However, we could be unsuccessful in advancing non-infringement and/or invalidity arguments in our defense. In the United States, issued patents enjoy a presumption of validity, and the party challenging the validity of a patent claim must present clear and convincing evidence of invalidity, which is a high burden of proof. Conversely, the patent owner need only prove infringement by a preponderance of the evidence, which is a lower burden of proof.
We may be unaware of the intellectual property rights that others may claim cover some or all of our technology or services. Because patent applications can take years to issue and are often afforded confidentiality for some period of time there may currently be pending applications, unknown to us, that later result in issued patents that could cover one or more aspects of our technology and services. Any claims or litigation could cause us to incur significant expenses and, whether or not successfully asserted against us, could require that we pay substantial damages, ongoing royalty or license payments, or settlement fees, prevent us from offering our Solution or using certain technologies, require us to re-engineer all or a portion of our platform, or require that we comply with other unfavorable terms. We may also be obligated to indemnify our customers or business partners or pay substantial settlement costs, including royalty payments, in connection with any such claim or litigation and to obtain licenses, modify applications, or refund fees, which could be costly. Even if we were to prevail in such a dispute, any litigation regarding our intellectual property could be costly and time-consumingtime consuming and divert the attention of our management and key personnel from our business operations.
Economic uncertaintiesRisks Related to Governmental Regulation
Risks Related to Healthcare and Data Privacy and Security Regulation
Actual or downturns in the general economy or the industries in which our customers operate could disproportionately affect the demand for our Solution and negatively impact our results of operations.
General worldwide economic conditions have experienced significant downturns during the last ten years, and market volatility and uncertainty remain widespread, making it potentially very difficult for our customers and us to accurately forecast and plan future business activities. During challenging economic times, our customers may have difficulty gaining timely access to sufficient credit or obtaining credit on reasonable terms, which could impair their ability to make timely payments to us and adversely affect our revenue. If that were to occur, our financial results could be harmed. Further, challenging economic conditions may impair the ability of our customers to pay for the applications and services they already have purchased from us and, as a result, our write-offs of accounts receivable could increase. We cannot predict the timing, strength, or duration of any economic slowdown or recovery. If the condition of the general economy or markets in which we operate worsens, our business could be harmed.
Our Solution utilizes open source software, and any failureperceived failures to comply with the terms of one or more of these open source licenses could adversely affect our business.
We use software modules licensed to us by third-party authors under “open source” licenses in our Solution. Some open source licenses require that users of the applicable software make available source code for modifications or derivative works created using that open source software. If we were to combine our proprietary software with open source software in a certain manner, we could, under certain open source licenses, be required to release or otherwise make available the source code to our proprietary software to the public. This would allow our competitors to create similar products with lower development effortdata protection, privacy and timesecurity laws, regulations, standards and ultimately could result in a loss of product sales for us.
Although we employ practices designed to manage our compliance with open source licenses and protect our proprietary source code, we may inadvertently use open source software in a manner we do not intend and that could expose us to claims for breach of contract and intellectual property infringement. If we are held to have breached the terms of an open source software license, we could be required to seek licenses from third parties to continue offering our products on terms that are not economically feasible, to re-engineer our products, to discontinue the sale of our products if re-engineering cannot be accomplished on a timely basis, or to make generally available, in source code form, a portion of our proprietary code, any of whichother requirements could adversely affect our business, results of operations, and financial condition. The terms
•Health information privacy and security laws. There are numerous federal and state laws and regulations that govern the privacy and security of many open source licenses have not been interpreted by U.S. courts,health information. In particular, HIPAA imposes, among other things, certain standards relating to the privacy, security, transmission and as a result, there is a risk that such licenses could be construed in a manner that imposes unanticipated conditions or restrictionsbreach reporting of protected health information (PHI). By processing and maintaining PHI on behalf of our ability to commercialize our Solution.
Taxing authorities may successfully assert that we should have collected or in the future should collect sales and use, value added or similar transactional taxes, and we could be subject to liability with respect to past or future sales, which could adversely affect our results of operations.
We do not collect sales and use, value added, and similar transactional taxes in all jurisdictions in which we have sales, based on our belief that such taxes are not applicable or thatcovered entity customers, we are not required to collect such taxes with respect to the jurisdiction. Salesa HIPAA business associate and use, value added, and similar tax laws and rates vary greatly by jurisdiction. Certain jurisdictions in which we do not collect such taxes may assert that such taxes are applicable, which could result in tax assessments, penalties, and interest, and we may be required to collect such taxes in the future. Such tax assessments, penalties, interest or future requirements, increase in tax rates, or a combination of the foregoing may result in an increase in our sales and similar transactional taxes, increase administrative burdens or costs, or otherwise adversely affect our business, results of operations, or financial condition.
Unanticipated changes in our effective tax rate and additional tax liabilities, including as a result of our international operations or implementation of new tax rules, could harm our future results.
We are subject to income taxes in the United States and are expanding into various foreign jurisdictions that are subject to income tax. Our domestic and international tax liabilities are subject to the allocation of expenses in differing jurisdictions and complex transfer pricing regulations administered by taxing authorities in various jurisdictions. Tax rates in the jurisdictions in which we operate may change as a result of factors outside of our control or relevant taxing authorities may disagree with our determinations as to the income and expenses attributable to specific jurisdictions. In addition, changes in tax and trade laws, treaties or regulations, or their interpretation or enforcement, have become more unpredictable and may become more stringent, which could materially adversely affect our tax position. Forecasting our estimated annual effective tax rate is complex and subject to uncertainty, and there may be material differences between our forecasted and actual effective tax rate. Our effective tax rate could be adversely affected by changes in the mix of earnings and losses in countries with differing statutory tax rates, certain non-deductible expenses, the valuation of deferred tax assets and liabilities, adjustments to income taxes upon finalization of tax returns, changes in available tax attributes, decision to repatriate non-U.S. earnings for which we have not previously provided for U.S. taxes, and changes in federal, state, or international tax laws and accounting principles.
Finally, we may be subject to income tax audits throughout the world. An adverse resolution of one or more uncertain tax positions in any period could have a material impact on our results of operations or financial condition for that period.
If we are unable to implement and maintain effective internal controls over financial reporting, investors may lose confidence in the accuracy and completeness of our financial reports and the market price of our common stock could be adversely affected.
As a public company, we are required to maintain internal controls over financial reporting and to report any material weaknesses in such internal controls. Section 404 of the Sarbanes-Oxley Act requires that we evaluate and determine the effectiveness of our internal controls over financial reporting. However, we are not currently required to comply with the SEC rules that implement Section 404 of the Sarbanes-Oxley Act and are therefore not required to make a formal assessment of the effectiveness of our internal control over financial reporting for that purpose.
As a public company, we are required to provide an annual management report on the effectiveness of our internal control over financial reporting commencingenter into BAAs with our second annual report on Form 10-K. Many of the internal controls we have implemented pursuantcovered entity clients to the Sarbanes-Oxley Act are process controls with respect to which a material weakness may be found whether or not any error has been identified in our reported financial statements. This may be confusing to investors and result in damage to our reputation, which may harm our business. Additionally, the proper design and assessment of internal controls over financial reporting are subject to varying interpretations, and,safeguard PHI, as a result, application in practice may evolve over timewell as new guidance is provided by regulatory and governing bodies and as common practices evolve. This could result in continuing uncertainty regarding the proper design and assessment of internal controls over financial reporting and higher costs necessitated by ongoing revisions to internal controls.
We must continue to monitor and assess our internal control over financial reporting. If in the future we have any material weaknesses, we may not detect errors on a timely basis and our financial statements may be materially misstated. Additionally, if in the future we are unable to comply with the requirements of Section 404 of the Sarbanes-Oxley Act in a timely manner, are unable to assert that our internal controls over financial reporting are effective, identify material weaknesses in our internal controls over financial reporting, or if our independent registered public accounting firm is unable to express an opinion as to the effectiveness of our internal controls over financial reporting, investors may lose confidence in the accuracy and completeness of our financial reports, and the market price of our common stock could be adversely affected, and we could become subject to investigations by the stock exchange on which our securities are listed, the SEC, or other regulatory authorities, which could require additional financial and management resources.
Our ability to use our net operating losses to offset future taxable income may be subject to certain limitations.
As of December 31, 2018, we had net operating loss (NOL) carryforwards for federal and state income tax purposes of approximately $232.9 million and $186.2 million, respectively, which may be available to offset taxable income in the future, and which expire in various years beginning in 2032 for federal purposes if not utilized. The state NOLs will expire depending upon the various rules in the states in which we operate. A lack of future taxable income would adversely affect our ability to utilize these NOLs before they expire. In general, under Section 382 of the Internal Revenue Code of 1986, as amended (the Code) a corporation that undergoes an “ownership change” (as defined under Section 382 of the Code and applicable Treasury Regulations) is subject to limitations on its ability to utilize its pre-change NOLs to offset its future taxable income. We may experience a future ownership change (including, potentially, in connection with this offering) under Section 382 of the Code that could affect our ability to utilize the NOLs to offset our income. Furthermore, our ability to utilize NOLs of companies that we have acquired or may acquire in the future may be subject to limitations. There is also a risk that due to regulatory changes, such as suspensions on the use of NOLs or other unforeseen reasons, our existing NOLs could expire or otherwise be unavailable to reduce future income tax liabilities, including for state income tax purposes. For these reasons, we may not be able to utilize a material portion of our NOLs, even if we attain profitability, which could potentially result in increased future tax liability to us and could adversely affect our results of operations and financial condition.
Comprehensive tax reform legislation could adversely affect our business and financial condition.
On December 22, 2017, the Tax Cuts and Jobs Act of 2017 (the Tax Act) was signed into law. The Tax Act contains, among other things, significant changes to corporate taxation, including (i) a reduction of the corporate tax rate from a top marginal rate of 35% to a flat rate of 21%, (ii) a limitation of the tax deduction for interest expense to 30% of adjusted earnings (except for certain small businesses), (iii) a limitation of the deduction for NOLs to 80% of current year taxable income in respect of NOLs generated during or after 2018 and elimination of net operating loss carrybacks, (iv) a one-time tax on offshore earnings at reduced rates regardless of whether they are repatriated, (v) immediate deductions for certain new investments instead of deductions for depreciation expense over time, and (vi) a modification or repeal of many business deductions and credits. For federal NOLs arising in tax years beginning after December 31, 2017, the Tax Act limits a taxpayer’s ability to utilize federal NOL carryforwards to 80% of taxable income. In addition, federal NOLs arising in tax years ending after December 31, 2017 can be carried forward indefinitely, but carryback is generally prohibited. It is uncertain if and to what extent various states will conform to the newly enacted federal tax law. We will continue to examine the impact the Tax Act may have on our results of operations and financial condition.
Future litigation against us could be costly and time-consuming to defend and could result in additional liabilities.
We may from time to time be subject to legal proceedings and claims that arise in the ordinary course of business, such as claims brought by our customers in connection with commercial disputes and employment claims made by our current or former employees. Claims may also be asserted by or on behalf of a variety of other parties, including government agencies, patients or vendors of our customers, or stockholders. Any litigation involving us may result in substantial costs, operationally restrict our business, and may divert management’s attention and resources, which may seriously harm our business, overall financial condition, and results of operations. Insurance may not cover existing or future claims, be sufficient to fully compensate us for one or more of such claims, or continue to be available on terms acceptable to us. A claim brought against us that is uninsured or underinsured could result in unanticipated costs, thereby reducing our results of operations and resulting in a reduction in the trading price of our stock.
Changes in accounting principles may cause previously unanticipated fluctuations in our financial results, and the implementation of such changes may impact our ability to meet our financial reporting obligations.
We prepare our financial statements in accordance with U.S. GAAP which are subject to interpretation or changes by the Financial Accounting Standards Board (FASB), the SEC, and other various bodies formed to promulgate and interpret appropriate accounting principles. New accounting pronouncements and changes in accounting principles have occurred in the past and are expected to occur in the future which may have a significant effect on our financial results. Furthermore, any difficulties in implementation of changes in accounting principles, including the ability to modify our accounting systems, could cause us to fail to meet our financial reporting obligations, which could result in regulatory discipline and harm investors’ confidence in us.
