Cue Health (HLTHQ) Risk Analysis

We may in the future consider raising additional capital for any number of reasons and to do so, we may seek to sell common or preferred equity or convertible debt securities, enter into one or more credit facilities or another form of third-party funding, or seek other debt financing. We may also need to raise capital sooner or in larger amounts than we anticipate for numerous reasons, including because of lower demand for our COVID-19 test, absence of demand for our other at-home test kits, the cancellation of any of our contracts with our largest customers, through no fault of our own, or as a result of failure to obtain regulatory approvals for our other tests, or other risks described in this report. We may also consider raising additional capital in the future to expand our business, to pursue strategic investments, to take advantage of financing opportunities, or for other reasons, including to: - increase our sales and marketing efforts to facilitate market adoption of our products and address competitive developments;- fund development and marketing efforts of any future products;- further expand our operations outside the United States;- acquire, license or invest in technologies, including information technologies;- satisfy any outstanding or future debt obligations;- acquire or invest in complementary businesses or assets; and - finance capital expenditures and general and administrative expenses. Our present and future funding requirements will depend on many factors, including: - our ability to successfully commercialize the Cue Health Monitoring System, including our COVID-19 test;- the costs of the sales and marketing activities associated with commercializing the Cue Health Monitoring System, including our suite of at-home test kits;- the length of the COVID-19 pandemic;- our ability to secure and maintain domestic and international regulatory authorization, clearance or approval for our products;- our rate of progress in, and cost of the sales and marketing activities associated with, establishing adoption of our products;- our rate of progress in, and cost of research and development activities associated with, products in research and early development;- our ability to control our manufacturing and operating costs;- our ability to satisfy any outstanding or future debt obligations;- the effect of competing technological and market developments;- litigation expenses we incur to defend against claims that we infringe the intellectual property of others or judgments we must pay to satisfy such claims;- the potential cost of and delays in research and development as a result of any regulatory oversight applicable to our products; and - the costs of responding to the other risks and uncertainties described in this report. The various ways we could raise additional capital carry potential risks. If we raise funds by issuing equity securities, our stockholders' ownership interests will be diluted. Any equity securities we issue could also provide for rights, preferences, or privileges senior to those of holders of our common stock. If we raise funds by issuing debt securities, those debt securities would have rights, preferences, and privileges senior to those of holders of our common stock. Agreements entered into in connection with debt financings may contain restrictive covenants and financial covenants. Our 2022 Revolving Facility Agreement imposes restrictions on us, including customary affirmative and negative covenants, which include restrictions on our ability to dispose of assets, effect certain mergers, incur indebtedness, grant liens, pay dividends and distributions on our capital stock, make certain investments and acquisitions, or enter into transactions with affiliates, in each case subject to customary exceptions, and require us to maintain compliance with specified financial covenants. Our obligations under the 2022 Revolving Credit Facility Agreement are secured by substantially all of our assets, and will be guaranteed by, and secured by substantially all of the assets of, our future domestic subsidiaries. Our ability to comply with these covenants and other restrictions may be affected by events beyond our control. The occurrence of an event of default could result in the acceleration of our obligations under the 2022 Revolving Facility Agreement, the termination of the lenders' commitments, a 2% increase in the applicable rate of interest and the exercise by Agent and the lenders of other rights and remedies provided for under the 2022 Revolving Facility Agreement or applicable law. Although we currently are in compliance with our 2022 Revolving Facility Agreement, if our operating and financial performance deteriorates, there would be an increased risk regarding future compliance with our debt covenants. We may borrow additional amounts in the future (which would be subject to lender approval) and use the proceeds from any future borrowing for general corporate purposes, future acquisitions, expansion of our business or repurchases of our outstanding shares of common stock. Our incurrence of this debt, and increases in our aggregate levels of debt, may adversely affect our operating results and financial condition by, among other things: - requiring a portion of our cash flow from operations to make interest payments on this debt; and - increasing our vulnerability to general adverse economic and industry conditions. Additional equity or debt financing might not be available on reasonable terms, if at all. If we cannot secure additional funding when needed, we may have to delay, reduce the scope of, or eliminate one or more research and development programs or sales and marketing initiatives. In addition, we may have to work with a partner on one or more of our development programs, which could lower the economic value of those programs to us. Lastly, if we are unable to obtain the requisite amount of financing needed to fund our planned operations, it could have a material adverse effect on our business and ability to continue operating as a going concern.

