Public companies are required to disclose risks that can affect the business and impact the stock. These disclosures are known as “Risk Factors”. Companies disclose these risks in their yearly (Form 10-K), quarterly earnings (Form 10-Q), or “foreign private issuer” reports (Form 20-F). Risk factors show the challenges a company faces. Investors can consider the worst-case scenarios before making an investment. TipRanks’ Risk Analysis categorizes risks based on proprietary classification algorithms and machine learning.

Healthcare Triangle disclosed 44 risk factors in its most recent earnings report. Healthcare Triangle reported the most risks in the “Legal & Regulatory” category.

Risk Overview Q3, 2024

Risk Distribution

30% Legal & Regulatory

23% Tech & Innovation

20% Finance & Corporate

16% Ability to Sell

7% Production

5% Macro & Political

Finance & Corporate - Financial and accounting risks. Risks related to the execution of corporate activity and strategy

This chart displays the stock's most recent risk distribution according to category. TipRanks has identified 6 major categories: Finance & corporate, legal & regulatory, macro & political, production, tech & innovation, and ability to sell.

Risk Change Over Time

S&P500 Average

Sector Average

Risks removed

Risks added

Risks changed

Healthcare Triangle Risk Factors

New Risk (0)

Risk Changed (0)

Risk Removed (0)

No changes from previous report

The chart shows the number of risks a company has disclosed. You can compare this to the sector average or S&P 500 average.

The quarters shown in the chart are according to the calendar year (January to December). Businesses set their own financial calendar, known as a fiscal year. For example, Walmart ends their financial year at the end of January to accommodate the holiday season.

Risk Highlights Q3, 2024

Main Risk Category

Legal & Regulatory

With 13 Risks

Legal & Regulatory

With 13 Risks

Number of Disclosed Risks

No changes from last report

S&P 500 Average: 31

No changes from last report

S&P 500 Average: 31

Recent Changes

0Risks added

0Risks removed

0Risks changed

Since Sep 2024

0Risks added

0Risks removed

0Risks changed

Since Sep 2024

Number of Risk Changed

No changes from last report

S&P 500 Average: 1

No changes from last report

S&P 500 Average: 1

See the risk highlights of Healthcare Triangle in the last period.

Risk Word Cloud

The most common phrases about risk factors from the most recent report. Larger texts indicate more widely used phrases.

Risk Factors Full Breakdown - Total Risks 44

Legal & Regulatory

Total Risks: 13/44 (30%)Above Sector Average

Regulation9 | 20.5%

Regulation - Risk 1

In the event our software platforms and solutions are found to be subject to FDA's regulations and approval in connection with the certain types of medical devices our software integrates with, we may have to incur additional costs or be subjected to potential criminal and civil penalties in case of the actual or perceived failure of us to comply with such regulations.

Certain computer software products are regulated as medical devices under the Federal Food, Drug and Cosmetic Act. The 21st Century Cures Act, passed in December 2016, clarified the definition of a medical device to exclude health information technology such as Electronic Health Records; however, the legislation did leave the opportunity for that designation to be revisited if determined to be necessary by changing industry and technological dynamics. Accordingly, the Food and Drug Administration (the "FDA") may become increasingly active in regulating computer software intended for use in healthcare settings. Depending on the product, we could be required to notify the FDA and demonstrate substantial equivalence to other products on the market before marketing such products or obtain FDA approval by demonstrating safety and effectiveness before marketing a product. Depending on the intended use of a device, the FDA could require us to obtain extensive data from clinical studies to demonstrate safety or effectiveness or substantial equivalence. If the FDA requires this data, we could be required to obtain approval of an investigational device exemption before undertaking clinical trials. Clinical trials can take extended periods of time to complete. We cannot provide assurances that the FDA would approve or clear a device after the completion of such trials. In addition, these products would be subject to the Federal Food, Drug, and Cosmetic Act's general controls. The FDA can impose extensive requirements governing pre- and post-market conditions such as approval, labelling, and manufacturing, as well as governing product design controls and quality assurance processes. Failure to comply with FDA requirements can result in criminal and civil fines and penalties, product seizure, injunction, and civil monetary policies-each of which could have an adverse effect on our business.

Regulation - Risk 2

We may be subject to liability as a result of a failure or a perceived failure to comply with laws and regulations governing approval and reimbursement of claims by healthcare industry payers.

Our software solutions allow to electronically transmits medical claims by physicians to patients' payers for approval and reimbursement. In addition, our services include assistance in cloud processing and submission of medical claims by physicians to patients' payers for approval and reimbursement. Federal law provides that it is both a civil and a criminal violation for any person to submit, or cause to be submitted, a claim to any payer, including, without limitation, Medicare, Medicaid, and all private health plans and managed care plans, seeking payment for any services or products that overbills or bills for items that have not been provided to the patient. We have in place policies and procedures that we believe assure that all claims that are transmitted by our system and through our services are accurate and complete, provided that the information given to us by our clients is also accurate and complete. If, however, we or our subcontractors do not follow those procedures and policies, or they are not sufficient to prevent inaccurate claims from being submitted, we could be subject to liability.

Regulation - Risk 3

The Company and its products are subject to laws and regulations concerning electronic prescribing standards and the adoption of controlled substance electronic prescribing. Our actual or perceived failure to comply with these laws and regulations could harm our business, financial condition, results of operations, reputation, or prospects.

The use of our software by physicians to perform a variety of functions, including electronic prescribing, which refers to the electronic routing of prescriptions to pharmacies and the ensuing dispensation, is governed by state and federal law, including fraud and abuse laws. States have differing prescription format requirements, which we have programmed into our software. There is significant variation in the laws and regulations governing prescription activity, as federal law and the laws of many states permit the electronic transmission of certain controlled prescription orders, while the laws of several states neither specifically permit nor specifically prohibit the practice. Restrictions exist at the federal level on the use of electronic prescribing for controlled substances and certain other drugs, including a regulation enacted by the Drug Enforcement Association in mid-2010. However, some states (most notably New York) have passed complementary laws governing the use of electronic prescribing tools in the use of prescribing opioids and other controlled substances, and we expect this to continue to be addressed with regulations in other states. In addition, the HHS published its final "E-Prescribing and the Prescription Drug Program" regulations in 2005 (effective January 1, 2006), and final regulations governing the standards for electronic prescribing under Medicare Part D in 2008 (effective June 6, 2008) (the "ePrescribing Regulations"). These regulations are required by the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 ("MMA") and consist of detailed standards and requirements, in addition to the HIPAA Standard discussed above, for prescription and other information transmitted electronically in connection with a drug benefit covered by the MMA's Prescription Drug Benefit. Further, in 2016, Congress passed the Comprehensive Addiction and Recovery Act, which contained components related to Prescription Drug Monitoring Programs and other elements that relate to the use of our technologies. These standards are detailed and broad, and cover not only routing transactions between prescribers and pharmacies, but also electronic eligibility, formulary, and benefits inquiries. In general, regulations in this area can be burdensome and evolve regularly, meaning that any potential benefits to our clients from utilizing such solutions and services may be superseded by a newly-promulgated regulation that adversely affects our business model. Our efforts to provide solutions that enable our clients to comply with these regulations could be time consuming and expensive. Any failure or perceived failure by us to comply with the aforementioned laws and regulations in connection with our products and services provided to our clients or used by third parties, or our related legal obligations, or any compromise of security that results in the unauthorized release or transfer protected information, may result in governmental enforcement actions, litigation, class action, or public statements against us by consumer advocacy groups or others and could cause our clients to lose trust in us, which could have an adverse effect on our business, financial condition, results of operations, reputation, or prospects.

Regulation - Risk 4

The Company and its products are subject to laws and regulations concerning healthcare provider's practices and patients' information protection. Our actual or perceived failure to comply with these laws and regulations could harm our business, financial condition, results of operations, reputation, or prospects.

As part of the operation of our business, we, and our subcontractors may have access to, or our clients may provide to us, individually identifiable health information related to the treatment, payment, and operations of providers' practices. In the United States, government and industry legislation and rulemaking, especially HIPAA, HITECH, and standards and requirements published by industry groups such as the Joint Commission require the use of standard transactions, standard identifiers, security other standards and requirements for the transmission of certain electronic health information. National standards and procedures underripe include the "Standards for Electronic Transactions and Code Sets" (the "Transaction Standards"); the "Security Standards" (the "Security Standards"); and the "Standards for Privacy of Individually Identifiable Health Information" (the "Privacy Standards"). The Transaction Standards require the use of specified data coding, formatting, and content in all specified "healthcare Transactions" conducted electronically. The Security Standards require the adoption of specified types of security measures for certain electronic health information, which is called Protected Health Information ("PHI"). The Privacy Standards grant a number of rights to individuals as to their PHI and restrict the use and disclosure of PHI by "Covered Entities," defined as "health plans," "healthcare providers," and "healthcare clearinghouses." Any failure or perceived failure by us to comply with the aforementioned laws and regulations in connection with our products and services provided to our clients or used by third parties, or our related legal obligations, or any compromise of security that results in the unauthorized release or transfer protected information, may result in governmental enforcement actions, litigation, class action, or public statements against us by consumer advocacy groups or others and could cause our clients to lose trust in us, which could have an adverse effect on our business, financial condition, results of operations, reputation or prospects.

Regulation - Risk 5

We may be subject to false or fraudulent claim laws.