Risks Related to Governmental Regulation
Government regulation of healthcare creates risks and challenges with respect to our compliance efforts and our business strategies.
The healthcare industry is highly regulated and is subject to changing political, legislative, regulatory, and other influences. Existing and new laws and regulations affecting the healthcare industry, or changes to existing laws and regulations, including the potential amendment or repeal of all or parts of the Affordable Care Act (ACA), could create unexpected liabilities for us, cause us to incur additional costs, and restrict our operations. Reforming the healthcare industry has been a priority for U.S. politicians, and key members of the legislative and executive branches have proposed a wide variety of potential changes and policy goals. Certain changes to laws impacting our industry, or perceived intentions to do so, could affect our business and results of operations.
Many healthcare laws are complex, and their application to specific services and relationships may not be clear. In particular, many existing healthcare laws and regulations, when enacted, did not anticipate the data analytics and improvement services that we provide, and these laws and regulations may be applied to our Solution in ways that we do not anticipate, particularly as we develop and release new and more sophisticated solutions. Our failure to accurately anticipate the application of these laws and regulations, or our other failure to comply with them, could create significant liability for us, result in adverse publicity, and negatively affect our business. Some of the risks we face from healthcare regulation are described below:
| |
• | False Claims Laws. There are numerous federal and state laws that prohibit submission of false information, or the failure to disclose information, in connection with submission and payment of physician claims for reimbursement. For example, the federal civil False Claims Act prohibits, among other things, individuals or entities from knowingly presenting, or causing to be presented, to the U.S. federal government, claims for payment or approval that are false or fraudulent, or knowingly making, using or causing to be made or used, a false record or statement material to a false or fraudulent claim. In addition, the government may assert that a claim including items and services resulting from a violation of the U.S. federal Anti-Kickback Statute constitutes a false or fraudulent claim for purposes of the civil False Claims Act. If our advisory services to customers are associated with action by customers that is determined or alleged to be in violation of these laws and regulations, it is possible that an enforcement agency would also try to hold us accountable. Any determination by a court or regulatory agency that we have violated these laws could subject us to significant civil or criminal penalties, invalidate all or portions of some of our customer contracts, require us to change or terminate some portions of our business, require us to refund portions of our services fees, subject us to additional reporting requirements and oversight under a corporate integrity agreement or similar agreement to resolve allegations of noncompliance with these laws, cause us to be disqualified from serving customers doing business with government payors, and have an adverse effect on our business. Our customers’ failure to comply with these laws and regulations in connection with our services could result in substantial liability (including, but not limited to, criminal liability), adversely affect demand for our Solution, and force us to expend significant capital, research and development, and other resources to address the failure.
|
| |
• | Health Data Privacy Laws. There are numerous federal and state laws related to health information privacy. In particular, the federal Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act (HITECH) and their implementing regulations, which we collectively refer to as HIPAA, include privacy standards that protect individual privacy by limiting the uses and disclosures of PHI and implementing data security standards that require covered entities to implement administrative, physical, and technological safeguards to ensure the confidentiality, integrity, availability, and security of PHI in electronic form. HIPAA also specifies formats that must be used in certain electronic transactions, such as admission and discharge messages. By processing and maintaining PHI on behalf of our covered entity customers, we are a HIPAA business associate and mandated by HIPAA to enter into written agreements with our covered entity clients – known as business associate agreements (BAAs) – that require us to safeguard PHI. BAAs typically include:
|
a description of our permitted uses of PHI;
a covenant not to disclose that information except as permitted under the BAA and to require that our subcontractors, if any, are subject to the substantially similar restrictions;
assurances that reasonable and appropriate administrative, physical, and technical safeguards are in place to prevent misuse of PHI;
an obligation to report to our customer any use or disclosure of PHI other than as provided for in the BAA;
a prohibition against our use or disclosure of PHI if a similar use or disclosure by our customer would violate the HIPAA standards;
the ability of our customers to terminate the underlying support agreement if we breach a material term of the BAA and are unable to cure the breach;
the requirement to return or destroy all PHI at the end of our services agreement; and
access by the Department of Health and Human Services (HHS) to our internal practices, books, and records to validate that we are safeguarding PHI.
In addition, we are also required to maintain BAAs, which contain similar provisions, with our subcontractors that access or otherwise process PHI on our behalf.
We may not be able to adequately address the business risks created by HIPAA implementation. Furthermore, we are unable to predict what changes to HIPAA or other laws or regulations might be made in the future or how those changes could affect our business or the costs of compliance. For example, in 2018, the HHS Office for Civil Rights published a Request for Information in the Federal Register seeking comments on a number of areas in which HHS is considering making both minor and significant modifications to the HIPAA privacy and security standards to, among other things, improve care coordination. We are unable to predict what, if any, impact the changes in such standards will have on our compliance costs or our Solution. Penalties for failure to comply with a requirement of HIPAA vary significantly depending on the nature of violation and could include civil monetary or criminal penalties. HIPAA also authorizes state attorneys general to file suit under HIPAA on behalf of state residents. Courts can award damages, costs and attorneys’ fees related to violations of HIPAA in such cases. While HIPAA does not create a private right of action allowing individuals to sue us in civil court for HIPAA violations, its standards have been used as the basis for a duty of care claim in state civil suits such as those for negligence or recklessness in the misuse or breach of PHI. Certain states have also adopted privacy and security laws and regulations, some of which may be more stringent than HIPAA. Such laws and regulations will be subject to interpretation by various courts and other governmental authorities, thus creating potentially complex compliance issues for us and our future customers and strategic partners.
Finally, someSome of our analytics applications, for example one of our benchmarking applications, require that we obtain permissions consistent with HIPAA to provide “data aggregation services” and the right to create de-identified information and to use and disclose such de-identified information. We will also require large sets of de-identified information to enable us to continue to develop machine learning algorithms that enhance our Solution. If we are unable to secure these rights in customer BAAs or as a result of any future changes to HIPAA or other applicable laws, we may face limitations on the use of PHI and our ability to use de-identified information that could negatively affect the scope of our Solution as well as impair our ability to provide upgrades and enhancements to our Solution.
We outsource important aspects of the storage and transmission of customer and member information, and thus rely on third parties to manage functions that have material cyber‑security risks. We attempt to address these risks by requiring outsourcing subcontractors who handle customer information to sign BAAs contractually requiring those subcontractors to adequately safeguard PHI in a similar manner that applies to us and in some cases by requiring such outsourcing subcontractors to undergo third‑party security examinations as well as to protect the confidentiality of other sensitive customer information. In addition, we periodically hire third‑party security experts to assess and test our security measures. However, we cannot be assured that these contractual measures and other safeguards will adequately protect us from the risks associated with the storage and transmission of customerour customer’s confidential and proprietary information and PHI.
In addition to the HIPAA privacy•Consumer protection regulation. Federal and security standards, most states have enacted patient confidentiality laws that protect against the disclosure of confidential medicalstate government bodies and other personally identifiable information (PII) and many statesagencies have adopted or are considering adopting laws and regulations regarding the collection, use, and dissemination of data, and the presentation of website or other electronic content, which may require compliance with certain standards for notice, choice, security, and access. California adopted the CCPA, which went into effect on January 1, 2020. The CCPA establishes a new privacy framework for covered businesses by creating an expanded definition of personal information, establishing new data privacy rights for consumers in the state of California, imposing special rules on the collection of consumer data from minors, and creating a new and potentially severe statutory damages framework for violations of the CCPA and for businesses that fail to implement reasonable security procedures and practices to prevent data breaches. Additionally, the CPRA recently passed in California. The CPRA significantly amends the CCPA and will impose additional data protection obligations on companies doing business in California, including additional consumer rights processes, limitations on data uses, new audit requirements for higher risk data, and opt outs for certain uses of sensitive data. It will also create a new California data protection agency authorized to issue substantive regulations and could result in increased privacy and information security enforcement. The majority of the provisions will go into effect on January 1, 2023, and additional compliance investment and potential business process changes may be required. If we fail to comply with any of these privacy laws including legislation that would mandate newapply to us, and are subject to the aforementioned penalties, our business and financial results could be adversely affected.
•GDPR and foreign data privacy safeguards, security standards,protection laws. In addition, many foreign governments have established or are in the process of establishing privacy and data security breach notification requirements. Such state laws, if more stringent than HIPAA requirements, are not preempted bylegal frameworks governing the federal requirements,collection, use and disclosure of personal information obtained from their residents. For example, in the European Union (EU), the GDPR went into effect on May 25, 2018. If we are requiredor our vendors fail to comply with them.the applicable EU privacy laws, we could be subject to government enforcement actions and significant penalties against us. GDPR imposes data protection requirements for processing the personal data of individuals within the European Economic Area (EEA) relating to the consent of the individuals to whom the personal data relates, the information provided to the individuals, the documentation we must retain, the security and confidentiality of the personal data, data breach notification and the use of third-party processors in connection with the processing of personal data. GDPR has increased our responsibility and potential liability in relation to personal data that we process, and we may be required to put in place mechanisms to ensure compliance with GDPR.
FailureIn addition, the GDPR increases the scrutiny of transfers of personal data from the EEA to the United States and other jurisdictions that the European Commission does not recognize as having “adequate” data protection laws; in July 2020, the Court of Justice of the European Union limited how organizations could lawfully transfer personal data from the EEA to the United States by invalidating the EU-US Privacy Shield and imposing further restrictions on use of the standard contractual clauses, which could increase our costs and our ability to efficiently process personal data from the EEA. Data protection authorities of the different EEA member states may also interpret GDPR differently, and guidance on implementation and compliance practices are often updated or otherwise revised, which adds to the complexity of processing personal data in the EEA. Any failure by us to comply with any of the federal and state standards regarding patient privacy and/GDPR could result in proceedings or privacy more generallyactions against us by governmental entities or others, which may subject us to penalties, including significant civil monetary penalties and in some circumstances, criminal penalties. In addition, such failure may injure our reputation and adversely affect our ability to retain customers and attract new customers.
Even an unsuccessful challenge by regulatory authorities of our activities could result in adversenegative publicity, and could require a costly response from us.
| |
• | Anti-Kickback and Anti-Bribery Laws. There are federal and state laws that prohibit payment for patient referrals, patient brokering, remuneration of patients, or billing based on referrals between individuals or entities that have various financial, ownership, or other business relationships with healthcare providers. In particular, the federal Anti-Kickback Statute prohibits offering, paying, soliciting, or receiving anything of value, directly or indirectly, for the referral of patients covered by Medicare, Medicaid, and other federal healthcare programs or the leasing, purchasing, ordering, or arranging for or recommending the lease, purchase, or order of any item, good, facility, or service covered by these programs. A person or entity does not need to have actual knowledge of the statute or specific intent to violate it in order to have committed a violation. Some enforcement activities focus on below or above market payments for federally reimbursable health care items or services as evidence of the intent to provide a kickback. Many states also have similar anti-kickback laws that are not necessarily limited to items or services for which payment is made by a federal healthcare program. In addition, the federal anti-referral law—the Stark Law—is very complex in its application, and prohibits physicians (and certain other healthcare professionals) from making a referral for a designated health service to a provider in which the referring healthcare professional (or spouse or any immediate family member) has a financial or ownership interest, unless an enumerated exception applies. The Stark Law also prohibits the billing for services rendered resulting from an impermissible referral. Many states also have similar anti-referral laws that are not necessarily limited to items or services for which payment is made by a federal healthcare program and may include patient disclosure requirements. Moreover, both federal and state laws prohibit bribery and similar behavior. Any determination by a state or federal regulatory agency that we or any of our customers, vendors, or partners violate or have violated any of these laws could subject us to significant civil or criminal penalties, require us to change or terminate some portions of our business, require us to refund portions of our services fees, subject us to additional reporting requirements and oversight under a corporate integrity agreement or similar agreement to resolve allegations of noncompliance with these laws, cause us to be disqualified from serving customers doing business with government payors, and have an adverse effect on our business. Even an unsuccessful challenge by regulatory authorities of our activities could result in adverse publicity and could require a costly response from us.