We are subject to numerous Data Protection Laws that govern the processing of personal information, individually identifiable information and health information and Data Protection Obligations. The legislative and regulatory landscape for privacy and data protection continues to evolve in jurisdictions worldwide, and there has been an increasing focus on privacy and data protection issues with the potential to affect our business. Our actual or perceived failure to comply with any of these Data Protection Laws could result in enforcement actions, inquires, or other proceedings against us, and in certain cases may result in claims, demands, and litigation initiated by non-governmental persons and groups, and may result in substantial liabilities and other consequences, including fines, imprisonment of company officials and public censure, claims for damages by affected individuals, damage to our reputation and loss of goodwill, any of which could have a material adverse effect on our business. As we seek to expand our business, we are, and will increasingly become, subject to various Data Protection Laws as well as Data Protection Obligations, relating to the processing of sensitive and personal information in the jurisdictions in which we operate. In many cases, these laws, regulations and standards apply not only to disclosures to third parties, but also to transfers of information between or among our entities and other parties with which we have commercial relationships, as well as other types of processing such information. These Data Protection Laws may be interpreted and applied differently over time and from jurisdiction to jurisdiction, and it is possible that they will be interpreted and applied in ways that will materially and adversely affect our business, financial condition and results of operations. The regulatory framework for data privacy, data security and data transfers worldwide is rapidly evolving and, as a result, interpretation and implementation standards and enforcement practices are likely to remain uncertain for the foreseeable future. There are numerous U.S. federal and state laws and regulations related to the privacy and security of personal information. These laws and regulations include the Health Insurance Portability and Accountability Act of 1996, or HIPAA, as amended by the Health Information Technology for Economic and Clinical Health Act of 2009, or HITECH, and their implementing regulations, or collectively referred to as the HIPAA Rules, which establish a set of national privacy and security standards to safeguard PHI by health plans, healthcare clearinghouses and certain healthcare providers, referred to as covered entities, and the business associates and their subcontractors with whom such covered entities contract for services that involve the creation, receipt, maintenance or transmission of PHI for or on behalf of a covered entity or another business associate. HIPAA requires covered entities and business associates to, among other things, develop and maintain policies and procedures with respect to PHI that is used or disclosed, including the adoption of administrative, physical, and technical safeguards to protect such information and ensure the confidentiality, integrity and availability of electronic PHI. As this applies to our business, we are required to maintain security standards for any PHI that we create, receive, maintain, or transmit. Any software will maintain security safeguards that are designed to be consistent with the HIPAA Rules, but we cannot guarantee that these safeguards will not fail or that they will not be deemed inadequate in the future. In addition, we could be subject to periodic audits for compliance with the HIPAA Privacy and Security Standards by the U.S. HHS, and our customers. The U.S. HHS Office for Civil Rights may impose significant penalties on entities subject to HIPAA for a failure to comply with a requirement of the HIPAA Rules. Penalties will vary significantly depending on factors such as the date of the violation, whether the entity knew or should have known of the failure to comply, or whether the entity's failure to comply was due to willful neglect. A single breach incident may violate multiple standards. In addition, a person who knowingly obtains or discloses individually identifiable health information in violation of HIPAA may face significant criminal penalties and imprisonment. HIPAA also authorizes state attorneys general to file suit on behalf of their residents. Courts may award damages, costs, and attorneys' fees related to violations of HIPAA in such cases. While HIPAA does not create a private right of action allowing individuals to sue us in civil court for violations of HIPAA, its standards have been used as the basis for duty of care in state civil suits such as those for negligence or recklessness in the misuse or breach of PHI. Additionally, if we are unable to properly protect the privacy and security of the PHI of our customers, we could be found to have breached our contracts. Determining whether PHI has been handled in compliance with applicable privacy standards and