There are numerous federal and state laws that forbid the submission of false information or the failure to disclose information in connection with submission and payment of physician claims for reimbursement. In some cases, these laws also forbid the abuse of existing systems for such submission and payment. Any failure of our revenue cycle management services to comply with these laws and regulations could result in substantial liability including, but not limited to, criminal liability, could adversely affect demand for our services and could force us to expend significant capital, research and development, and other resources to address the failure. Errors by us or our systems with respect to entry, formatting, preparation, or transmission of claim information may be determined or alleged to be in violation of these laws and regulations. Determination by a court or regulatory agency that our services violate these laws could subject us to civil or criminal penalties, invalidate all or portions of some of our client contracts, require us to change or terminate some portions of our business, require us to refund portions of our services fees, cause us to be disqualified from serving clients doing business with government payers and have an adverse effect on our business.

Regulation - Risk 6

We may be directly and indirectly liable for its client's non-compliance with laws and regulations addressing Electronic Health Records.

A number of relevant federal and state laws govern the use and content of EHRs, including fraud and abuse laws that may affect the approach to our technological solutions. We provide solutions and expert services in connection with EHR to a variety of healthcare providers. As a result, our platforms and services have to be designed in a manner that facilitates our clients' compliance with applicable laws and regulations. We cannot predict the content or effect of possible changes to these laws or new federal and state laws that might govern these systems and services. Furthermore, we may be required to obtain pertinent certifications or permissions to meet industry standards that could adversely impact our business.

Regulation - Risk 7

We are subject to numerous regulatory requirements of the healthcare industry and is susceptible to a changing regulatory environment.

As a participant in the healthcare industry, our operations and relationships, and those of our clients, are regulated by a number of foreign, federal, state, and local governmental entities. The impact of such regulations on us, our products, and our services can be both direct and indirect. The direct impact is present to the extent we are ourselves subject to the pertinent laws and regulations. The indirect effect of such regulations can be experienced both in terms of the level of government reimbursement available to our clients and to the extent, our products must be capable of being used by our clients in a manner compliant with applicable laws and regulations. Furthermore, our efforts to expand into new markets internationally may subject us to numerous additional laws and regulations that may be potentially burdensome in compliance. The ability of our clients to comply with laws and regulations while using our software platforms and solutions could affect the marketability of our products or our compliance with our client contracts, or even expose us to direct liability under the theory that we had assisted our clients in a violation of healthcare laws or regulations. Because our business relationships with doctors, hospitals, and Life Sciences clients are unique and the healthcare IT industry as a whole is to a certain extent, in its incipient stage, the application of many state and federal regulations to our business operations and to our clients may be uncertain. Additionally, a tendency to impose additional regulation in the U.S. federal and state privacy and security laws (such as CCPA); fraud and abuse laws, including anti-kickback laws and limitations on physician referrals; numerous quality measurement programs being adopted by our clients; and laws related to distribution and marketing, including the off-label promotion of prescription drugs, which may be directly or indirectly applicable to our operations and relationships or the business practices of our clients. It is possible that a review of our business practices or those of our clients by courts or regulatory authorities could result in a determination that could adversely affect us. In addition, the healthcare regulatory environment may change in a way that restricts our existing operations or our growth. The healthcare industry generally and the EHR industry specifically are expected to continue to undergo significant legal and regulatory changes for the foreseeable future, which could have an adverse effect on our business, financial condition, and operating results. We cannot predict the effect of possible future enforcement, legislation, and regulation.

Regulation - Risk 8

Increased government involvement in healthcare could materially and adversely impact our business.

United States healthcare system reform at both the federal and state level could increase government involvement in healthcare, reconfigure reimbursement rates and otherwise change the business environment of our clients and the other entities with which we have a business relationship. We cannot predict whether or when future healthcare reform initiatives at the federal or state level or other initiatives affecting our business will be proposed, enacted, or implemented or what impact those initiatives may have on our business, financial condition, or operating results. Our clients and the other entities with which we have a business relationship could react to these initiatives and the uncertainty surrounding these proposals by curtailing or deferring investments, including those for our products and services.

Regulation - Risk 9

There is significant uncertainty in the healthcare industry, both as a result of recently enacted legislation and changing government regulation, which may have a material adverse impact on the businesses of our hospital clients and ultimately on our business, financial condition, and results of operations.

The healthcare industry is subject to changing political, economic, and regulatory influences that may affect the procurement processes and operation of healthcare facilities, including our hospital clients. During the past decade, the healthcare industry has been subject to increased legislation and regulation of, among other things, reimbursement rates, payment programs, information technology programs, and certain capital expenditures (collectively, the "Health Reform Laws"). The Health Reform Laws contain various provisions that impact us and our clients. Some of these provisions have a positive impact, by expanding the use of electronic health records in certain federal programs, for example, while others, such as reductions in reimbursement for certain types of providers, have a negative impact due to fewer available resources. The continued increase in fraud and abuse penalties is expected to adversely affect participants in the healthcare sector, including us. The activity related to the repeal, repair, and/or replacement of the Patient Protection and Affordable Care Act ("PPACA"), including any changes resulting from continued judicial and congressional challenges to certain aspects of the law, and the 2015 repeal of the Sustainable Growth Rate and replacement with the MACRA may have an impact on our business. The Affordable Care Act, passed in 2010, contained various provisions that have impacted us and our clients, and any replacement or adjustment of that law may change requirements related to our products or how our clients use them, as well as reimbursement available to our clients. These may have a positive impact by requiring the expanded use of EHRs and analytics tools to participate in certain federal programs, for example, while others, such as those mandating reductions in reimbursement for certain types of providers, may have a negative impact by reducing the resources available to purchase our products. Increases in fraud and abuse enforcement and penalties may also adversely affect participants in the healthcare sector, including us. As existing regulations mature and become better defined, we anticipate that these regulations will continue to directly affect certain of our products and services, but we cannot fully predict the effect at this time. We have taken steps to modify our products, services, and internal practices as necessary to facilitate our compliance with the regulations, but there can be no assurance that we will be able to do so in a timely or complete manner. Achieving compliance with these regulations could be costly and distract management's attention and divert other company resources, and any non-compliance by us could result in civil and criminal penalties.

Litigation & Legal Liabilities1 | 2.3%

Litigation & Legal Liabilities - Risk 1

The elimination of personal liability against our directors and officers under Delaware law and the existence of indemnification rights held by our directors, officers and employees may result in substantial expenses.

Our Amended and Restated Certificate of Incorporation and our Bylaws eliminate the personal liability of our directors and officers to us and our stockholders for damages for breach of fiduciary duty as a director or officer to the extent permissible under Delaware law. Further, our amended and restated certificate of incorporation and our Bylaws and individual indemnification agreements we have entered with each of our directors and executive officers provide that we are obligated to indemnify each of our directors or officers to the fullest extent authorized by the Delaware law and, subject to certain conditions, advance the expenses incurred by any director or officer in defending any action, suit or proceeding prior to its final disposition. Those indemnification obligations could expose us to substantial expenditures to cover the cost of settlement or damage awards against our directors or officers, which we may be unable to afford. Further, those provisions and resulting costs may discourage us or our stockholders from bringing a lawsuit against any of our current or former directors or officers for breaches of their fiduciary duties, even if such actions might otherwise benefit our stockholders.

Taxation & Government Incentives1 | 2.3%

Taxation & Government Incentives - Risk 1

We may not see the benefits from government funding programs initiated to accelerate the adoption and utilization of health information technology.

While government programs have been implemented to improve the efficiency and quality of the healthcare sector, including expenditures to stimulate business and accelerate the adoption and utilization of healthcare technology, we may not see the anticipated benefits of such programs. Under the ARRA, the PPACA, and the MACRA, significant government financial resources are being invested in healthcare, including financial incentives to healthcare providers who can demonstrate meaningful use of certified EHR technology since 2011. While we expect the ARRA, the PPACA, and the MACRA to continue to create sales opportunities over the next several years, we are unsure of the immediate or long-term impact of these government actions. HITECH established the Medicare and Medicaid EHR Incentive Programs to provide incentive payments for eligible professionals, hospitals, and critical access hospitals as they adopt, implement, upgrade, or demonstrate meaningful use of certified EHR technology. HITECH, and subsequently MACRA, also authorized CMS to apply payment adjustments, or penalties, to Medicare eligible professionals and eligible hospitals that are not meaningful users under the Medicare EHR Incentive Program. Centers for Medicare & Medicaid Services ("CMS"). Although we believe that our service offerings will meet the requirements of HITECH and MACRA to allow our clients to qualify for financial incentives and avoid financial penalties for implementing and using our services, there can be no guaranty that our clients will achieve meaningful use (or its equivalent under MACRA's Merit Based Incentive Payment System, Promoting Interoperability) or actually receive such planned financial incentives for our services. We also cannot predict the speed at which healthcare providers will adopt electronic health record systems in response to these government incentives, whether healthcare providers will select our products and services, or whether healthcare providers will implement an electronic health record system at all. In addition, the financial incentives associated with the meaningful use program are tied to provider participation in Medicare and Medicaid, and we cannot predict whether providers will continue to participate in these programs. Any delay in the purchase and implementation of electronic health records systems by healthcare providers in response to government programs, or the failure of healthcare providers to purchase an electronic health record system, could have an adverse effect on our business, financial condition, and results of operations. It is also possible that additional regulations or government programs related to electronic health records, amendment or repeal of current healthcare laws and regulations, or the delay in regulatory implementation could require us to undertake additional efforts to meet meaningful use standards, materially impact our ability to compete in the evolving healthcare IT market, materially impact healthcare providers' decisions to implement electronic health records systems or have other impacts that would be unfavorable to our business. The costs of achieving and maintaining certified electronic health record technology ("CEHRT") are also significant and because the definition of CEHRT and its use requirements for clients are subject to regulatory changes, these programs and future regulatory changes to them could adversely impact our business.