|
| |
• | Corporate Practice of Medicine Laws and Fee-Splitting Laws. Many states have laws prohibiting physicians from practicing medicine in partnership with non-physicians, such as business corporations. In some states, including New York, these take the form of laws or regulations prohibiting splitting of physician fees with non-physicians or others. Any determination by a state court or regulatory agency that our service contracts with our clients violate these laws could subject us to civil or criminal penalties, invalidate all or portions of some of those contracts, require us to change or terminate some portions of our business, require us to refund portions of our services fees, and have an adverse effect on our business. Even an unsuccessful challenge by regulatory authorities of our activities could result in adverse publicity and could require a costly response from us.
|
| |
• | Medical professional regulation. The practice of most healthcare professions requires licensing under applicable state law. In addition, the laws in some states prohibit business entities from practicing medicine. We employ and contract with physicians who assist our customers with the customers’ care coordination, care management, population health management, and patient safety activities. We do not intend to provide medical care, treatment, or advice. However, any determination that we are acting in the capacity of a healthcare provider and acted improperly as a healthcare provider may result in additional compliance requirements, expense, and liability to us, and require us to change or terminate some portions of our business.
|
| |
• | Medical Device Laws. The FDA may regulate medical or health-related software, including machine learning functionality and predictive algorithms, if such software falls within the definition of a “device” under the federal Food, Drug, and Cosmetic Act (FDCA). However, the FDA exercises enforcement discretion for certain low risk software, as described in its guidance documents for Mobile Medical Applications, General Wellness: Policy for Low Risk Devices, and Medical Device Data Systems, Medical Image Storage Devices, and Medical Image Communications Devices. In addition, in December of 2016, President Obama signed into law the 21st Century Cures Act, which included exemptions for certain medical-related software, including software used for administrative support functions at a healthcare facility, software intended for maintaining or encouraging a healthy lifestyle, EHR software, software for transferring, storing, or displaying medical device data or in vitro diagnostic data, and certain clinical decision support software. The FDA has also issued draft guidance documents to clarify how it intends to interpret and apply the new exemptions under the 21st Century Cures Act. Although we believe that our software products are currently not subject to active FDA regulation, we continue to follow the FDA’s developments in this area. There is a risk that the FDA could disagree with our determination or that the FDA could develop new final guidance documents that would subject our Solution to active FDA oversight. If the FDA determines that any of our current or future analytics applications are regulated as medical devices, we would become subject to various requirements under the FDCA and the FDA’s implementing regulations. Depending on the functionality and FDA classification of our analytics applications, we may be required to:
|
register and list our analytics applications with the FDA;
notify the FDA and demonstrate substantial equivalence to other products on the market before marketing our analytics applications;
submit a de novo request to the FDA to down-classify our analytics applications prior to marketing; or
obtain FDA approval by demonstrating safety and effectiveness before marketing our analytics applications.
The FDA can impose extensive requirements governing pre- and post-market conditions, such as service investigation and others relating to approval, labeling, and manufacturing. In addition, the FDA can impose extensive requirements governing software development controls and quality assurance processes.
These laws and regulations may change rapidly, and it is frequently unclear how they apply to our business. Any failure of our products or services to comply with these laws and regulations could result in substantial civil or criminal liability and could, among other things, adversely affect demand for our services, force us to expend significant capital, research and development, and other resources to address the failure, invalidate all or portions of some of our contracts with our customers, require us to change or terminate some portions of our business require us to refund portions ofpractices, and increase our revenue, cause us to be disqualified from serving customers doing business with government payors,costs and give our customers the right to terminate our contracts with them, any one of which could have an adverse effect onseverely disrupt our business. Additionally,From January 1, 2021, we may be subject to the introductionGDPR and also the UK GDPR, which, together with the amended UK Data Protection Act 2018, retains the GDPR in UK national law. The UK GDPR mirrors the fines under the GDPR, e.g. fines up to the greater of new services may require us to comply with additional, yet undetermined, laws and regulations.€20 million (£17.5 million) or 4% of global turnover.
The security measures that werelationship between the United Kingdom and our third-party vendors and subcontractors havethe European Union in placerelation to ensure compliance with privacy andcertain aspects of data protection laws may not protect our facilitieslaw remains unclear, and systems from security breaches, acts of vandalism or theft, computer viruses, misplaced or lost data, programming and human errors, or other similar events. Under the HITECH Act, as a business associate we may also be liable for privacy and security breaches and failures of our subcontractors. Even though we provide for appropriate protections through our agreements with our subcontractors, we still have limited control over their actions and practices. A breach of privacy or security of individually identifiable health information by a subcontractor may result in an enforcement action, including criminal and civil liability, against us. We are not able to predict the extent of the impact such incidents may have on our business.
Our failure to comply may result in criminal and civil liability because the potential for enforcement action against business associatesit is now greater. Enforcement actions against us could be costly and could interrupt regular operations, which may adversely affect our business. While we have not received any notices of violation of the applicable privacy andunclear how UK data protection laws and believe weregulations will develop in the medium to longer term, and how data transfers to and from the UK will be regulated in the long term. The European Commission has adopted an adequacy decision in favor of the United Kingdom, enabling data transfers from EU member states to the United Kingdom without additional safeguards. However, the UK adequacy decision will automatically expire in June 2025 unless the European Commission re-assesses and renews or extends that decision.
•Canadian data privacy protection laws. Similarly, Canada’s Personal Information Protection and Electronic Documents Act provides Canadian residents with privacy protections in regard to transactions with businesses and organizations in the private sector and sets out ground rules for how private-sector organizations may collect, use, and disclose personal information in the course of commercial activities. Foreign governments may attempt to apply such laws extraterritorially or through treaties or other arrangements with U.S. governmental entities. Other jurisdictions besides the EU and Canada are insimilarly introducing or enhancing laws and regulations relating to privacy and data security, which enhances risks relating to compliance with such laws. Furthermore, as we enter into business arrangements in countries outside of the United States, we will need to be prepared to comply with applicable local privacy laws. The GDPR and other changes in laws there can be no assuranceor regulations associated with the enhanced protection of certain types of personal data, such as health-related data or other sensitive information, could greatly increase our cost of providing our products and services or even prevent us from offering certain services in jurisdictions that we operate.
We cannot be certain that the privacy policies and other statements regarding our practices will not receive such notices inbe found sufficient to protect us from liability or adverse publicity relating to the future.privacy and security of personal information.
There is ongoing concern from privacy advocates, regulators, and others regarding data protection and privacy issues, and the number of jurisdictions with data protection and privacy laws has been increasing. Also, there are ongoing public policy discussions regarding whether the standards for deidentified,de-identified, anonymous, or pseudonymized health information are sufficient, and the risk of re-identification sufficiently small, to adequately protect patient privacy. We expect that there will continue to be new proposed laws, regulations, and industry standards concerning privacy, data protection, and information security in the United States, including the California Consumer Privacy Act, which will go into effect January 1, 2020,CCPA and CPRA, and we cannot yet determine the impact such future laws, regulations, and standards may have on our business. Future laws, regulations, standards, and other obligations, and changes in the interpretation of existing laws, regulations, standards, and other obligations could impair our or our customers’ ability to collect, use, or disclose information relating to consumers, which could decrease demand for our platform,Solutions, increase our costs, and impair our ability to maintain and grow our customer base and increase our revenue. New laws, amendments to or re-interpretations of existing laws and regulations, industry standards, contractual obligations, and other obligations may require us to incur additional costs and restrict our business operations. In view of new or modified federal, state, or foreign laws and regulations, industry standards, contractual obligations, and other legal obligations, or any changes in their interpretation, we may find it necessary or desirable to fundamentally change our business activities and practices or to expend significant resources to modify our software or platform and otherwise adapt to these changes.
Any failure or perceived failure by us to comply with international, federal or state laws or regulations, industry standards, or other legal obligations, or any actual or suspected security incident, whether or not resulting in unauthorized access to, or acquisition, release, or transfer of personally identifiable information or other data, may result in governmental enforcement actions and prosecutions, private litigation, fines, and penalties or adverse publicity and could cause our customers to lose trust in us, which could have an adverse effect on our reputation and business. We may be unable to make such changes and modifications in a commercially reasonable manner or at all, and our ability to develop new products and features could be limited. Any of these developments could harm our business, financial condition, and results of operations. Privacy and data security concerns, whether valid or not valid, may inhibit market adoption of our platform.
Further,Government regulation of healthcare creates risks and challenges with respect to our compliance efforts and our business strategies.
Many healthcare laws are complex, and their application to specific services and relationships may not be clear. In particular, many existing healthcare laws and regulations, when enacted, did not anticipate the data analytics and improvement services that we provide, and these laws and regulations may be applied to our Solution in ways that we do not anticipate, particularly as we develop and release new and more sophisticated solutions. Our failure to accurately anticipate the application of these laws and regulations, or our other failure to comply with them, could create significant liability for us, result in adverse publicity, and negatively affect our business. Some of the risks we face or may face from healthcare regulation are described below.
The federal Anti-Kickback Statute prohibits, among other things, the offering, paying, soliciting, or receiving anything of value, directly or indirectly, for the referral of patients covered by Medicare, Medicaid, and other federal healthcare programs or the leasing, purchasing, ordering, or arranging for or recommending the lease, purchase, or order of any item, good, facility, or service covered by these programs. A person or entity does not need to have actual knowledge of the statute or specific intent to violate it in order to have committed a violation. Some enforcement activities focus on February 11, 2019, ONCbelow or above market payments for federally reimbursable healthcare items or services as evidence of the intent to provide a kickback. Many states also have similar anti-kickback laws that are not necessarily limited to items or services for which payment is made by a federal healthcare program. Moreover, both federal and CMS proposed complementarystate laws prohibit bribery and similar behavior.
We do not believe we directly order or provide healthcare services that are reimbursable by Medicare, Medicaid or other third-party payors or submit claims or receive reimbursement from any such payor. However, nonetheless, in addition to direct enforcement action against us, if our advisory services or Solutions offered to customers are associated with action by customers that is determined or alleged to be in violation of these laws and regulations, it is possible that an enforcement agency would also try to hold us liable. There are also numerous federal and state laws that prohibit the submission of false information, or the failure to disclose information, in connection with submission and payment of claims for health care items and services by health care providers. For example, the federal civil False Claims Act prohibits, among other things, individuals or entities from knowingly presenting, or causing to be presented, to the U.S. federal government, claims for payment or approval that are false or fraudulent, or knowingly making, using or causing to be made or used, a false record or statement material to a false or fraudulent claim.
The government has prosecuted RCM service providers for causing the submission of false or fraudulent claims in violation of the False Claims Act. In addition, the government may assert that a claim including items and services resulting from a violation of the U.S. federal Anti-Kickback Statute constitutes a false or fraudulent claim for purposes of the civil False Claims Act.
HIPAA also created new rulesfederal criminal statutes that prohibit knowingly and willfully executing, or attempting to support access, exchange,execute, a scheme to defraud or to obtain, by means of false or fraudulent pretenses, representations or promises, any money or property owned by, or under the control or custody of, any healthcare benefit program, including private third-party payors, and useknowingly and willfully falsifying, concealing or covering up by trick, scheme or device, a material fact or making any materially false, fictitious or fraudulent statement in connection with the delivery of EHI. or payment for healthcare benefits, items or services. Similar to the federal Anti-Kickback Statute, a person or entity does not need to have actual knowledge of the statute or specific intent to violate it in order to have committed a violation.