Environmental / Social2 | 4.5%

Environmental / Social - Risk 1

The Company and its products are subject to laws and regulations concerning privacy, information security, data protection, consumer protection, and protection of minors, and these laws and regulations are continually evolving. Our actual or perceived failure to comply with these laws and regulations could harm our business, financial condition, results of operations, reputation, or prospects.

In addition to healthcare-specific information protection requirements, we store sensitive information, including personal information about our employees, and our platforms involve the storage and transmission of customers' personal information on equipment, networks, and corporate systems run by us or managed by third parties including Amazon, Apple, Facebook, Google, and Microsoft. We are subject to a number of laws, rules, and regulations requiring us to provide notification to players, investors, regulators, and other affected parties in the event of a security breach of certain personal data, or requiring the adoption of minimum information security standards that are often vaguely defined and difficult to practically implement. The costs of compliance with these laws, including the European Union's General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act of 2018 ("CCPA"), have increased and may increase in the future. Our corporate systems, third-party systems, and security measures may be breached due to the actions of outside parties, employee error, malfeasance, a combination of these, or otherwise, and, as a result, an unauthorized party may obtain access to, or compromise the integrity of, our data, our employees' data, our customers' data or any third-party data we may possess. Any such security breach could require us to comply with various breach notification laws, may affect our ability to operate, and may expose us to litigation, remediation and investigation costs, increased costs for security measures, loss of revenue, damage to our reputation, and potential liability, each of which could be material. Various government and consumer agencies have called for new regulation and changes in industry practices and are continuing to review the need for greater regulation for the collection of information concerning consumer behavior on the Internet, including regulation aimed at restricting certain targeted advertising practices. For example, the State of California's passage of the CCPA, which went into effect on January 1, 2020, and created new privacy rights for consumers residing in the state. There is also increased attention being given to the collection of data from minors. For instance, the Children's Online Privacy Protection Act ("COPPA") requires companies to obtain parental consent before collecting personal information from children under the age of 13. Compliance with GDPR, CCPA, COPPA, and similar legal requirements has required us to devote significant operational resources and incur significant expenses. We strive to comply with all applicable laws, policies, legal obligations, and certain industry codes of conduct relating to privacy and data protection, to the extent reasonably attainable. However, it is possible that these obligations may be interpreted and applied in a manner that is inconsistent from one jurisdiction to another and may conflict with other rules or our practices. It is also possible that new laws, policies, legal obligations, or industry codes of conduct may be passed, or existing laws, policies, legal obligations, or industry codes of conduct may be interpreted in such a way that could prevent us from being able to offer services to citizens of a certain jurisdiction or may make it costlier or more difficult for us to do so. Any failure or perceived failure by us to comply with our privacy policy and terms of service, our privacy-related obligations to players or other third parties, or our privacy-related legal obligations, or any compromise of security that results in the unauthorized release or transfer of personally identifiable information or other player data, may result in governmental enforcement actions, litigation or public statements against us by consumer advocacy groups or others and could cause our players to lose trust in us, which could have an adverse effect on our business, financial condition, results of operations, reputation or prospects. Additionally, if third parties we work with, such as players, vendors, or developers violate applicable laws or our policies, such violations may also put our clients' and their patients' information at risk and could, in turn, have an adverse effect on our business, financial condition, results of operations, reputation, or prospects.

Environmental / Social - Risk 2

We are subject to numerous privacy and data security laws and related contractual requirements and our failure to comply with those obligations could cause us significant harm.

In the normal course of our business, we collect, process, use and disclose information about individuals, including protected health information and other patient data, as well as information relating to health professionals and our employees. The collection, processing, use, disclosure, disposal, and protection of such information is highly regulated both in the United States and other jurisdictions, including but not limited to, under HIPAA, as amended by HITECH; U.S. state privacy, security, and breach notification and healthcare information laws; the European Union's GDPR; and other European privacy laws as well as privacy laws being adopted in other regions around the world. These laws and regulations are complex and their interpretation is rapidly evolving, making implementation and enforcement, and thus compliance requirements, ambiguous, uncertain, and potentially inconsistent. In addition, our collection, processing, use, disclosure, and protection of information are subject to related contractual requirements. Compliance with such laws and related contractual requirements may require changes to our collection, use, transfer, disclosure, or other processing of information about individuals, and may thereby increase compliance costs. Failure to comply with such laws and/or related contractual obligations could result in regulatory enforcement or claims against us for breach of contract, or may lead third parties to terminate their contracts with us and/or choose not to work with us in the future. Should this occur, there could be a material adverse effect on our reputation, business, financial condition, and results of operations. These regulations often govern the use, handling, and disclosure of information about individuals, including medical information, and require the use of standard contracts, privacy and security standards, and other administrative simplification provisions. In relation to HIPAA, we do not consider our service offerings to generally cause us to be subject as a covered entity; however, in certain circumstances, we are subject to HIPAA as a business associate and may enter into business associate agreements. Additionally, the Federal Trade Commission (the "FTC") and many state attorneys general are interpreting existing federal and state consumer protection laws to impose evolving standards for the online collection, use, dissemination, and security of information about individuals, including health-related information. Courts may also adopt the standards for fair information practices promulgated by the FTC, which concern consumer notice, choice, security, and access. Consumer protection laws require us to publish statements that describe how we handle information about individuals and choices individuals may have about the way we handle their information. If such information that we publish is considered untrue, we may be subject to government claims of unfair or deceptive trade practices, which could lead to significant liabilities and consequences. Furthermore, according to the FTC violating consumers' privacy rights or failing to take appropriate steps to keep information about consumers secure may constitute unfair acts or practices in or affecting commerce in violation of Section 5(a) of the FTC Act. In addition, certain states have adopted robust privacy and security laws and regulations. Such laws and regulations will be subject to interpretation by various courts and other governmental authorities, thus creating potentially complex compliance issues for us and our future customers and strategic partners. For example, the CCPA, which took effect in 2020, imposes obligations and restrictions on businesses regarding their collection, use, and sharing of personal information and provides new and enhanced data privacy rights to California residents, such as affording them the right to access and delete their personal information and to opt-out of certain sharing of personal information. Protected health information that is subject to HIPAA is excluded from the CCPA, however, the information we hold about individuals that is not subject to HIPAA would be subject to the CCPA. It is unclear how HIPAA and the other exceptions may be applied under the CCPA. The CCPA may increase our compliance costs and potential liability. Many similar privacy laws have been proposed at the federal level and in other states. The GDPR became enforceable on May 25, 2018. The GDPR regulates our processing of personal data, and imposes stringent requirements. The GDPR includes sanctions for violations up to the greater of €20 million or 4.0% of worldwide gross annual revenue and applies to services providers such as us. In addition, from the beginning of 2021(when the transitional period following Brexit expires), we will have to comply with the GDPR and also the UK GDPR, with each regime having the ability to fine up to the greater of €20 million (£17 million) or 4% of global turnover. The relationship between the United Kingdom and the European Union in relation to certain aspects of data protection law remains unclear, for example how data transfers between EU member states and the United Kingdom will be treated and the role of the Information Commissioner's Office following the end of the transitional period. These changes will lead to additional costs and increase our overall risk exposure. Recent legal developments in Europe have created complexity and uncertainty regarding transfers of personal data from the EEA to the United States, e.g., on July 16, 2020, the Court of Justice of the European Union ("CJEU") invalidated the EU-US Privacy Shield Framework ("Privacy Shield") under which personal data could be transferred from the EEA to U.S. entities who had self-certified under the Privacy Shield scheme. While the CJEU upheld the adequacy of the standard contractual clauses (a standard form of contract approved by the European Commission as an adequate personal data transfer mechanism, and a potential alternative to the Privacy Shield), it made clear that reliance on them alone may not necessarily be sufficient in all circumstances; this has created uncertainty. At the moment we have not implemented any Privacy Shield procedures or certifications. We also currently rely on the standard contractual clauses to transfer personal data outside the EEA, including to the United States. It may subject us to a lawsuit of a European Union citizen, if we inadvertently process their personally-identifiable information. The United States, the European Union, and other jurisdictions where we operate continue to issue new and enhance existing, privacy and data security protection regulations related to the collection, use, disclosure, disposal, and protection of information about individuals, including medical information. Privacy and data security laws are rapidly evolving both in the United States and internationally, and the future interpretation of those laws is somewhat uncertain. E.g., we do not know how E.U. regulators will interpret or enforce many aspects of the GDPR and some regulators may do so in an inconsistent manner. In the United States, privacy and data security is an area of emphasis for some but not all state regulators, and new legislation has been and likely will continue to be introduced at the state and/or federal level. For instance, there is a new act on the ballot in California, the California Privacy Rights Act, which may go into effect in 2023. Additional legislation or regulation might, among other things, require us to implement new security measures and processes or bring within the legislation or regulation de-identified health or other information about individuals, each of which may require substantial expenditures or limit our ability to offer some of our services.

Tech & Innovation

Total Risks: 10/44 (23%)Below Sector Average

Innovation / R&D2 | 4.5%

Innovation / R&D - Risk 1

We may be unable to successfully introduce new products or services or fail to keep pace with advances in technology.

The successful implementation of our business model depends on our ability to adapt to evolving technologies and increasingly aggressive industry standards and introduce new products and services accordingly. We cannot provide assurance that we will be able to introduce new products on schedule, or at all, or that such products will achieve market acceptance. Moreover, competitors may develop competitive products that could adversely affect our operating results. Any failure by us to introduce planned products or other new products or to introduce these products on schedule could have an adverse effect on our revenue growth and operating results. If we cannot adapt to changing technologies, our products and services may become obsolete and our business could suffer. Because the markets in which we operate are characterized by rapid technological change, we may be unable to anticipate changes in our current and potential clients' or users' requirements that could make our existing technology obsolete. Our success will depend, in part, on our ability to continue to enhance our existing products and services, develop new technology that addresses the increasingly sophisticated and varied needs of our prospective clients and users, license leading technologies and respond to technological advances and emerging industry standards and practices, all on a timely and cost-effective basis. The development of our proprietary technology entails significant technical and business risks. We may not be successful in using new technologies effectively or adapting our proprietary technology to evolving client or user requirements or emerging industry standards. Any of the foregoing could materially and adversely impact our business, financial condition, and operating results.

Innovation / R&D - Risk 2

If the healthcare information technology market fails to continue to develop as quickly as expected, our business, financial condition, and operating results could be materially and adversely affected.

The electronic healthcare information market is rapidly evolving. A number of market entrants have introduced or developed products and services that are competitive with one or more components of the platforms and programmatic solutions we offer. We expect that additional companies will continue to enter this market, especially in response to recent legislative actions. In new and rapidly evolving industries, there is significant uncertainty and risk as to the demand for, and market acceptance of, recently introduced products and services. Because the markets for our products and services are new and evolving, we are not able to predict the size and growth rate of the markets with any certainty. If markets fail to develop, develop more slowly than expected, or become saturated with competitors, our business, financial condition, and operating results could be materially and adversely impacted.

Trade Secrets4 | 9.1%

Trade Secrets - Risk 1

We may not be able to protect our intellectual property rights throughout the world.

Third parties may attempt to commercialize competitive products or services in foreign countries where we do not have a trademark or copyright registration or where legal recourse may be limited. This may have a significant commercial impact on our foreign business operations which we expect to expand. Registration and enforcement of intellectual property rights to our platforms and services in all countries throughout the world would be prohibitively expensive, and our intellectual property rights in some countries outside the United States can be less extensive than those in the United States. The requirements for patentability may differ in certain countries, particularly developing countries. For example, Europe has a heightened requirement for patentability of software inventions. Thus, even in countries where we do pursue patent protection, there can be no assurance that any patents will issue with claims that cover our products. In addition, the laws of some foreign countries do not protect intellectual property rights to the same extent as laws in the United States and in some cases may even force us to grant a compulsory license to competitors or other third parties. Consequently, we may not be able to prevent third parties from practicing our inventions in all countries outside the United States or from selling or importing products concerning our healthcare technology into the United States or other jurisdictions. Competitors may use our technologies in jurisdictions where we have not obtained patent protection to develop their own products and services and further, may export otherwise infringing products and services to territories where we have patent protection, but enforcement on infringing activities is inadequate. These products or services may compete with ours, and our patents or other intellectual property rights may not be effective or sufficient to prevent them from competing. Many companies have encountered significant problems in protecting and defending intellectual property rights in foreign jurisdictions. The legal systems of certain countries, particularly certain developing countries, do not favor the enforcement of patents and other intellectual property protection, which could make it difficult for us to stop the infringement of our patents or marketing of competing products in violation of our proprietary rights generally. Proceedings to enforce our patent rights in foreign jurisdictions could result in substantial costs and divert our efforts and attention from other aspects of our business, could put our patents at risk of being invalidated or interpreted narrowly and our patent applications at risk of not issuing, and could provoke third parties to assert claims against us. We may not prevail in any lawsuits that we initiate and the damages or other remedies awarded, if any, may not be commercially meaningful. In addition, certain countries in Europe and certain developing countries, including India and China, have compulsory licensing laws under which a patent owner may be compelled to grant licenses to third parties. In those countries, we may have limited remedies if our patents are infringed or if we are compelled to grant a license to our patents to a third party, which could materially diminish the value of those patents. This could limit our potential revenue opportunities. Accordingly, our efforts to enforce our intellectual property rights around the world may be inadequate to obtain a significant commercial advantage from the intellectual property that we own or license. Finally, our ability to protect and enforce our intellectual property rights may be adversely affected by unforeseen changes in foreign intellectual property laws.

Trade Secrets - Risk 2

We may be liable for infringing the intellectual property rights of others.

Our competitors may develop similar intellectual property, duplicate our products and/or services, or design around any patents or other intellectual property rights we hold. Litigation may be necessary to enforce our intellectual property rights or to determine the validity and scope of the patents, intellectual property, or other proprietary rights of third parties, which could be time-consuming and costly and have an adverse effect on our business and financial condition. Intellectual property infringement claims could be made against us and our ecosystem partners, especially as the number of our competitors grows. These claims, even if not meritorious, could be expensive and divert our attention from operating our company and result in a temporary inability to use the intellectual property subject to such claim. In addition, if we, our ecosystem partners, and/or customers become liable to third parties for infringing their intellectual property rights, we could be required to pay a substantial damage award and develop comparable non-infringing intellectual property, to obtain a license, or to cease providing the content or services that contain the infringing intellectual property. We may be unable to develop a non-infringing intellectual property or obtain a license on commercially reasonable terms, if at all.

Trade Secrets - Risk 3

Protection of certain intellectual property may be difficult and costly, and our inability to protect our intellectual property could reduce the value of our products and services.

Our trademarks, trade secrets, copyrights, and other intellectual property rights are important assets to us. Various events outside of our control pose a threat to our intellectual property rights, as well as to our products, services, and technologies. For instance, any of our current or future intellectual property rights may be challenged by others or invalidated through administrative process or litigation. We have taken efforts to protect our proprietary rights, including a combination of license agreements, confidentiality policies and procedures, confidentiality provisions in employment agreements, confidentiality agreements with third parties, and technical security measures, as well as our reliance on copyright, trademark, trade secret, and unfair competition laws. These efforts may not be sufficient or effective. For example, the secrecy of our trade secrets or other confidential information could be compromised by our employees or by third parties, which could cause us to lose the competitive advantage resulting from those trade secrets or confidential information. Unauthorized third parties may try to copy or reverse engineer portions of our products or otherwise infringe upon, misappropriate or use our intellectual property. We may not be able to discover or determine the extent of any unauthorized use of our proprietary rights. We may also conclude that, in some instances, the benefits of protecting our intellectual property rights may be outweighed by the expense. In addition, our platforms incorporate "open source" software components that are licensed to us under various public domain licenses. Open-source license terms are often ambiguous, and there is little or no legal precedent governing the interpretation of many of the terms of certain of these licenses. Therefore, the potential impact of such terms on our business is somewhat unknown. Further, some enterprises may be reluctant or unwilling to use cloud-based services, because they have concerns regarding the risks associated with the security and reliability, among other things, of the technology delivery model associated with these services. If enterprises do not perceive the benefits of our services, then the market for these services may not expand as much or develop as quickly as we expect, either of which would adversely affect our business, financial condition, or operating results. Legal standards relating to the validity, enforceability, and scope of protection of intellectual property rights are uncertain and still evolving. The laws of some foreign countries may not be as protective of intellectual property rights as those in the United States, and effective intellectual property protection may not be available in every country in which our products and services are distributed. Any impairment of our intellectual property rights, or our failure to protect our intellectual property rights adequately, could give our competitors access to our technology and could materially and adversely impact our business and operating results. Any increase in the unauthorized use of our intellectual property could also divert the efforts of our technical and management personnel and resulting in significant additional expense to us, which could materially and adversely impact our operating results. Finally, in order to protect our intellectual property rights, we may be required to spend significant resources to monitor and protect these rights. Litigation brought to protect and enforce our intellectual property rights could be costly, time-consuming, and distracting to management and could result in the impairment or loss of portions of our intellectual property. Furthermore, our efforts to enforce our intellectual property rights may be met with defences, counterclaims, and countersuits attacking the validity and enforceability of our intellectual property rights. Negative publicity related to a decision by us to initiate such enforcement actions against a customer or former customer, regardless of its accuracy, may adversely impact our other customer relationships or prospective customer relationships, harm our brand and business, and could cause the market price of our common stock to decline. Our failure to secure, protect and enforce our intellectual property rights could adversely affect our brand and our business.

Trade Secrets - Risk 4

Any failure to protect our intellectual property that is not registered could impair our business.

Although we rely on copyright laws to protect the works of authorship (including software) created by us, we do not register the copyrights in any of our copyrightable works. Copyrights of U.S. origin must be registered before the copyright owner may bring an infringement suit in the United States. Furthermore, if a copyright of U.S. origin is not registered within three months of publication of the underlying work, the copyright owner may be precluded from seeking statutory damages or attorney's fees in any United States enforcement action, and may be limited to seeking actual damages and lost profits. Accordingly, if one of our unregistered copyrights of U.S. origin is infringed by a third party, we will need to register the copyright before we can file an infringement suit in the United States, and our remedies in any such infringement suit may be limited.