Any determination by a court or regulatory agency that we or any of our customers, vendors or partners have violated these laws could subject us to significant civil or criminal penalties, invalidate all or portions of some of our customer contracts, require us to change or terminate some portions of our business, require us to refund portions of our services fees, subject us to additional reporting requirements and oversight under a corporate integrity agreement or similar agreement to resolve allegations of noncompliance with these laws, cause us to be disqualified from serving customers doing business with government payors, and have an adverse effect on our business. Our customers’ failure to comply with these laws and regulations in connection with our services could result in substantial liability (including, but not limited to, criminal liability), adversely affect demand for our Solution, and force us to expend significant capital, research and development, and other resources to address the failure. Even an unsuccessful challenge by regulatory authorities of our activities could result in adverse publicity and could require a costly response from us.
If our arrangements with clinicians and other health care professionals are found to constitute the improper rendering of professional medical services or fee splitting under applicable state laws, our business, financial condition and our ability to operate in those states could be adversely impacted.
We employ and contract with clinicians and other licensed health care professionals who assist our customers with the customers’ care coordination, care management, population health management, and patient safety activities. Although we do not intend to provide medical care, treatment, or advice, our relationships with such health care professionals may implicate certain state laws in the United States in which we operate that generally prohibit non-professional entities from providing licensed medical services, exercising control over licensed physicians or other licensed health care professionals or engaging in certain practices such as fee-splitting with such licensed professionals. There can be no assurance that these laws will be interpreted in a manner consistent with our practices or that other laws or regulations will not be enacted in the future that could have a material and adverse effect on our business, financial condition and results of operations. Regulatory authorities, state boards of medicine, state attorneys general and other parties may assert that we are engaged in the provision of professional medical services, and/or that our arrangements with our affiliated physicians and other licensed health care professionals constitute unlawful fee-splitting. If a jurisdiction’s prohibition on the corporate practice of medicine or fee-splitting is interpreted in a manner that is inconsistent with our practices, we may be required to restructure or terminate some portions of our business, require us to refund portions of our services fees, and have an adverse effect on our business. Even an unsuccessful challenge by regulatory authorities of our activities could result in adverse publicity and could require a costly response from us.
The proposed rulesFDA may modify its enforcement policies with respect to medical software products, and our products may become subject to extensive regulatory requirements, which may increase the cost of conducting, or otherwise harm, our business.
The FDA may regulate medical or health-related software, including machine learning functionality and predictive algorithms, if such software falls within the definition of a “medical device” under the Federal Food, Drug, and Cosmetic Act (FDCA). Medical devices are intendedsubject to clarify provisionsextensive and rigorous regulation by the FDA and by other federal, state and local authorities.
The FDCA and related regulations govern the conditions of safety, efficacy, clearance, approval, manufacturing, quality system requirements, labeling, packaging, distribution, storage, recordkeeping, reporting, marketing, advertising, and promotion of medical devices. However, historically, the FDA has exercised enforcement discretion for certain low-risk software functions, and has issued several guidance documents outlining its approach to the regulation of software as a medical device. In addition, the 21st Century Cures Act regarding interoperability and “information blocking,” and, if adopted, will create significant new requirementsamended the FDCA to exclude from the definition of “medical device” certain medical-related software, including software used for health care industry participants. The proposed ONC rule, if adopted, would require certainadministrative support functions at a healthcare facility, software intended for maintaining or encouraging a healthy lifestyle, software designed to store electronic health record technologyrecords, software for transferring, storing, or displaying medical device data or in vitro diagnostic data, and certain clinical decision support software. Accordingly, we believe our currently marketed products are not currently regulated by the FDA as medical devices, or that our products are otherwise subject to incorporate standardized application programming interfaces (APIs)FDA’s current enforcement discretion policies applicable to allow individualssoftware products. However, there is a risk that the FDA could disagree with our determination, or that the FDA could alter its enforcement discretion policies, and in each case, subject our software to securelymore stringent medical device regulations.
If the FDA determines that any of our current or future analytics applications are regulated as medical devices and easily access structured EHI using smartphone applications. not otherwise subject to enforcement discretion, we would become subject to various requirements under the FDCA and the FDA’s implementing regulations. If this occurs, we may be required to cease marketing or to recall our product until we obtain the requisite clearances or approvals, which would entail significant cost and could harm our business.
Our failure to comply with applicable regulatory requirements could result in enforcement action by the FDA, or comparable state or foreign regulatory authorities, including: untitled letters, warning letters, fines, injunctions, consent decrees and civil penalties, recalls, termination of distribution, administrative detentions, seizure of our products, operating restrictions, partial suspension or total shutdown of production, delays in or refusal to grant clearances or approvals, prohibitions on sales of our products, and criminal prosecution. Any of these sanctions could result in higher than anticipated costs or lower than anticipated sales and have a material adverse effect on our reputation, business, financial condition and results of operations
The ONC rule would also implement provisionshealthcare regulatory and political framework is uncertain and evolving.
Existing and new laws and regulations affecting the healthcare industry, or changes to existing laws and regulations could create unexpected liabilities for us, cause us to incur additional costs, and/or restrict our operations. Reforming the healthcare industry has been a priority for U.S. politicians, and key members of the 21st Century Cureslegislative and executive branches have proposed a wide variety of potential changes and policy goals. Certain changes to laws impacting our industry, or perceived intentions to do so, could affect our business and results of operations. By way of example, in March 2010, the Affordable Care Act requiring that patients be provided with electronic access(ACA) was enacted, which substantially changed the way healthcare is financed by both governmental and private insurers and has significantly impacted our industry and, to all of their EHI (structured and/or unstructured) at no cost. Finally, the proposed ONC rule would also implement the information blocking provisionssome degree, our business. Since its enactment, there have been judicial, executive and Congressional challenges to certain aspects of the 21st Century Cures Act,ACA. On June 17, 2021, the U.S. Supreme Court dismissed the most recent judicial challenge to the ACA brought by several states without specifically ruling on the constitutionality of the ACA. Thus, the ACA will remain in effect in its current form. We anticipate that new cost containment measures or other healthcare reforms will continue to be implemented at both the federal and proposes seven “reasonablestate level, any of which could harm our business, financial condition and necessary activities” that will not be considered information blocking as long as specific conditions are met.
The CMS proposed rule focuses on health plans, payors, and health care providers and proposes measures to enable patients to move from health plan to health plan, provider to provider, and have both their clinical and administrative information travel with them.
It is unclear whether or when these rules, and others released simultaneously, will be adopted, in whole or in part. If adopted, the rules may benefit us in that certain EHR vendors will no longer be permitted to interfere with our attempts at integration, but the rules may also make it easier for other similar companies to enter the market, creating increased competition, and reducing our market share. It is unclear at this time what the costsresults of compliance with the proposed rules, if adopted, would be, and what additional risks there may be to our business.
operations.
Due to the particular nature of certain services we provide or the manner in which we provide them, we may be subject to additional government regulation and foreign government regulation.
While our Solution is primarily subject to government regulations pertaining to healthcare, certain aspects of our Solution may require us to comply with regulatory schema from other areas. Examples of such regulatory schema include:
| |
• | Antitrust Laws•Antitrust laws. Our national cloud-based network allows us access to cost and pricing data for a large number of providers in most regional markets, as well as to the contracted rates for third-party payors. To the extent that our Solution enables providers to compare their cost and pricing data with those of their. Our national cloud-based network allows us access to cost and pricing data for a large number of providers in most regional markets, as well as to the contracted rates for third-party payors. To the extent that our Solution enables providers to compare their cost and pricing data with those of their competitors, those providers could collude to increase the pricing for their services, to reduce the compensation they pay their employees, or to collectively negotiate agreements with third parties. Similarly, if payors are able to compare their contracted rates of payment to providers, those payors may seek to reduce the amounts they might otherwise pay. Such actions may be deemed to be anti-competitive and a violation of federal antitrust laws. To the extent that we are deemed to have enabled such activities, we could be subject to fines and penalties imposed by the U.S. Department of Justice or the FTC and be required to curtail or terminate the services that permitted such collusion. |
| |
• | Consumer Protection Regulation. Federal and state government bodies and agencies have adopted or are considering adopting laws and regulations regarding the collection, use, and dissemination of data, and the presentation of website or other electronic content, which may require compliance with certain standards for notice, choice, security, and access. California recently adopted the California Consumer Privacy Act of 2018 (CCPA), which will come into effect on January 1, 2020. The CCPA has been characterized as the first “GDPR-like” privacy statute to be enacted in the United States because it mirrors a number of the key provisions of the GDPR (discussed below). The CCPA establishes a new privacy framework for covered businesses by creating an expanded definition of personal information, establishing new data privacy rights for consumers in the state of California, imposing special rules on the collection of consumer data from minors, and creating a new and potentially severe statutory damages framework for violations of the CCPA and for businesses that fail to implement reasonable security procedures and practices to prevent data breaches. If we fail to comply with any of these privacy laws that apply to us, and are subject to the aforementioned penalties, our business and financial results could be adversely affected.
|
| |
• | Foreign Corrupt Practices Act (FCPA) and Foreign Anti-Bribery Laws. The FCPA makes it illegal for U.S. persons, including U.S. companies, and their subsidiaries, directors, officers, employees, and agents, to promise, authorize or make any corrupt payment, or otherwise provide anything of value, directly or indirectly, to any foreign official, any foreign political party or party official, or candidate for foreign political office to obtain or retain business. Violations of the FCPA can also result in violations of other U.S. laws, including anti-money laundering, mail and wire fraud, and conspiracy laws. There are severe penalties for violating the FCPA. In addition, the Company may also be subject to other non-U.S. anti-corruption or anti-bribery laws, such as the U.K. Bribery Act 2010. If our employees, contractors, vendors, or partners fail to comply with the FCPA and/or foreign anti-bribery laws, we may be subject to penalties or sanctions, and our ability to develop new prospects and retain existing customers could be adversely affected.
|
| |
• | Economic Sanctions and Export Controls. Economic and trade sanctions programs that are administered by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) prohibit or restrict transactions to or from, and dealings with specified countries and territories, their governments, and in certain circumstances, with individuals and entities that are specially designated nationals of those countries, and other sanctioned persons, including narcotics traffickers and terrorists or terrorist organizations. As federal, state and foreign legislative regulatory scrutiny and enforcement actions in these areas increase, we expect our costs to comply with these requirements will increase as well. Failure to comply with any of these requirements could result in the limitation, suspension or termination of our services, imposition of significant civil and criminal penalties, including fines, and/or the seizure and/or forfeiture of our assets. Further, our Solution incorporates encryption technology. This encryption technology may be exported from the United States only with the required export authorizations, including by a license, a license exception or other appropriate government authorizations.
|
competitors, those providers could collude to increase the pricing for their services, to reduce the compensation they pay their employees, or to collectively negotiate agreements with third parties. Similarly, if payors are able to compare their contracted rates of payment to providers, those payors may seek to reduce the amounts they might otherwise pay. Such actions may be deemed to be anti-competitive and a violation of federal antitrust laws. To the extent that we are deemed to have enabled such activities, we could be subject to fines and penalties imposed by the U.S. Department of Justice or the FTC and be required to curtail or terminate the services that permitted such collusion.
•Foreign Corrupt Practices Act (FCPA) and foreign anti-bribery laws. The FCPA makes it illegal for U.S. persons, including U.S. companies, and their subsidiaries, directors, officers, employees, and agents, to promise, authorize or make any corrupt payment, or otherwise provide anything of value, directly or indirectly, to any foreign official, any foreign political party or party official, or candidate for foreign political office to obtain or retain business.
Violations of the FCPA can also result in violations of other U.S. laws, including anti-money laundering, mail and wire fraud, and conspiracy laws. There are severe penalties for violating the FCPA. In addition, the Company may also be subject to other non-U.S. anti-corruption or anti-bribery laws, such as the U.K. Bribery Act 2010. If our employees, contractors, vendors, or partners fail to comply with the FCPA and/or foreign anti-bribery laws, we may be subject to penalties or sanctions, and our ability to develop new prospects and retain existing customers could be adversely affected.
•Economic sanctions and export controls. Economic and trade sanctions programs that are administered by the U.S. Treasury Department’s Office of Foreign Assets Control prohibit or restrict transactions to or from, and dealings with specified countries and territories, their governments, and in certain circumstances, with individuals and entities that are specially designated nationals of those countries, and other sanctioned persons, including narcotics traffickers and terrorists or terrorist organizations. As federal, state and foreign legislative regulatory scrutiny and enforcement actions in these areas increase, we expect our costs to comply with these requirements will increase as well. Failure to comply with any of these requirements could result in the limitation, suspension or termination of our services, imposition of significant civil and criminal penalties, including fines, and/or the seizure and/or forfeiture of our assets. Further, our Solution incorporates encryption technology. This encryption technology may be exported from the United States only with the required export authorizations, including by a license, a license exception or other appropriate government authorizations. Such solutions may also be subject to certain regulatory reporting requirements. Various countries also regulate the import of certain encryption technology, including through import permitting and licensing requirements, and have enacted laws that could limit our customers’ ability to import our Solution into those countries. Governmental regulation of encryption technology and of exports and imports of encryption products, or our failure to obtain required approval for our Solution, when applicable, could harm our international sales and adversely affect our revenue. Compliance with applicable regulatory requirements regarding the provision of our Solution, including with respect to new applications, may delay the introduction of our Solution in various markets or, in some cases, prevent the provision of our Solution to some countries altogether.
| |
• | GDPR and Foreign Data Privacy Protection Laws - In addition, several foreign governments have regulations dealing with the collection and use of personal information obtained from their residents. For example, in the European Union, (EU), the General Data Protection Regulation (GDPR) went into effect on May 25, 2018. If we or our vendors fail to comply with the applicable EU privacy laws, we could be subject to government enforcement actions and significant penalties against us. GDPR introduced new data protection requirements in the EU relating to the consent of the individuals to whom the personal data relates, the information provided to the individuals, the documentation we must retain, the security and confidentiality of the personal data, data breach notification and the use of third-party processors in connection with the processing of personal data. GDPR has increased our responsibility and potential liability in relation to personal data that we process, and we may be required to put in place mechanisms to ensure compliance with GDPR. Data protection authorities of the different EU Member States may interpret GDPR differently, and guidance on implementation and compliance practices are often updated or otherwise revised, which adds to the complexity of processing personal data in the EU. Any failure by us to comply with GDPR could result in proceedings or actions against us by governmental entities or others, which may subject us to significant penalties and negative publicity, require us to change our business practices, and increase our costs and severely disrupt our business. Similarly, Canada’s Personal Information and Protection of Electronic Documents Act provides Canadian residents with privacy protections in regard to transactions with businesses and organizations in the private sector and sets out ground rules for how private sector organizations may collect, use, and disclose personal information in the course of commercial activities. Foreign governments may attempt to apply such laws extraterritorially or through treaties or other arrangements with U.S. governmental entities. Other jurisdictions besides the EU and Canada are similarly introducing or enhancing laws and regulations relating to privacy and data security, which enhances risks relating to compliance with such laws. Furthermore, as we enter into business arrangements in countries outside of the United States, we will need to be prepared to comply with applicable local privacy laws. The GDPR and other changes in laws or regulations associated with the enhanced protection of certain types of personal data, such as healthcare data or other sensitive information, could greatly increase our cost of providing our products and services or even prevent us from offering certain services in jurisdictions that we operate.
|
| |
• | Regulatory Certification•Regulatory certification. We must obtain certification from governmental agencies, such as the Agency for Healthcare Research and Quality (AHRQ) to sell certain of our analytics applications and services in the United States. We cannot be certain that our Solution will continue to meet these standards. The failure to comply with these certification requirements could result in the loss of certification, which could restrict our Solution offerings and cause us to lose customers. |
We cannot be certain that our Solution will continue to meet these standards. The failure to comply with these certification requirements could result in the privacy policies and other statements regarding our practices will be found sufficient to protect us from liability or adverse publicity relating to the privacy and securityloss of personal information. Whether and how existing local and international privacy and data protection laws in various jurisdictions apply to the Internet and other online technologies is still uncertain and may take years to resolve. Current and future privacy laws and regulations, if drafted or interpreted broadly, could be deemed to apply to the technology we use andcertification, which could restrict our information collection methods or decrease the amountSolution offerings and utility of the information that we would be permittedcause us to collect. The costs of compliance with, and the other burdens imposed by, these and other laws or regulatory actions may prevent us from selling our Solution, or increase the costs of doing so, and may affect our abilitylose customers.
Risks Related to invest in or jointly develop our analytics applications. In addition, a determination by a court or government agency that any of our practices, or those of our agents, do not meet these standards could result in civil and/or criminal liability, result in adverse publicity, and adversely affect our business.
The healthcare regulatory and political framework is uncertain and evolving.
Healthcare laws and regulations are rapidly evolving and may change significantly in the future, which could adversely affect our financial condition and results of operations. For example, in March 2010, the Patient Protection and ACA was adopted, which is a healthcare reform measure that provides healthcare insurance for approximately 30 million more Americans. The ACA includes a variety of healthcare reform provisions and requirements that became effective at varying times through 2018 and substantially changes the way healthcare is financed by both governmental and private insurers, which may significantly impact our industry and our business. Many of the provisions of the ACA phase in over the course of the next several years, and we may be unable to predict accurately what effect the ACA or other healthcare reform measures that may be adopted in the future, including amendments to the ACA, will have on our business. On December 14, 2018, a U.S. District Court Judge in the Northern District of Texas, ruled that the individual mandate is a critical and inseverable feature of the ACA, and therefore, because it was repealed as part of the Tax Act, the remaining provisions of the ACA are invalid as well. While the U.S. District Court Judge, as well as the Trump Administration and CMS, have stated that the ruling will have no immediate effect pending appeal, it is unclear how this decision, subsequent appeals and other efforts to repeal and replace the ACA will impact the ACA and our business.Internet Regulation
Our business could be adversely impacted by changes in laws and regulations related to the Internet or changes in access to the Internet generally.
The future success of our business depends upon the continued use of the Internet as a primary medium for communication, business applications, and commerce. Federal or state government bodies or agencies have in the past adopted, and may in the future adopt, laws or regulations affecting the use of the Internet as a commercial medium.Legislators, regulators, or government bodies or agencies may also make legal or regulatory changes or interpret or apply existing laws or regulations that relate to the use of the Internet in new and materially different ways. Changes in these laws, regulations or interpretations could require us to modify our platformSolutions in order to comply with these changes, to incur substantial additional costs or divert resources that could otherwise be deployed to grow our business, or expose us to unanticipated civil or criminal liability, among other things.
In addition, government agencies and private organizations have imposed, and may in the future impose, additional taxes, fees or other charges for accessing the Internet or commerce conducted via the Internet.Internet access is frequently provided by companies that have significant market power and could take actions that degrade, disrupt or increase the cost of our customers’ use of our platform,Solutions, which could negatively impact our business. In December 2017, the Federal Communications Commission announced it will revise the “net neutrality” rules. These
Net neutrality rules, which were designed to ensure that all online content is treated the same by Internet service providers and other companies that provide Internet services. Shouldbroadband services were repealed by the Federal Communications Commission effective June 2018.The repeal of the net neutrality rules be relaxed or eliminated, we could force us to incur greater operating expenses or our customers’ use of our platform could be adversely affected, either of which could harm our business and results of operations.
These developments could limit the growth of Internet-related commerce or communications generally or result in reductions in the demand for Internet-based platforms and services such as ours, increased costs to us or the disruption of our business.In addition, as the Internet continues to experience growth in the numbers of users, frequency of use and amount of data transmitted, the use of the Internet as a business tool could be adversely affected due to delays in the development or adoption of new standards and protocols to handle increased demands of Internet activity, security, reliability, cost, ease-of-use, accessibility, and quality of service.
The performance of the Internet and its acceptance as a business tool has been adversely affected by “viruses,” “worms,” and similar malicious programs and the Internet has experienced a variety of outages and other delays as a result of damage to portions of its infrastructure.If the use of the Internet generally, or our platformSolutions specifically, is adversely affected by these or other issues, we could be forced to incur substantial costs, demand for our platformSolutions could decline, and our results of operations and financial condition could be harmed.
Risks Related to Tax Regulation
Taxing authorities may successfully assert that we should have collected or in the future should collect sales and use, value-added or similar transactional taxes, and we could be subject to liability with respect to past or future sales, which could adversely affect our results of operations.
We do not collect sales and use, value-added, and similar transactional taxes in all jurisdictions in which we have sales, based on our belief that such taxes are not applicable or that we are not required to collect such taxes with respect to the jurisdiction. Sales and use, value-added, and similar tax laws and rates vary greatly by jurisdiction. Certain jurisdictions in which we do not collect such taxes may assert that such taxes are applicable, which could result in tax assessments, penalties, and interest, and we may be required to collect such taxes in the future. Such tax assessments, penalties, interest or future requirements, increase in tax rates, or a combination of the foregoing may result in an increase in our sales and similar transactional taxes, increase administrative burdens or costs, or otherwise adversely affect our business, results of operations, or financial condition.
Unanticipated changes in our effective tax rate and additional tax liabilities, including as a result of our international operations or implementation of new tax rules, could harm our future results.
We are subject to income taxes in the United States and are expanding into various foreign jurisdictions that are subject to income tax. Our domestic and international tax liabilities are subject to the allocation of expenses in differing jurisdictions and complex transfer pricing regulations administered by taxing authorities in various jurisdictions.
Tax rates in the jurisdictions in which we operate may change as a result of factors outside of our control or relevant taxing authorities may disagree with our determinations as to the income and expenses attributable to specific jurisdictions. In addition, changes in tax and trade laws, treaties or regulations, or their interpretation or enforcement, have become more unpredictable and may become more stringent, which could materially adversely affect our tax position.
Forecasting our estimated annual effective tax rate is complex and subject to uncertainty, and there may be material differences between our forecasted and actual effective tax rate. Our effective tax rate could be adversely affected by changes in the mix of earnings and losses in countries with differing statutory tax rates, certain non-deductible expenses, the valuation of deferred tax assets and liabilities, adjustments to income taxes upon finalization of tax returns, changes in available tax attributes, decision to repatriate non-U.S. earnings for which we have not previously provided for U.S. taxes, and changes in federal, state, or international tax laws and accounting principles. Finally, we may be subject to income tax audits throughout the world. An adverse resolution of one or more uncertain tax positions in any period could have a material impact on our results of operations or financial condition for that period.
Our ability to use our net operating losses to offset future taxable income may be subject to certain limitations.
As of December 31, 2021 and December 31, 2020, we had net operating loss (NOL) carryforwards for federal income tax purposes of approximately $580 million and $419.6 million, respectively, and state income tax purposes of approximately $465.7 million and $334.6 million, respectively, which may be available to offset taxable income in the future, and which expire in various years beginning in 2032 for federal purposes if not utilized. The state NOLs will expire depending upon the various rules in the states in which we operate. A lack of future taxable income would adversely affect our ability to utilize these NOLs before they expire. In general, under Section 382 of the Internal Revenue Code of 1986, as amended (the Code) a corporation that undergoes an “ownership change” (as defined under Section 382 of the Code and applicable Treasury Regulations) is subject to limitations on its ability to utilize its pre-change NOLs to offset its future taxable income.
We may experience a future ownership change under Section 382 of the Code that could affect our ability to utilize the NOLs to offset our income. Furthermore, our ability to utilize NOLs of companies that we have acquired or may acquire in the future may be subject to limitations. There is also a risk that due to regulatory changes, such as suspensions on the use of NOLs or other unforeseen reasons, our existing NOLs could expire or otherwise be unavailable to reduce future income tax liabilities, including for state income tax purposes. Certain provisions of the Tax Act (as defined below), as amended by the CARES Act, also limit the use of NOLs, as discussed further below. For these reasons, we may not be able to utilize a material portion of our NOLs, even if we attain profitability, which could potentially result in increased future tax liability to us and could adversely affect our results of operations and financial condition.
Comprehensive tax reform legislation could adversely affect our business and financial condition.