Cyber Security1 | 2.3%

Cyber Security - Risk 1

A significant inadvertent disclosure or breach of confidential and/or personal information we hold, or of the security of our or our customers', suppliers', or other partners' computer systems could be detrimental to our business, reputation, and results of operations.

Our business requires the storage, transmission, and utilization of data, including healthcare information, patient's information, personal information, and other information that must be maintained on a confidential basis. These activities have made, and may in the future make, our clients and our products a target of cyber-attacks by third parties seeking unauthorized access to the data contained on our platforms. As a result of the types and volume of personal data on our systems, we believe that healthcare companies may be a target for such breaches and attacks. In recent years, the frequency, severity, and sophistication of cyber-attacks, computer malware, viruses, social engineering, and other intentional misconduct by computer hackers have significantly increased, and government agencies and security experts have warned about the growing risks of hackers, cybercriminals, and other potential attackers targeting information technology systems. Such third parties could attempt to gain entry into our systems for the purpose of stealing data or disrupting the systems. In addition, our security measures may also be breached due to employee error, malfeasance, system errors, or vulnerabilities, including vulnerabilities of our vendors, suppliers, their products, or otherwise. Third parties may also attempt to fraudulently induce employees or customers into disclosing sensitive information such as user names, passwords, or other information to gain access to the data contained on our platforms, including patient information. While we and our third-party cloud providers have implemented security measures designed to protect against security breaches, these measures could fail or may be insufficient, particularly as techniques used to sabotage or obtain unauthorized access to systems change frequently and generally are not recognized until launched against a target, resulting in the unauthorized disclosure, modification, misuse, destruction, or loss of our or our customers' data or other sensitive information. Any failure to prevent or mitigate security breaches and improper access to or disclosure of the data we maintain, including personal information, could result in litigation, indemnity obligations, regulatory enforcement actions, investigations, fines, penalties, mitigation and remediation costs, disputes, reputational harm, diversion of management's attention, and other liabilities and damage to our business. We cannot be certain that advances in criminal capabilities, the discovery of new vulnerabilities in our systems, and attempts to exploit those vulnerabilities, physical system or facility break-ins and data thefts or other developments will not compromise or breach the technology protecting our systems and the information we possess. We may incur significant costs in protecting against or remediating cyber-attacks. Any security breach could result in operational disruptions that impair our ability to meet our customers' requirements, which could result in decreased revenue. Also, whether there is an actual or a perceived breach of our security, our reputation could suffer irreparable harm, causing our current and prospective customers to reject our products and services in the future, deterring data suppliers from supplying us data or customers from using our services, or changing consumer behaviour adversely affecting our technology's market coverage. Further, we could be forced to expend significant resources in response to a security breach, including those expended in notifying individuals and providing mitigating services, repairing system damage, increasing cybersecurity protection costs by deploying additional personnel and protection technologies, and litigating and resolving legal claims or governmental inquiries and investigations, all of which could divert the attention of our management and key personnel away from our business operations. Finally, while we provide guidance and specific requirements in some cases, we do not directly control any of our clients' cybersecurity operations, or the amount of investment they place in guarding against cybersecurity threats. Accordingly, we are subject to any flaws in or breaches of their systems, which could materially impact our business, operating results, and financial results.

Technology3 | 6.8%

Technology - Risk 1

Our use of third-party open-source software could negatively affect our ability to offer our products and services through our platforms and subject us to possible litigation.

We have incorporated, and may in the future incorporate, third-party open-source software in our technologies. Open-source software is generally licensed by its authors or other third parties under open source licenses. From time to time, companies that use third-party open-source software have faced claims challenging the use of such open-source software and requesting compliance with the open-source software license terms. Accordingly, we may be subject to suits by parties claiming ownership of what we believe to be open-source software or claiming non-compliance with the applicable open-source licensing terms. Some open-source software licenses require end-users who use, distribute or make available across a network software and services that include open-source software to offer to the public aspects of the technology that incorporates the open-source software for no cost, make publicly available source code (which in some circumstances could include valuable proprietary code) for modifications or derivative works created based upon incorporating or using the open-source software and/or to license such modifications or derivative works under the terms of the particular open source license. If we combine our proprietary software with open-source software in a certain manner, we could, under certain open-source licenses, be required to release or license the source code of our proprietary software to the public. Additionally, if a third-party software provider has incorporated open-source software into software that we license from such provider, we could be required to disclose any of our source code that incorporates or is a modification of our licensed software. While we use tools designed to help us monitor and comply with the licenses of third-party open-source software and protect our valuable proprietary source code, we may inadvertently use third-party open-source software in a manner that exposes us to claims of non-compliance with the terms of their licenses, including claims of intellectual property rights infringement or for breach of contract. Furthermore, there exists today an increasing number of types of open-source software licenses, almost none of which have been tested in courts of law to provide guidance of their proper legal interpretations, and there is a risk that such licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our use of the open-source software. If we were to receive a claim of non-compliance with the terms of any of these open-source licenses, we may be required to publicly release certain portions of our proprietary source code, expend substantial time and resources to re-engineer some of our software, or pay damages, settlement fees or a royalty to use certain open-source software. Any of the foregoing could disrupt and harm our business. In addition, the use of third-party open-source software typically exposes us to greater risks than the use of third-party commercial software because open-source licensors generally do not provide support, warranties, controls, indemnification, or other contractual protections regarding the functionality or origin of the software. Use of open-source software may also present additional security risks because the public availability of such software may make it easier for hackers and other third parties to determine how to compromise our platform. Any of the foregoing could harm our business, financial condition, results of operations, and prospects and could help our competitors develop products and services that are similar to or better than ours.

Technology - Risk 2

Defects or disruptions in our cloud software solutions could result in diminished demand for our platforms and services, a reduction in our revenues, and subject us to substantial liability.

We have from time to time found defects in our solutions, and new defects may be detected in the future. In addition, we have experienced, and may in the future experience, service disruptions, degradations, outages, and other performance problems. These types of problems may be caused by a variety of factors, including human or software errors, viruses, cyber-attacks, fraud, spikes in customer usage, problems associated with our third-party computing infrastructure and network providers, infrastructure changes, and denial of service issues. Service disruptions may result from errors we make in delivering, configuring, or hosting our solutions, or designing, installing, expanding, or maintaining our platform's computing infrastructure. In some instances, we may not be able to identify the cause or causes of these performance problems within an acceptable period of time. It is also possible that such problems could result in losses of data. Since our customers use our platforms and services for important aspects of their business, any errors, defects, disruptions, service degradations, or other performance problems with our solutions could hurt our reputation and may damage our customers' businesses. If that occurs, our customers may delay or withhold payment to us, cancel their agreements with us, elect not to renew, or make service credit claims, warranty claims, or other claims against us, and we could lose future sales. The occurrence of any of these events could result in diminishing demand for our solutions, a reduction of our revenues, an increase in our bad debt expense or in collection cycles for accounts receivable, or could require us to incur the expense of litigation or substantial liability.

Technology - Risk 3

We may have to incur material expenses in order to accommodate its client's interoperability requests dictated by interoperability standards of exchange of health information.

Our clients are concerned with and often require that our software solutions and health care devices be interoperable with other third-party health care information technology suppliers. With the passing of the MACRA in 2015, the U.S. Congress declared it a national objective to achieve widespread exchange of health information through interoperable certified EHR technology nationwide by December 31, 2018. The 21st Century Cures Act, which was passed and signed into law in December 2016, includes numerous provisions intended to encourage this nationwide interoperability. In February 2019, HHS's Office of the National Coordinator for Health Information Technology ("ONC") released a proposed rule titled, "21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program." Following an extended public comment period, in March 2020 ONC released the final rule which implements the key interoperability provisions included in the Cures Act. Specifically, it calls on developers of certified EHRs and health IT products to adopt standardized application programming interfaces ("APIs"), which will help allow individuals to securely and easily access structured and unstructured EHI formats using smartphones and other mobile devices. This provision and others included in the rule create a lengthy list of new certification and maintenance of certification requirements that developers of EHRs and other health IT products have to meet in order to maintain approved federal government certification status. Although our current products do not require such certification, they may be required to be certified in future. Meeting and maintaining this certification status will require additional development costs. The ONC rule also implements the information blocking provisions of the 21st Century Cures Act, including identifying reasonable and necessary activities that do not constitute information blocking. Under the 21st Century Cures Act, the U.S. Department of Health and Human Services ("HHS") has the regulatory authority to investigate and assess civil monetary penalties of up to $1,000,000 against certified health IT developers found to be in violation of "information blocking." This new oversight and authority to investigate claims of information blocking creates significant risks for us and our clients and could potentially create substantial new compliance costs. Other regulatory provisions included in the ONC Cures Act final rule could create compliance costs and/or regulatory risks for us. Because these regulations are subject to future changes and/or significant enforcement discretion by federal agencies, the ultimate impact of these regulations is unknown.

Finance & Corporate

Total Risks: 9/44 (20%)Below Sector Average

Share Price & Shareholder Rights7 | 15.9%

Share Price & Shareholder Rights - Risk 1

As a "controlled company" under the Nasdaq Marketplace Rules, we may choose to exempt our Company from certain corporate governance requirements that could have an adverse effect on our public stockholders.