On December 22, 2017, the Tax Cuts and Jobs Act of 2017 (the Tax Act) was signed into law. The Tax Act contains, among other things, significant changes to corporate taxation, including (i) a reduction of the corporate tax rate from a top marginal rate of 35% to a flat rate of 21%, (ii) a limitation of the tax deduction for interest expense to 30% of adjusted earnings (except for certain small businesses) (increased to 50% by the CARES Act for taxable years beginning in 2019 and 2020), (iii) a limitation of the deduction for NOLs in taxable years beginning after December 31, 2020 to 80% of current year taxable income in respect of NOLs generated during or after 2018 and elimination of net operating loss carrybacks for NOLs arising in tax years ending after December 31, 2020, (iv) a one-time tax on offshore earnings at reduced rates regardless of whether they are repatriated, (v) immediate deductions for certain new investments instead of deductions for depreciation expense over time, and (vi) a modification or repeal of many business deductions and credits. For federal NOLs arising in tax years beginning after December 31, 2017, the Tax Act (as modified by the CARES Act) limits a taxpayer’s ability to utilize federal NOL carryforwards in taxable years beginning after December 31, 2020 to 80% of taxable income.
In addition, federal NOLs arising in tax years ending after December 31, 2017 can be carried forward indefinitely, but carryback of federal NOLs arising in tax years ending after December 31, 2020 is generally prohibited. It is uncertain if and to what extent various states will conform to the newly enacted federal tax law. We will continue to examine the impact the Tax Act and CARES Act may have on our results of operations and financial condition.
Risks Related to Our Outstanding Convertible Notes
Servicing our Notes may require a significant amount of cash, and we may not have sufficient cash or the ability to raise the funds necessary to settle conversions of the Notes in cash, repay the Notes at maturity, or repurchase the Notes as required.
On April 14, 2020, we issued $230.0 million in aggregate principal amount of 2.50% Convertible Senior Notes due 2025, pursuant to an Indenture dated April 14, 2020, with U.S. Bank National Association, as trustee, in a private offering to qualified institutional buyers. We received net proceeds from the Notes of $222.5 million, after deducting the initial purchasers’ discounts and offering expenses payable by us. The Notes are governed by an indenture (the Indenture) between us, as the issuer, and U.S. Bank National Association, as trustee. The Notes are our senior, unsecured obligations and accrue interest payable semiannually in arrears on April 15 and October 15 of each year, beginning on October 15, 2020, at a rate of 2.50% per year.
The Notes will mature on April 15, 2025, unless earlier converted, redeemed, or repurchased. The Indenture does not contain any financial covenants or restrictions on the payments of dividends, the incurrence of indebtedness, or the issuance or repurchase of securities by us or any of our subsidiaries. We may repurchase the Notes from time to time prior to the maturity date. A holder may convert all or any portion of its Notes, at its option, subject to certain conditions and during certain periods, into cash, shares of our common stock or a combination of cash and shares of our common stock, with the form of consideration determined at our election. Noteholders will have the right to require us to repurchase all or a portion of their notes at 100% of the principal amount of Notes to be repurchased, plus accrued and unpaid interest to, but excluding, the repurchase date, upon the occurrence of certain events. The conversion rate is initially 32.6797 shares of our common stock per $1,000 principal amount of Notes (which is equivalent to an initial conversion price of approximately $30.60 per share of our common stock). If the Notes have not previously been converted, redeemed or repurchased, we will be required to repay the Notes in cash at maturity.
Our ability to make required cash payments in connection with redemptions or conversions of the Notes, repurchase the Notes upon the occurrence of certain events, or to repay or refinance the Notes at maturity will depend on market conditions and our future performance, which is subject to economic, financial, competitive, and other factors beyond our control. We also may not use the cash proceeds we raised through the issuance of the Notes in an optimally productive and profitable manner. Since inception, our business has generated net losses, and we may continue to incur significant losses. As a result, we may not have enough available cash or be able to obtain financing at the time we are required to repurchase or repay the Notes or pay cash with respect to Notes being converted.
In addition, our ability to repurchase or to pay cash upon conversion or at maturity of the Notes may be limited by law or regulatory authority or by other agreements governing our future indebtedness. Our failure to repurchase Notes upon the occurrence of certain events or to pay cash upon conversion or at maturity of the Notes as required by the Indenture would constitute a default under the Indenture. A default under the Indenture or the occurrence of certain events that allow Noteholders to require repurchase could also lead to a default under agreements governing our future indebtedness and could have a material adverse effect on our business, results of operations, and financial condition. If the payment of the related indebtedness were to be accelerated after any applicable notice or grace periods, we may not have sufficient funds to repay the indebtedness and repurchase the Notes or to pay cash upon conversion or at maturity of the Notes.
We are subject to counterparty risk with respect to the Capped Calls.
In connection with the issuance of the Notes, we entered into the Capped Calls with certain option counterparties. We used approximately $21.6 million of the net proceeds from the Note Offering to pay the cost of the Capped Calls and allocated issuance costs. The Capped Calls have initial cap prices of $42.00 per share, subject to certain adjustments. The Capped Calls are expected generally to reduce the potential dilution to our common stock upon any conversion of Notes and/or offset any cash payments we are required to make in excess of the principal amount of converted Notes, as the case may be, with such reduction and/or offset subject to the cap price. The Capped Calls are separate transactions that we entered into with the option counterparties, and are not part of the terms of the Notes. The option counterparties are financial institutions or affiliates of financial institutions, and we will be subject to the risk that one or more of such option counterparties may default under the Capped Calls.
Our exposure to the credit risk of the option counterparties will not be secured by any collateral. If any option counterparty becomes subject to insolvency proceedings, we will become an unsecured creditor in those proceedings with a claim equal to our exposure at that time under the Capped Calls. Our exposure will depend on many factors but, generally, the increase in our exposure will be correlated to the increase in our common stock market price and in the volatility of the market price of our common stock. In addition, upon a default by any option counterparty, we may suffer adverse tax consequences and dilution with respect to our common stock. We can provide no assurance as to the financial stability or viability of any option counterparty.
The Capped Calls may affect the value of our common stock.
In connection with the issuance of the Notes, we entered into the Capped Calls with the option counterparties. The Capped Calls are expected generally to reduce the potential dilution to our common stock upon any conversion of the Notes and/or offset any cash payments we are required to make in excess of the principal amount of converted Notes, as the case may be.
From time to time, the option counterparties or their respective affiliates may modify their hedge positions by entering into or unwinding various derivative transactions with respect to our common stock and/or purchasing or selling our common stock or other securities of ours in secondary market transactions prior to the maturity of the Notes. This activity could cause or avoid an increase or a decrease in the market price of our common stock.
If we raise additional capital through debt financing, the terms of any new debt could further restrict our ability to operate our business.
If we raise any additional debt financing, the terms of such additional debt could further restrict our operating and financial flexibility by subjecting us to customary affirmative and negative covenants, indemnification provisions, and events of default. Further, if we are liquidated, the lender’s rights to repayment would be senior to the rights of the holders of our common stock to receive any proceeds from the liquidation. Any declaration by a lender of an event of default could significantly harm our business and prospects and could cause the price of our common shares to decline.
Risks Related to Ownership of Our Common Stock
Risks Related to an Investment in Our Securities
We have a limited operating history in an evolving industry, which makes it difficult to evaluate our current business future prospects and increases the risk of your investment.
We launched operations in 2008 and we acquired Medicity in June 2018.Able Health, Healthfinch, Vitalware, Twistle, KPI Ninja, and ARMUS between February 2020 and April 2022. Our limited operating history, in particular with respect to the Medicity business,businesses we have recently acquired, makes it difficult to effectively assess or forecast our future prospects. You should consider our business and prospects in light of the risks and difficulties we encounter or may encounter.
These risks and difficulties include our ability to cost-effectively acquire new customers and retain existing customers, maintain the quality of our technology infrastructure that can efficiently and reliably handle the requirements of our customers and the deployment of new features and solutions and successfully compete with other companies that are currently in, or may enter, the healthcare solution space. Additional risks include our ability to effectively manage growth, achieve synergies, responsibly use the data that customers share with us, process, store, protect, and use personal data, including PHI, in compliance with governmental regulation, contractual obligations, and other legal obligations related to privacy and security and avoid interruptions or disruptions in our service or slower than expected load times for our platform. If we fail to address the risks and difficulties that we face, including those associated with the challenges listed above, our business and our results of operations will be adversely affected.
We have experienced significant net losses since inception, we expect to incur losses in the future, and we may not be able to generate sufficient revenue to achieve and maintain profitability.
We have incurred significant net losses in the past, including net losses of $153.2 million and $115.0 million in the years ended December 31, 2021 and 2020, respectively. We had an accumulated deficit of $878.9 million as of December 31, 2021. We expect our costs will increase over time as we continue to invest to grow our business and build relationships with customers, develop our platform, develop new solutions, and operate as a public company. These efforts may prove to be more expensive than we currently anticipate and external factors, such as the recently high inflationary environment and rising interest rates, could cause an increase in our expenses, and we may not succeed in increasing our revenue sufficiently to offset these higher expenses.
As a result, we may need to raise additional capital through equity and debt financings in order to fund our operations. To date, we have financed our operations principally from the proceeds we received through private sales of equity securities, payments received from sales of our Solution, borrowings under our loan and security agreements, our IPO, the Note Offering, and our Secondary Public Equity Offering. We may also fail to improve the gross margins of our business. If we are unable to effectively manage these risks and difficulties as we encounter them, our business, financial condition, and results of operations would be adversely affected. Our failure to achieve or maintain profitability could negatively impact the value of our common stock.
The market price of our common stock may be volatile and may decline regardless of our operating performance, and you may lose all or part of your investments.
The market price of our common stock may fluctuate significantly in response to numerous factors, many of which are beyond our control, including:
•overall performance of the equity markets and/or publicly-listed technology companies;
•actual or anticipated fluctuations in our net revenue or other operating metrics;
•changes in the financial projections we provide to the public or our failure to meet these projections;
•failure of securities analysts to initiate or maintain coverage of us, changes in financial estimates by any securities analysts who follow our company, or our failure to meet the estimates or the expectations of investors;
•the economy as a whole and market conditions in our industry;
•rumors and market speculation involving us or other companies in our industry;
•announcements by us or our competitors of significant innovations, acquisitions, strategic partnerships, joint ventures, or capital commitments;
•new laws or regulations or new interpretations of existing laws or regulations applicable to our business;
•lawsuits threatened or filed against us;
•recruitment or departure of key personnel; and
•other events or factors, including those resulting from war, incidents of terrorism, pandemics, or responses to these events; and
the expiration of contractual lock-up or market standoff agreements.
events.
In addition, extreme price and volume fluctuations in the stock markets have affected and continue to affect many technology companies’ stock prices. Often, their stock prices have fluctuated in ways unrelated or disproportionate to the companies’ operating performance. In the past, stockholders have filed securities class action litigation following periods of market volatility. If we were to become involved in securities litigation, it could subject us to substantial costs, divert resources and the attention of management from our business, and harm our business.
Moreover, because of these fluctuations, comparing our results of operations on a period-to-period basis may not be meaningful. You should not rely on our past results as an indication of our future performance. This variability and unpredictability could also result in our failing to meet the expectations of industry or financial analysts or investors for any period.
If our net revenue or results of operations fall below the expectations of analysts or investors or below any forecasts we may provide to the market, or if the forecasts we provide to the market are below the expectations of analysts or investors, the price of our common stock could decline substantially. Such a stock price decline could occur even when we have met any previously publicly stated net revenue or earnings forecasts that we may provide.
We are an emerging growth company, and any decision on our part to comply only with certain reduced reporting and disclosure requirements applicable to emerging growth companies could make our common stock less attractive to investors.