Under Rule 4350(c) of the Nasdaq Marketplace Rules, a company of which more than 50% of the voting power is held by an individual, group or another company is a "controlled company" and may elect not to comply with certain corporate governance requirements, including the requirement that a majority of our directors be independent, as defined in Nasdaq rules and the requirement that our compensation and nominating and corporate governance committees consist entirely of independent directors. Although we do not intend to rely on the "controlled company" exemption under Nasdaq rules, we could elect to rely on this exemption in the future. If we elect to rely on the "controlled company" exemption, a majority of the members of our Board might not be independent directors and our nominating and corporate governance and compensation committees might not consist entirely of independent directors. Accordingly, during any time while we remain a controlled company relying on the exemption and during any transition period following a time when we are no longer a controlled company, you would not have the same protections afforded to shareholders of companies that are subject to all of the Nasdaq corporate governance requirements. Our status as a controlled company could cause our common stock to look less attractive to certain investors or otherwise harm our trading price.

Share Price & Shareholder Rights - Risk 2

Our certificate of incorporation will designate the Court of Chancery of the State of Delaware as the exclusive forum for certain litigation that may be initiated by our stockholders, which could limit our stockholders' ability to obtain a favorable judicial forum for disputes with us.

Our amended and restated certificate of incorporation specifies that, unless we consent in writing to the selection of an alternative forum, the Court of Chancery of the State of Delaware shall be the sole and exclusive forum for (a) any derivative action or proceeding brought on behalf of us, (b) any action asserting a claim of breach of a fiduciary duty owed by any of our directors, officers, employees or agents or our stockholders, (c) any action asserting a claim arising pursuant to any provision of the Delaware General Corporation Law, our Certificate of Incorporation or the Bylaws, or (d) any action asserting a claim governed by the internal affairs doctrine, in each case subject to said Court of Chancery having personal jurisdiction over the indispensable parties named as defendants therein. Any person or entity purchasing or otherwise acquiring any interest in shares of our capital stock shall be deemed to have notice of and to have consented to the provisions of our amended and restated certificate of incorporation described above We believe these provisions benefit us by providing increased consistency in the application of Delaware law by chancellors particularly experienced in resolving corporate disputes, efficient administration of cases on a more expedited schedule relative to other forums and protection against the burdens of multi-forum litigation. However, the provision may have the effect of discouraging lawsuits against our directors, officers, employees and agents as it may limit any stockholder's ability to bring a claim in a judicial forum that such stockholder finds favorable for disputes with us or our directors, officers, employees or agents. The enforceability of similar choice of forum provisions in other companies' certificates of incorporation has been challenged in legal proceedings, and it is possible that, in connection with any applicable action brought against us, a court could find the choice of forum provisions contained in our restated certificate of incorporation to be inapplicable or unenforceable in such action. If a court were to find the choice of forum provision contained in our restated certificate of incorporation to be inapplicable or unenforceable in an action, we may incur additional costs associated with resolving such action in other jurisdictions, which could adversely affect our business, financial condition or results of operations.

Share Price & Shareholder Rights - Risk 3

We are an "emerging growth company" and the reduced disclosure requirements applicable to emerging growth companies may make our common stock less attractive to investors.

We are an "emerging growth company," as defined in the JOBS Act. For so long as we remain an emerging growth company, we are permitted by SEC rules and plan to rely on exemptions from certain disclosure requirements that are applicable to other SEC-registered public companies that are not emerging growth companies. These exemptions include not being required to comply with the auditor attestation requirements of Section 404 of the SOX, not being required to comply with any requirement that may be adopted by the Public Company Accounting Oversight Board regarding mandatory audit firm rotation or a supplement to the auditor's report providing additional information about the audit and the financial statements, reduced disclosure obligations regarding executive compensation and exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved. As a result, the information we provide stockholders will be different than the information that is available with respect to other public companies. In this prospectus, we have not included all of the executive compensation-related information that would be required if we were not an emerging growth company. We cannot predict whether investors will find our common stock less attractive if we rely on these exemptions. If some investors find our common stock less attractive as a result, there may be a less active trading market for our common stock and our stock price may be more volatile. In addition, the JOBS Act provides that an emerging growth company can take advantage of an extended transition period for complying with new or revised accounting standards. This allows an emerging growth company to delay the adoption of certain accounting standards until those standards would otherwise apply to private companies. We have elected to avail ourselves of this exemption from new or revised accounting standards and, therefore, we will not be subject to the same new or revised accounting standards as other public companies that are not emerging growth companies. As a result, our financial statements may not be comparable to companies that comply with new or revised accounting pronouncements as of public company effective dates.

Share Price & Shareholder Rights - Risk 4

If securities or industry analysts do not publish research or publish inaccurate or unfavorable research about our business, our stock price and trading volume could decline.

The trading market for our common stock will depend in part on the research and reports that securities or industry analysts publish about us or our business. Several analysts cover our stock. If one or more of those analysts downgrade our stock or publish inaccurate or unfavorable research about our business, our stock price would likely decline. If one or more of these analysts cease coverage of our company or fail to publish reports on us regularly, demand for our stock could decrease, which might cause our stock price and trading volume to decline.

Share Price & Shareholder Rights - Risk 5

Sales of a significant number of shares of our common stock in the public markets, or the perception that such sales could occur, could depress the market price of our common stock.

Sales of a substantial number of shares of our common stock in the public markets could depress the market price of our common stock and impair our ability to raise capital through the sale of additional equity securities. We cannot predict the effect that future sales of our common stock would have on the market price of our common stock.

Share Price & Shareholder Rights - Risk 6

Our Parent owns approximately 59.18% of our common stock and will be able to exert a controlling influence over our business affairs and matters submitted to stockholders for approval.

Our Parent owns approximately 59.18% of our common stock. As a result, our Parent has control over all matters submitted to our stockholders for approval, including the election and removal of directors, amendments to our certificate of incorporation and bylaws, the approval of any business combination, and any other significant corporate transaction. These actions may be taken even if they are opposed by other stockholders, including public stockholders like you.

Share Price & Shareholder Rights - Risk 7

If our shares of common stock become subject to the penny stock rules, it would become more difficult to trade our shares.

The Securities and Exchange Commission (or SEC) has adopted rules that regulate broker-dealer practices in connection with transactions in penny stocks. Penny stocks are generally equity securities with a price of less than $5.00, other than securities registered on certain national securities exchanges or authorized for quotation on certain automated quotation systems, provided that current price and volume information with respect to transactions in such securities is provided by the exchange or system. If we do not retain a listing on Nasdaq and if the price of our common stock is less than $5.00, our common stock will be deemed a penny stock. The penny stock rules require a broker-dealer, before a transaction in a penny stock not otherwise exempt from those rules, to deliver a standardized risk disclosure document containing specified information. In addition, the penny stock rules require that before effecting any transaction in a penny stock not otherwise exempt from those rules, a broker-dealer must make a special written determination that the penny stock is a suitable investment for the purchaser and receive (i) the purchaser's written acknowledgment of the receipt of a risk disclosure statement; (ii) a written agreement to transactions involving penny stocks; and (iii) a signed and dated copy of a written suitability statement. These disclosure requirements may have the effect of reducing the trading activity in the secondary market for our common stock, and therefore stockholders may have difficulty selling their shares.

Corporate Activity and Growth2 | 4.5%

Corporate Activity and Growth - Risk 1

We have experienced rapid growth, and if we fail to manage our growth effectively, we may be unable to execute our business plan.

Since we were founded, we have experienced rapid growth and expansion of our operations. Our revenues, customer count, product and service offerings, countries of operation, facilities, and computing infrastructure needs have all increased significantly, and we expect them to increase in the future. We have also experienced rapid growth in our employee base. As we continue to grow, both organically and through acquisitions, we must effectively integrate, develop, and motivate an increasing number of employees (an increasing portion of whom are expected to work remotely due to the COVID-19 pandemic), while executing our growth plan and maintaining the beneficial aspects of our culture. Any failure to preserve our culture could negatively affect our future success, including our ability to attract and retain highly qualified employees and to achieve our business objectives. Our rapid growth has placed, and will continue to place, a significant strain on our management capabilities, administrative and operational infrastructure, facilities, IT, and other resources. We anticipate that additional investments in our facilities and computing infrastructure will be required to scale our operations. To effectively manage growth, we must continue to: improve our key business applications, processes, and computing infrastructure; enhance information and communication systems; and ensure that our policies and procedures evolve to reflect our current operations and are appropriately communicated to and observed by employees (an increasing portion of whom are working and are expected to work remotely). These enhancements and improvements will require additional investments and allocation of valuable management and employee time and resources. Failure to effectively manage growth could result in difficulty or delays in deploying our solutions, declines in quality or customer satisfaction, increases in costs, difficulties in introducing new features, or other operational difficulties, and any of these difficulties could adversely impact our business performance and results of operations.

Corporate Activity and Growth - Risk 2

Our business depends in part on our ability to establish and maintain additional strategic relationships.

To be successful, we must continue to maintain our existing strategic relationships and establish additional strategic relationships with leaders in a number of the markets in which we operate. This is critical to our success because we believe that these relationships contribute towards our ability to: - extend the reach of our products and services to a larger number of participants in the Healthcare and Life Sciences industry;- develop and deploy new products and services;- further enhance our brand; and - generate additional revenue and cash flows. Entering into strategic relationships is complicated because strategic partners may decide to compete with us in some or all of the markets in which we operate. In addition, we may not be able to maintain or establish relationships with key participants in the healthcare and Life Sciences industries if we conduct business with their competitors. We depend, in part, on our strategic partners' ability to generate increased acceptance and use of our products and services. If we lose any of these strategic relationships or fail to establish additional relationships, or if our strategic relationships fail to benefit us as expected, this could materially and adversely impact our business, financial condition, and operating results.