We are an emerging growth company, and, for as long as we continue to be an emerging growth company, we may choose to take advantage of exemptions from various reporting requirements applicable to other public companies but not to “emerging growth companies,” including:
not being required to have our independent registered public accounting firm attest to our internal control over financial reporting under Section 404 of the Sarbanes Oxley Act;
reduced disclosure obligations regarding executive compensation in our periodic reports and annual report on Form 10-K; and
exemptions from the requirements of holding a non-binding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved.
We could be an emerging growth company for up to five years following the completion of this offering. Our status as an emerging growth company will end as soon as any of the following takes place:
the last day of the fiscal year in which we have more than $1.07 billion in annual revenue;
the date we qualify as a “large accelerated filer,” with at least $700 million of equity securities held by non-affiliates;
the date on which we have issued, in any three-year period, more than $1.0 billion in non-convertible debt securities; or
the last day of the fiscal year ending after the fifth anniversary of the completion of this offering.
We cannot predict if investors will find our common stock less attractive if we choose to rely on the exemptions afforded emerging growth companies. If some investors find our common stock less attractive because we rely on any of these exemptions, there may be a less active trading market for our common stock and the market price of our common stock may be more volatile.
Under the JOBS Act, emerging growth companies can also delay adopting new or revised accounting standards until such time as those standards apply to private companies. We have irrevocably elected not to avail ourselves of this accommodation allowing for delayed adoption of new or revised accounting standards, and therefore, we will be subject to the same new or revised accounting standards as other public companies that are not emerging growth companies.
If securities or industry analysts do not continue to publish research, or publish inaccurate or unfavorable research, about our business, the price of our common stock and trading volume could decline.
The trading market for our common stock will depend in part on the research and reports that securities or industry analysts publish about us or our business. Securities and industry analysts do not currently, and may never, publish research on our company. If few securities analysts commence coverage of us, or if industry analysts cease coverage of us, the trading price for our common stock could be negatively affected. If one or more of the analysts who cover us downgrade our common stock or publish inaccurate or unfavorable research about our business, our common stock price would likely decline. If one or more of these analysts cease coverage of us or fail to publish reports on us on a regular basis, demand for our common stock could decrease, which might cause our common stock price and trading volume to decline.
Sales of substantial amountsWe cannot guarantee that the Share Repurchase Plan will be fully consummated or will enhance stockholder value, and share repurchases could affect the price of our common stock instock.
On August 2, 2022, our board of directors authorized and approved the public markets, such as whenShare Repurchase Plan, pursuant to which we may repurchase up to $40.0 million of our lock-up restrictions are released, or the perception that salesoutstanding shares of common stock. We began repurchasing shares of common stock mightunder this program during the third quarter of 2022. Repurchases of shares of common stock under the Share Repurchase Plan may be made from time to time, in the open market, in privately negotiated transactions or otherwise, with the amount and timing of repurchases to be determined at the discretion of our management, depending on market conditions and corporate needs. Open market repurchases will be structured to occur could causein accordance with applicable federal securities laws, including within the pricing and volume requirements of Rule 10b-18 under the Exchange Act. We may also, from time to time, enter into Rule 10b5-1 plans to facilitate repurchases of our shares of common stock under this authorization. The timing, pricing, and sizes of these repurchases will depend on a number of factors, including the market price of our common stock to decline.
Sales of a substantial number of shares of our common stock intoand general market and economic conditions. The Share Repurchase Plan could affect the public market, particularly sales by our directors, executive officers, and principal stockholders, or the perception that these sales might occur, could cause the market price of our common stock, to decline. As of the closing of the IPO on July 29, 2019, we had outstanding a total of 36,205,209 shares of common stock. This assumes no exercise of outstanding options or warrantsincrease volatility, and gives effect to the conversion of all ofdiminish our outstanding shares of redeemable convertible preferred stock into shares of common stock and the issuance of shares of common stock on the completion of the IPO.cash reserves.
Substantially all of our securities outstanding prior to the IPO are currently restricted from resale as a result of lock-up and market standoff agreements. These securities will become available to be sold 180 days after the date of the final prospectus relating to the IPO. Goldman Sachs & Co. LLC and J.P. Morgan Securities LLC may, in their discretion, permit our security holders to sell shares prior to the expiration of the restrictive provisions contained in the lock-up agreements. Sales of a substantial number of such shares upon expiration of the lock-up and market standoff agreements, the perception that such sales may occur or early release of these agreements could cause our market price to fall or make it more difficult for an investor to sell common stock at a time and price that an investor deems appropriate. Shares held by directors, executive officers, and other affiliates will also be subject to volume limitations under Rule 144 under the Securities Act of 1933, as amended (Securities Act), and various vesting agreements.
In addition, as of June 30, 2019, we had 8,031,898 options outstanding that, if fully exercised, would result in the issuance of shares of common stock. All of the shares of common stock issuable upon the exercise of stock options and the shares reserved for future issuance under our equity incentive plans will be registered for public resale under the Securities Act. Accordingly, these shares will be able to be freely sold in the public market upon issuance, subject to existing lock-up or market standoff agreements, volume limitations under Rule 144 for our executive officers and directors, and applicable vesting requirements.
Our management has broad discretion in the use of proceeds from our IPO, the Note Offering, and the Secondary Public Equity Offering and our use may not produce a positive rate of return.
The principal purposes of our IPO were to increase our capitalization and financial flexibility, create a public market for our stock and thereby enable access to the public equity markets by our employees and stockholders, obtain additional capital, and strengthen our position in the healthcare data analytics applications and services market. We used a portion of the Note Offering proceeds to pay the cost of the Capped Call transactions and to prepay in full all outstanding indebtedness under our credit agreement with OrbiMed. We cannot specify with certainty our plans for the use of the net proceeds we received from this offering.these offerings. However, we intend to use the net proceeds we received from our IPO, the Note Offering and our Secondary Public Equity Offering for working capital and other general corporate purposes. We may also use a portion of the net proceeds from these offerings for the acquisition of, or investment in, technologies, solutions or businesses that complement our business. Our management has broad discretion over the specific use of the net proceeds we received in our IPOthese offerings and might not be able to obtain a significant return, if any, on investment of these net proceeds. Investors will need to rely upon the judgment of our management with respect to the use of proceeds. If we do not use the net proceeds that we received in our IPO, the Note Offering, and our Secondary Public Equity Offering effectively, our business, results of operations, and financial condition could be harmed.
Our issuance of additional capital stock in connection with financings, acquisitions, investments, our stock incentive plans or otherwise will dilute all other stockholders.
We expect to issue additional capital stock in the future that will result in dilution to all other stockholders. We expect to grant equity awards to employees, directors, and consultants under our stock incentive plans. We may also raise capital through equity financings in the future.future, including through offerings similar to our Secondary Public Equity Offering during the third quarter of 2021. As part of our business strategy, we may acquire or make investments in complementary companies, products, or technologies and issue equity securities to pay for any such acquisition or investment.investment, such as our issuance of equity securities in connection with our acquisitions. Any such issuances of additional capital stock may cause stockholders to experience significant dilution of their ownership interests and the per shareper-share value of our common stock to decline.
The requirements of being a public company may strain our resources, divert management’s attention and affect our ability to attract and retain executive management and qualified board members.
As a public company, we are subject to the reporting requirements of the Securities Exchange Act, of 1934 (the Exchange Act), the listing standards of Nasdaq, and other applicable securities rules and regulations. We expect that the requirements of these rules and regulations will continue to increase our legal, accounting, and financial compliance costs, make some activities more difficult, time-consuming,time consuming, and costly, and place significant strain on our personnel, systems, and resources. For example, the Exchange Act requires, among other things, that we file annual, quarterly and current reports with respect to our business and results of operations. As a result of the complexity involved in complying with the rules and regulations applicable to public companies, our management’s attention may be diverted from other business concerns, which could harm our business, results of operations, and financial condition.
Although we have already hired additional employees to assist us in complying with these requirements, we may need to hire more employees in the future or engage outside consultants, which will increase our operating expenses.
In addition, changing laws, regulations, and standards relating to corporate governance and public disclosure are creating uncertainty for public companies, increasing legal and financial compliance costs, and making some activities more time-consuming.time consuming. These laws, regulations, and standards are subject to varying interpretations, in many cases due to their lack of specificity, and, as a result, their application in practice may evolve over time as new guidance is provided by regulatory and governing bodies. This could result in continuing uncertainty regarding compliance matters and higher costs necessitated by ongoing revisions to disclosure and governance practices.
We intend to invest substantial resources to comply with evolving laws, regulations and standards, and this investment may result in increased general and administrative expenses and a diversion of management’s time and attention from business operations to compliance activities. If our efforts to comply with new laws, regulations, and standards differ from the activities intended by regulatory or governing bodies due to ambiguities related to their application and practice, regulatory authorities may initiate legal proceedings against us and our business may be harmed.
We also expect that being a public company and these new rules and regulations will make it more expensive for us to obtain director and officer liability insurance, and we may be required to accept reduced coverage or incur substantially higher costs to obtain coverage. These factors could also make it more difficult for us to attract and retain qualified members of our board of directors, particularly to serve on our audit committee and compensation committee, and qualified executive officers.
As a result of disclosure of information in filings required of a public company, our business and financial condition is more visible, which may result in an increased risk of threatened or actual litigation, including by competitors and other third parties. If such claims are successful, our business and results of operations could be harmed, and even if the claims do not result in litigation or are resolved in our favor, these claims, and the time and resources necessary to resolve them, could divert the resources of our management and harm our business, results of operations, and financial condition.
The individuals who now constitute our senior management team have limited experience managing a publicly-traded company and limited experience complying with the increasingly complex laws pertaining to public companies. Our senior management team may not successfully or efficiently manage our transition to a public company that is subject to significant regulatory oversight and reporting obligations.
We do not intend to pay dividends on our common stock and, consequently, the ability of common stockholders to achieve a return on investment will depend on appreciation, if any, in the price of our common stock.
You should not rely on an investment in our common stock to provide dividend income. We have never declared or paid any dividends on our capital stock. We intend to retain any earnings to finance the operation and expansion of our business, and we do not anticipate paying any cash dividends in the foreseeable future. In addition, the terms of our debt facilities with OrbiMed and SVB contain, and any future credit facility or financing we obtain may contain, terms prohibiting or limiting the amount of dividends that may be declared or paid on our common stock. As a result, common stockholders may only receive a return on investment if the market price of our common stock increases.
We could be subject to securities class action litigation.
In the past, securities class action litigation has often been brought against a company following a decline in the market price of its securities. This risk is especially relevant for us because technology and healthcare technology companies have experienced significant stock price volatility in recent years. If we face such litigation, it could result in substantial costs and a diversion of management’s attention and resources, which could harm our business.
Risks Related to Our Charter and Bylaws
Provisions in our charter documents and under Delaware law could make an acquisition of our company more difficult, limit attempts by our stockholders to replace or remove our current board of directors, and limit the market price of our common stock.
Provisions in our amended and restated certificate of incorporation and amended and restated bylaws may have the effect of delaying or preventing a change of control or changes in our management. Our amended and restated certificate of incorporation and amended and restated bylaws, include provisions that:
•provide that our board of directors is classified into three classes of directors with staggered three-year terms;
•permit the board of directors to establish the number of directors and fill any vacancies and newly-created directorships;
•require super-majority voting to amend some provisions in our amended and restated certificate of incorporation and amended and restated bylaws;
•authorize the issuance of “blank check” preferred stock that our board of directors could use to implement a stockholder rights plan;
•provide that only a majority of our board of directors will be authorized to call a special meeting of stockholders;
•prohibit stockholder action by written consent, which requires all stockholder actions to be taken at a meeting of our stockholders;
•provide that the board of directors is expressly authorized to make, alter, or repeal our bylaws; and
•advance notice requirements for nominations for election to our board of directors or for proposing matters that can be acted upon by stockholders at annual stockholder meetings.
Moreover, Section 203 of the Delaware General Corporation Law may discourage, delay, or prevent a change in control of our company.
Section 203 imposes certain restrictions on mergers, business combinations, and other transactions between us and holders of 15% or more of our common stock.