Ability to Sell

Total Risks: 7/44 (16%)Above Sector Average

Competition2 | 4.5%

Competition - Risk 1

Competition with companies that have greater financial, technical, and marketing resources than we have could result in a loss of clients and/or a lowering of prices for our products, causing a decrease in our revenues and/or market share.

There are a number of companies that are our principal and secondary competitors and offer products and systems that are comparable to our solutions and address the markets we serve. The principal competitive factors in our markets include product features, performance, and support, product scalability and flexibility, ease of deployment and use, the total cost of ownership, and time to value. Some of our current and potential competitors have advantages over us, such as longer operating histories, significantly greater financial, technical, marketing, or other resources, a stronger brand and business user recognition, larger intellectual property portfolios, and broader global distribution and presence. Further, competitors may be able to offer products or functionality similar to ours at a more attractive price than we can by integrating or bundling their software products with their other product offerings. In addition, our industry is evolving rapidly and is becoming increasingly competitive. Larger and more established companies may focus on creating a learning system or solutions that could directly compete with one or more of our offerings. If companies move a greater proportion of their data and computational needs to the cloud, new competitors may emerge which offer services comparable to ours or that are better suited for cloud-based data, and the demand for one or more of our offerings may decrease. Smaller companies could also launch new products and services that we do not offer and that could gain market acceptance quickly. We may also face competition from providers of cloud management systems and database systems, and other segment-specific applications. Any of these companies, as well as other technology or healthcare companies, could decide at any time to specifically target hospitals and Life Sciences companies within our target market. A number of existing and potential competitors are more established than we are and have greater name recognition and financial, technical, and marketing resources. Products of our competitors may have better performance, lower prices, and broader market acceptance than our products. We expect increased competition that could cause us to lose clients, lower our prices to remain competitive, and, consequently, experience lower revenues, revenue growth, and profit margins, which would have a material adverse effect on our financial condition and business prospects.

Competition - Risk 2

Markets for our products and services are highly competitive and subject to rapid technological change, and we may be unable to compete effectively in these markets.

The market for healthcare solutions is intensely competitive and is characterized by rapidly evolving technology, solution standards, and users' needs, and the frequent introduction of new products and services. There can be no assurance that we capture additional opportunities in such rapidly evolving markets. Some of our competitors may be more established, benefit from greater name, recognition and have substantially greater financial, technical, and marketing resources than us. Moreover, we expect that competition will continue to increase as a result of potential incentives provided by government programs and as a result of consolidation in both the IT and healthcare industries. If one or more of our competitors or potential competitors were to merge or partner with another of our competitors, the change in the competitive landscape could adversely affect our ability to compete effectively. We compete on the basis of several factors, including: - breadth and depth of services, including our open architecture and the level of product integration across care settings;- integrated platform;- regulatory compliance;- reputation;- reliability, accuracy, and security;- client service;- the total cost of ownership;- innovation; and - industry acceptance, expertise, and experience. There can be no assurance that we will be able to compete successfully against current and future competitors or that the competitive pressures that we face will not materially and adversely impact our business, financial condition, and operating results.

Demand3 | 6.8%

Demand - Risk 1

Our revenues have historically been concentrated among our top customers, and the loss of any of these customers could reduce our revenues and adversely impact our operating results.

Historically, our revenue has been concentrated among a small number of customers. In the fiscal year ended December 31, 2023, our top customer and our top five customers accounted for 23% and 77% of our revenue, respectively. As a result, the loss of one or more of these customers could materially reduce our revenue, harm our results of operations, and limit our growth.

Demand - Risk 2

Consolidation in the healthcare industry could adversely impact our business, financial condition, and operating results.

Many healthcare industry organizations are consolidating to create integrated healthcare delivery systems with greater market power. As provider networks and managed care organizations consolidate, thus decreasing the number of market participants, the competition to provide products and services like ours will become more intense, and the importance of establishing and maintaining relationships with key industry participants will increase. These industry participants may try to use their market power to negotiate price reductions for our products and services. Further, consolidation of management and billing services through integrated delivery systems may decrease demand for our products. Such consolidation may also lead to integrated delivery systems requiring newly acquired physician practices to replace our products and services with those already in use in the larger enterprise. Any of these factors could materially and adversely impact our business, financial condition, and operating results.

Demand - Risk 3

If the demand for cloud-based solutions declines, particularly in the Life Sciences industry, our revenues could decrease, and our business could be adversely affected.

The continued expansion of the use of cloud-based solutions, particularly in the Life Sciences industry, depends on a number of factors, including the cost, performance, and perceived value associated with cloud-based solutions, as well as the ability of providers of cloud-based solutions to address and maintain security, privacy, and unique regulatory requirements or concerns. If we or other cloud-based solution providers experience security incidents, loss of customer data, disruptions in delivery, or other problems, the market for cloud-based solutions in the Life Sciences industry, including our solutions, may be adversely affected. If cloud-based solutions do not continue to achieve more widespread adoption in the Life Sciences industry, or there is a widespread reduction in demand for cloud-based solutions, our revenues could decrease and our business could be adversely affected.

Sales & Marketing2 | 4.5%

Sales & Marketing - Risk 1

The market for our data analysis systems and software solutions is new and unproven and may not grow.

We believe our future success will depend in large part on establishing and growing a market for our systems infrastructure and that are able to provide operational intelligence, particularly designed to collect and index machine data. Our systems infrastructure is designed to address interoperability challenges across the healthcare continuum. It integrates big data with real-time resources and applies machine learning algorithms to inform and optimize treatment decisions. In order to grow our business, we intend to expand the functionality of our offering to increase its acceptance and use by the broader market. In particular, our systems infrastructure is targeted at those in the healthcare continuum that are transitioning from fee-for-service to a value-based reimbursement model. While we believe this to be the current trend in healthcare, this trend may not continue in the future. Our systems infrastructure is less effective with a traditional fee-for-service model and if there is a reversion in the industry towards fee-for-service, or a shift to another model, we would need to update our offerings and we may not be able to do so effectively or at all. It is difficult to predict client adoption and renewal rates, client demand for our software, the size and growth rate of the market for our solutions, the entry of competitive products, or the success of existing competitive products. Many of our potential clients may already be a party to existing agreements for competing offerings that may have lengthy terms or onerous termination provisions, and they may have already made substantial investments into those platforms which would result in high switching costs. Any expansion in our market depends on several factors, including the cost, performance, and perceived value associated with such operating system and software applications particularly considering the shifting market dynamics. Although we have experienced rapid adoption of our systems infrastructure and software solutions, the rate may slow or decline in the future, which would harm our business and operating results. In addition, while many large hospital systems and payers use our solutions, many of these entities use only certain of our offerings, and we may not be successful in driving broader adoption of our solutions among these existing users, which would limit our revenue growth. If the market for our offerings does not achieve widespread adoption or there is a reduction in demand for our offerings in our market caused by a lack of customer acceptance, technological challenges, lack of accessible machine data, competing technologies and products, decreases in corporate spending, weakening economic conditions, or otherwise, it could result in reduced customer orders, early terminations, reduced renewal rates or decreased revenues, any of which would adversely affect our business operations and financial results. You should consider our business and prospects in light of the risks and difficulties we may encounter in this new and unproven market.

Sales & Marketing - Risk 2

Our sales cycle can be lengthy and unpredictable, which may cause our revenue and operating results to fluctuate significantly.

Our sales cycle can be lengthy and unpredictable. Our sales efforts involve educating our customers about the use and benefits of our offerings and solutions, including the technical capabilities of our solutions and the potential cost savings and productivity gains achievable by deploying them. Additionally, many of our potential clients are typically already in long-term contracts with their current providers and face significant costs associated with transitioning to our offerings and solutions. As a result, potential customers typically undertake a significant evaluation process, which frequently involves not only our software platforms and component systems infrastructure and platforms but also their existing capabilities and solutions and can result in a lengthy sales cycle. We spend substantial time, effort, and money on our sales efforts without any assurance that our efforts will produce any sales. In addition, purchases of our platform as a service infrastructure are frequently subject to budget constraints, multiple approvals, and unplanned administrative, processing, and other delays. Many of our potential hospital clients have used all or a significant portion of their revenues to comply with federal mandates to adopt electronic medical records to maintain their Medicaid and Medicare reimbursement levels. In the event we are unable to manage our lengthy and unpredictable sales cycle, our business may be adversely affected.

Production

Total Risks: 3/44 (7%)Below Sector Average

Employment / Personnel1 | 2.3%

Employment / Personnel - Risk 1

An inability to attract and retain highly skilled employees could adversely affect our business.

To execute our growth plan, we must attract and retain highly qualified employees skilled in both software engineering and healthcare industry regulations. Competition for these employees is intense, especially with respect to software engineers with high levels of experience in cloud-related services. We have, from time to time, experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with the appropriate level of qualifications. Many of the companies with which we compete for experienced employees have greater resources than we have and may offer compensation packages that are perceived to be better than ours. Additionally, changes in our compensation structure may be negatively received by employees and result in attrition or cause difficulty in the recruiting process. If we fail to attract new employees or fail to retain and motivate our current employees, our business and future growth prospects could be adversely affected.

Supply Chain1 | 2.3%

Supply Chain - Risk 1

We are dependent on the continued availability of third-party hosting and transmission services. Loss of contractual relationship with operational issues with, or changes to the costs of, our third-party data center providers could harm our business, reputation, or results of operations.

We currently serve the majority of our platform functions from third-party data center hosting facilities operated by Amazon Web Services, Google Cloud, and Microsoft Azure Cloud, and we primarily use shared servers in such facilities. We are dependent on these third parties to provide continuous power, cooling, Internet connectivity, and physical and technological security for our servers, and our operations depend, in part, on their ability to protect these facilities against any damage or interruption from natural disasters, such as earthquakes and hurricanes, power or telecommunication failures, criminal acts, and similar events. In the event that any of our third-party facilities arrangements is terminated, or if there is a lapse of service or damage to a facility, we could experience interruptions in our platforms as well as delays and additional expenses in arranging new facilities and services. Any damage to, or failure of, the systems of our third-party providers could result in interruptions to our platforms. Despite precautions taken at our data centers, the occurrence of spikes in usage volume, a natural disaster, such as earthquakes or hurricane, an act of terrorism, vandalism or sabotage, a decision to close a facility without adequate notice, or other unanticipated problems at a facility could result in lengthy interruptions in the availability of our platform. Even with current and planned disaster recovery arrangements, our business could be harmed. Also, in the event of damage or interruption, our insurance policies may not adequately compensate us for any losses that we may incur. These factors in turn could further reduce our revenue, subject us to liability and cause us to issue credits, or cause customers to stop using our platforms, any of which could materially and adversely affect our business.

Costs1 | 2.3%

Costs - Risk 1

Our Parent's control could prevent us from obtaining essential services at lower rates and if our Parent ceases to provide us with services our business could suffer.

Our Parent provides us with essential services, including software development, infrastructure development, sales support, recruitment and immigration support, project coordination, human resources and operation support and management/advisory services. Although we pay our Parent for these services at what we believe are market rates and were negotiated in good faith on an arms-length basis, if we became aware in the future of third parties that could provide such services on terms more favorable than the Parent, our Parent's control over our Board and our Company could prevent us from obtaining these services on more favorable terms from such third parties or renegotiating the terms with our Parent. Also, if the Parent was no longer able to provide us these services, we may be forced to obtain them from third parties on terms that are less favorable. If we are prevented by the Parent in the future from paying third parties less for services currently provided by the Parent or if the Parent is unable to provide us services it now provides, such events could have a material adverse effect on our business and financial condition.

Macro & Political

Total Risks: 2/44 (5%)Below Sector Average

Economy & Political Environment1 | 2.3%

Economy & Political Environment - Risk 1

Unfavorable conditions in our industry or the U.S. economy, or reductions in information technology spending, could limit our ability to grow our business and negatively affect our operating results.

Our operating results may vary based on the impact of changes in our industry or the United States economy on us or our clients. The revenue growth and potential profitability of our business depend on demand for the workforce and provide platforms and programmatic for healthcare providers. We sell our products and services to organizations whose businesses fluctuate based on general economic and business conditions. In addition, a portion of our revenue is attributable to the number of users of our products at each of our clients, which in turn is influenced by the employment and hiring patterns of our clients and potential clients. To the extent that economic uncertainty or weak economic conditions cause our clients and potential clients to freeze or reduce their headcount, demand for our products may be negatively affected. If economic conditions deteriorate, our clients and potential clients may elect to decrease their workforce development budgets for cloud-based platforms and programmatic solutions by deferring or reconsidering purchases, which would limit our ability to grow our business and negatively affect our operating results.

Capital Markets1 | 2.3%

Capital Markets - Risk 1

These broad market and industry fluctuations may materially adversely affect the market price of our common stock, regardless of our actual operating performance. In addition, price volatility may be greater if the public float and trading volume of our common stock are low.

In the past, following periods of market volatility, stockholders have instituted securities class action litigation. If we were involved in securities litigation, it could have a substantial cost and divert resources and the attention of executive management from our business regardless of the outcome of such litigation. We currently do not intend to declare dividends on our common stock in the foreseeable future and, as a result, your returns on your investment may depend solely on the appreciation of our common stock. We currently do not expect to declare any dividends on our common stock in the foreseeable future. Instead, we anticipate that all of our earnings in the foreseeable future will be used to provide working capital, to support our operations, and to finance the growth and development of our business. Any determination to declare or pay dividends in the future will be at the discretion of our board of directors, subject to applicable laws, and dependent upon a number of factors, including our earnings, capital requirements, and overall financial conditions. In addition, our ability to pay dividends on our common stock may be restricted by the terms of any future debt or preferred securities issuances. Accordingly, your only opportunity to achieve a return on your investment in our Company may be if the market price of our common stock appreciates and you sell your shares at a profit. The market price for our common stock may never exceed, and may fall below, the price that you pay for such common stock.

See a full breakdown of risk according to category and subcategory. The list starts with the category with the most risk. Click on subcategories to read relevant extracts from the most recent report.

FAQ

What are “Risk Factors”?

Risk factors are any situations or occurrences that could make investing in a company risky.

The Securities and Exchange Commission (SEC) requires that publicly traded companies disclose their most significant risk factors. This is so that potential investors can consider any risks before they make an investment.

They also offer companies protection, as a company can use risk factors as liability protection. This could happen if a company underperforms and investors take legal action as a result.

It is worth noting that smaller companies, that is those with a public float of under $75 million on the last business day, do not have to include risk factors in their 10-K and 10-Q forms, although some may choose to do so.

How do companies disclose their risk factors?

Publicly traded companies initially disclose their risk factors to the SEC through their S-1 filings as part of the IPO process.

Additionally, companies must provide a complete list of risk factors in their Annual Reports (Form 10-K) or (Form 20-F) for “foreign private issuers”.

Quarterly Reports also include a section on risk factors (Form 10-Q) where companies are only required to update any changes since the previous report.

According to the SEC, risk factors should be reported concisely, logically and in “plain English” so investors can understand them.

How can I use TipRanks risk factors in my stock research?

Use the Risk Factors tab to get data about the risk factors of any company in which you are considering investing.

You can easily see the most significant risks a company is facing. Additionally, you can find out which risk factors a company has added, removed or adjusted since its previous disclosure. You can also see how a company’s risk factors compare to others in its sector.

Without reading company reports or participating in conference calls, you would most likely not have access to this sort of information, which is usually not included in press releases or other public announcements.

A simplified analysis of risk factors is unique to TipRanks.

What are all the risk factor categories?

TipRanks has identified 6 major categories of risk factors and a number of subcategories for each. You can see how these categories are broken down in the list below.

1. Financial & Corporate

Accounting & Financial Operations - risks related to accounting loss, value of intangible assets, financial statements, value of intangible assets, financial reporting, estimates, guidance, company profitability, dividends, fluctuating results.
Share Price & Shareholder Rights – risks related to things that impact share prices and the rights of shareholders, including analyst ratings, major shareholder activity, trade volatility, liquidity of shares, anti-takeover provisions, international listing, dual listing.
Debt & Financing – risks related to debt, funding, financing and interest rates, financial investments.
Corporate Activity and Growth – risks related to restructuring, M&As, joint ventures, execution of corporate strategy, strategic alliances.

2. Legal & Regulatory

Litigation and Legal Liabilities – risks related to litigation/ lawsuits against the company.
Regulation – risks related to compliance, GDPR, and new legislation.
Environmental / Social – risks related to environmental regulation and to data privacy.
Taxation & Government Incentives – risks related to taxation and changes in government incentives.

3. Production

Costs – risks related to costs of production including commodity prices, future contracts, inventory.
Supply Chain – risks related to the company’s suppliers.
Manufacturing – risks related to the company’s manufacturing process including product quality and product recalls.
Human Capital – risks related to recruitment, training and retention of key employees, employee relationships & unions labor disputes, pension, and post retirement benefits, medical, health and welfare benefits, employee misconduct, employee litigation.

4. Technology & Innovation

Innovation / R&D – risks related to innovation and new product development.
Technology – risks related to the company’s reliance on technology.
Cyber Security – risks related to securing the company’s digital assets and from cyber attacks.
Trade Secrets & Patents – risks related to the company’s ability to protect its intellectual property and to infringement claims against the company as well as piracy and unlicensed copying.

5. Ability to Sell

Demand – risks related to the demand of the company’s goods and services including seasonality, reliance on key customers.
Competition – risks related to the company’s competition including substitutes.
Sales & Marketing – risks related to sales, marketing, and distribution channels, pricing, and market penetration.
Brand & Reputation – risks related to the company’s brand and reputation.

6. Macro & Political

Economy & Political Environment – risks related to changes in economic and political conditions.
Natural and Human Disruptions – risks related to catastrophes, floods, storms, terror, earthquakes, coronavirus pandemic/COVID-19.
International Operations – risks related to the global nature of the company.
Capital Markets – risks related to exchange rates and trade, cryptocurrency.

Become an Expert with TipRanks Premium

What am I Missing?

Make informed decisions based on Top Analysts' activity

Know what industry insiders are buying

Get actionable alerts from top Wall Street Analysts

Find out before anyone else which stock is going to shoot up

Get powerful stock screeners & detailed portfolio analysis

Subscribe Now See Plans & Pricing