Our amended and restated bylaws designate a state or federal court located within the State of Delaware as the exclusive forum for certain litigation that may be initiated by our stockholders, which could limit stockholders’ ability to obtain a favorable judicial forum for disputes with us.
Our amended and restated bylaws provide, toinclude an exclusive forum provision that provides that the fullest extent permitted by law, that a state or federal court located withinCourt of Chancery of the State of Delaware will be the exclusive forum for the following types of actions or proceedings under Delaware statutory or common law:
•any derivative action or proceeding brought on our behalf;
•any action asserting a breach of fiduciary duty;duty owed to us or our stockholders by any of our current or former directors, officers or other employees;
•any action asserting a claim against us arising pursuant to the Delaware General Corporation Law, our amended and restated certificate of incorporation, or our amended and restated bylaws; or
•any action asserting a claim against us that is governed by the internal affairs doctrine.doctrine and asserts a claim against us or any of our current or former directors, officers or other employees or stockholders.
This exclusive forum provision will not apply to any causes of action arising under the Securities Act. Further, Section 22 of the Securities Act creates concurrent jurisdiction for federal and state courts over all suits brought to enforce any duty or liability created by the Securities Act or the Exchange Act or any other claim for which therules and regulations thereunder. Accordingly, both state and federal courts have exclusive jurisdiction. Nothingjurisdiction to entertain such Securities Act claims. To prevent having to litigate claims in multiple jurisdictions and the threat of inconsistent or contrary rulings by different courts, among other considerations, our amended and restated bylaws precludes stockholdersprovide that, assert claimsunless we consent in writing to the selection of an alternative forum, to the fullest extent permitted by law, the federal district courts of the United States of America shall be the exclusive forum for the resolution of any complaint asserting a cause or causes of action arising under the Securities Act or the Exchange Act from bringingAct; however, a court may not enforce such claims in state or federal court, subject to applicable law. provision.
This choice of forum provision may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or any of our directors, officers, or other employees, which may discourage lawsuits with respect to such claims. Alternatively, if a court were to find the choice of forum provision which will be contained in our amended and restated bylaws to be inapplicable or unenforceable in an action, we may incur additional costs associated with resolving such action in other jurisdictions, which could harm our business, results of operations, and financial condition.
General Risks
Changes in accounting principles may cause previously unanticipated fluctuations in our financial results, and the implementation of such changes may impact our ability to meet our financial reporting obligations.
We could beprepare our financial statements in accordance with U.S. GAAP which are subject to securities class action litigation.
Ininterpretation or changes by the Financial Accounting Standards Board (FASB), the SEC, and other various bodies formed to promulgate and interpret appropriate accounting principles. New accounting pronouncements and changes in accounting principles have occurred in the past securities class action litigation has often been brought against a company following a declineand are expected to occur in the market pricefuture which may have a significant effect on our financial results.Furthermore, any difficulties in implementation of its securities. This risk is especially relevantchanges in accounting principles, including the ability to modify our accounting systems, could cause us to fail to meet our financial reporting obligations, which could result in regulatory discipline and harm investors’ confidence in us.
Economic uncertainties or downturns in the general economy or the industries in which our customers operate could disproportionately affect the demand for us because technologyour Solution and healthcare technology companiesnegatively impact our results of operations.
General worldwide economic conditions have experienced significant stock pricedownturns during the last ten or more years, and market volatility and uncertainty remain widespread, making it potentially very difficult for our customers and us to accurately forecast and plan future business activities. During challenging economic times, our customers may have difficulty gaining timely access to sufficient credit or obtaining credit on reasonable terms, increased costs and/or other negative financial impacts, each of which could impair their ability to make timely payments to us and adversely affect our revenue.
If that were to occur, our financial results could be harmed. Further, challenging economic conditions may impair the ability of our customers to pay for the applications and services they already have purchased from us and, as a result, our write-offs of accounts receivable could increase. We cannot predict the timing, strength, or duration of any economic slowdown or recovery. If the condition of the general economy or markets in recent years. Ifwhich we face such litigation, itoperate worsens, our business could be harmed.
Investors’ expectations of our performance relating to environmental, social, and governance factors may impose additional costs and expose us to new risks.
There is an increasing focus from certain investors, employees, and other stakeholders concerning corporate responsibility, specifically related to environmental, social, and governance factors. Some investors may use these factors to guide their investment strategies and, in some cases, may choose not to invest in us if they believe our policies relating to corporate responsibility are inadequate. Third-party providers of corporate responsibility ratings and reports on companies have increased to meet growing investor demand for measurement of corporate responsibility performance.
The criteria by which companies’ corporate responsibility practices are assessed may change, which could result in substantial costsgreater expectations of us and a diversioncause us to undertake costly initiatives to satisfy such new criteria. If we elect not to or are unable to satisfy such new criteria, investors may conclude that our policies with respect to corporate responsibility are inadequate. We may face reputational damage in the event that our corporate responsibility procedures or standards do not meet the standards set by various constituencies.
Furthermore, if our competitors’ corporate responsibility performance is perceived to be greater than ours, potential or current investors may elect to invest with our competitors instead. In addition, in the event that we communicate certain initiatives and goals regarding environmental, social and governance matters, we could fail, or be perceived to fail, in our achievement of management’s attentionsuch initiatives or goals, or we could be criticized for the scope of such initiatives or goals. If we fail to satisfy the expectations of investors, employees, and resources, whichother stakeholders, or, if our initiatives are not executed as planned, our reputation and business, operating results, and financial condition could harm our business.be adversely impacted.
Item 2. Unregistered Sales of Equity Securities and Use of Proceeds
Option ExercisesRepurchases of equity securities by the Company during the three months ended September 30, 2022 were as follows (in millions, except share and per share amounts):
From January 1, 2019 through June 30, 2019, we issued an aggregate
| | | | | | | | | | | | | | | | | | | | | | | | | | |
Period | | Total Number of Shares Purchased | | Average Price Paid per Share | | Total Number of Shares Purchased as Part of Publicly Announced Plans or Programs(1) | | Approximate Dollar Value of Shares that May Yet Be Purchased Under the Plans or Programs(1) |
July 1, 2022 – July 31, 2022 | | — | | | $ | — | | | — | | | |
August 1, 2022 – August 31, 2022 | | 485,491 | | | $ | 12.14 | | | 485,491 | | | $ | 34.1 | |
September 1, 2022 – September 30, 2022 | | 223,648 | | | $ | 11.11 | | | 223,648 | | | $ | 31.6 | |
Total | | 709,139 | | | $ | 11.82 | | | 709,139 | | | $ | 31.6 | |
__________________(1)On August 2, 2022, our board of 223,070 sharesdirectors authorized and approved a share repurchase program of up to $40.0 million of our common stock in connection withoutstanding stock. We began repurchasing shares under this program during the exercisethird quarter of stock options previously granted to our directors, officers, employees, consultants and other service providers under our 2011 Plan. None2022. As of September 30, 2022, the foregoing transactions involved any underwriters, underwriting discounts or commissions, or any public offering. We believe the offers, sales, and issuances of the above securities were exempt from registration under the Securities Act (or Regulation D or Regulation S promulgated thereunder) by virtue of Section 4(a)(2) of the Securities Act because the issuance of securities to the recipients did not involve a public offering, or in reliance on Rule 701 because the transactions were pursuant to compensatory benefit plans or contracts relating to compensation as provided under such rule. The recipients of the securities in each of these transactions represented their intentions to acquire the securitiestotal remaining authorization for investment only and not with a view to or for sale in connection with any distribution thereof, and appropriate legends were placed upon the stock certificates issued in these transactions. All recipients had adequate access, through their relationships with us, to information about us. The sales of these securities were made without any general solicitation or advertising.
RSU Issuances
From January 1, 2019 through June 30, 2019, we granted 37,500 RSUs to an officer to be settled in shares of our common stock under our 2011 Plan.
Use of Proceeds from Public Offering of Common Stock
On July 29, 2019, we closed our initial public offering ("IPO") in which we issued and sold 8,050,000future shares of common stock at a price to the public of $26.00 perrepurchases under our share including shares sold in connection with the exercise of the underwriters’ option to purchase additional shares. The offer and sale of the shares in our IPO were registered under the Securities Act pursuant to a registration statement on Form S-1 (File No. 333-232400), which was declared effective by the SEC on July 24, 2019. We raised $194.6 million after deducting underwriting discounts and commissions of $14.7 million and before deducting estimated offering costs of $4.4repurchase program is approximately $31.6 million.
We expect to use the net proceeds for general corporate purposes, including working capital and operating expenses. Additionally, we may use a portion of the net proceeds to acquire or invest in businesses, products, services or technologies. However, we do not have agreements or commitments for any material acquisitions or investments at this time. We cannot specify with certainty the particular uses of the net proceeds that we received from our IPO. Accordingly, we will have broad discretion in using these proceeds. Pending the use of proceeds from our IPO as described above, we may invest the net proceeds that we received in our IPO in short-duration fixed income securities, including government and investment-grade corporate debt securities and money market funds. The shares and proceeds from our IPO and the underwriters’ exercise of their option to purchase additional shares are not reflected in the condensed consolidated financial statements as of and for the three and six months ended June 30, 2019.
Item 6. Exhibits
| | Exhibit Number | | Description of Document | Incorporated by Reference from Form | Incorporated by Reference from Exhibit Number | Date Filed | Exhibit Number | | Description of Document | Incorporated by Reference from Form | Incorporated by Reference from Exhibit Number | Date Filed |
| | | | |
3.1 | | | S-1/A | 3.2 | July 12, 2019 | 3.1 | | Amended and Restated Certificate of Incorporation. | S-1/A | 3.2 | July 12, 2019 |
| | |
3.2 | | | S-1/A | 3.4 | July 12, 2019 | 3.2 | | Amended and Restated Bylaws. | S-1/A | 3.4 | July 12, 2019 |
| | |
3.3 | | 3.3 | | Amendment to Amended and Restated Bylaws. | 8-K | 3.1 | August 2, 2021 |
| 4.1 | | | S-1/A | 4.1 | July 12, 2019 | 4.1 | | Form of common stock certificate. | S-1/A | 4.1 | July 12, 2019 |
| | |
10.1# | | | Filed herewith | | |
| | |
31.1 | | | Filed herewith | | 31.1 | | | Filed herewith | |
| | |
31.2 | | | Filed herewith | | 31.2 | | | Filed herewith | |
| | |
32.1^ | | | Furnished herewith | | 32.1^ | | | Furnished herewith | |
| | |
101.SCH | | Inline XBRL Taxonomy Extension Schema Document | Filed herewith | | 101.SCH | | Inline XBRL Taxonomy Extension Schema Document | Filed herewith | |
| | |
101.CAL | | Inline XBRL Taxonomy Extension Calculation Linkbase Document | Filed herewith | | 101.CAL | | Inline XBRL Taxonomy Extension Calculation Linkbase Document | Filed herewith | |
| | |
101.DEF | | Inline XBRL Taxonomy Extension Definition Linkbase Document | Filed herewith | | 101.DEF | | Inline XBRL Taxonomy Extension Definition Linkbase Document | Filed herewith | |
| | |
101.LAB | | Inline XBRL Taxonomy Extension Label Linkbase Document | Filed herewith | | 101.LAB | | Inline XBRL Taxonomy Extension Label Linkbase Document | Filed herewith | |
| | |
101.PRE | | Inline XBRL Taxonomy Extension Presentation Linkbase Document | Filed herewith | | 101.PRE | | Inline XBRL Taxonomy Extension Presentation Linkbase Document | Filed herewith | |
| | |
104 | | Cover Page Interactive Data File (formatted as inline XBRL with applicable taxonomy extension information contained in Exhibits 101) | Filed herewith | | 104 | | Cover Page Interactive Data File (formatted as inline XBRL with applicable taxonomy extension information contained in Exhibits 101) | Filed herewith | |
Pursuant to the requirements of the Securities Act of 1934, the Registrant has duly caused this Quarterly Report on Form 10-Q to be signed on its behalf by the undersigned, thereunto duly authorized.