our contractual obligations can be complex and we cannot be sure how these regulations will be interpreted, enforced, or applied to our operations. In addition, many states in which we operate have laws that protect the privacy and security of sensitive and personal information, including health-related information. Certain state laws may be more stringent or broader in scope, or offer greater individual rights, with respect to sensitive and personal information than federal, international or other state laws, and such laws may differ from each other, which may complicate compliance efforts. For example, the California Confidentiality of Medical Information Act, or CMIA, which is a state law imposing obligations similar to the HIPAA Rules, protects "medical information" held by providers of health care, health plans, and subcontractors, and specifically regulates mobile applications used for, among other things, the diagnosis of medical conditions as "health care providers" pursuant to Section 56.06 of the Civil Code. This means that we are subject to additional privacy requirements that are not otherwise applicable to business associates under the HIPAA Rules. If, for example, we were to disclose information to a third party where such disclosure is not permitted by CMIA, we could be subject to administrative fines and/or civil penalties per violation that vary based on whether the disclosure was due to negligence, was done knowingly and willfully, or was knowingly and willfully and "for purposes of financial gain." The CMIA also imposes criminal penalties. Section 56.36 provides that any violation of the CMIA's nondisclosure provisions that results in an economic loss or personal injury to a patient is punishable as a misdemeanor. Moreover, unlike HIPAA, CMIA authorizes a private right of action for any violation of its provisions, including inappropriate access to, use, or disclosure of "medical information." Actual injuries are not required to bring an action under CMIA. The courts may award nominal damages of $1,000 per person, plus costs and attorney's fees for a negligent disclosure and may award compensatory and punitive damages, plus attorneys' costs and fees for economic losses or personal injury resulting from the disclosure. This private right of action may increase the likelihood of, and risks associated with, litigation in association with any data breach. Another California law, the California Consumer Privacy Act of 2018, or CCPA, which increases privacy rights for California residents and imposes stringent data privacy and security obligations on companies that process their personal information, came into effect on January 1, 2020. The CCPA provides for civil penalties for violations, as well as a private right of action for certain data breaches that result in the loss of personal information although there are some exceptions to the CCPA for health care providers subject to CMIA or business associates subject to HIPAA. In addition, laws governing online privacy, such as the California Online Privacy Protection Act, or CalOPPA, applies to our mobile application and online services. This private right of action may increase the likelihood of, and risks associated with, data breach litigation. The CCPA has been amended from time to time, and it is possible that further amendments will be enacted. For example, California voters approved the California Privacy Rights Act of 2020, or CPRA, which went into effect on January 1, 2023. Among other things, the CPRA gives California residents the ability to limit the use of their sensitive information for secondary purposes, provides for penalties for CPRA violations concerning California residents, and establishes a new California Privacy Protection Agency to implement and enforce the law. As the number and breadth of California privacy law increases, it is possible that we may be subject to additional standards or enforcement authorities under laws such as CCPA or CPRA in the future with respect to some of the information that we collect or maintain. Although California often leads the nation in privacy laws, other state laws are also changing rapidly. Additional states are enacting more stringent consumer privacy laws, such as Washington's My Health, My Data Act (which includes a private rights of action), and numerous state laws that are similar to the CCPA. There also is continuing discussion in Congress of a new federal data protection and privacy law to which we would likely become subject if it is enacted. All of these evolving compliance and operational requirements impose significant costs that are likely to increase over time, may require us to modify our data processing practices and policies, divert resources from other initiatives and projects, and could restrict the way products involving data are offered, all of which may have a material and adverse impact on our business, financial condition and results of operations. Laws, regulations and standards in many other jurisdictions also apply broadly to the processing of personal information, which impose significant compliance obligations. For example, in the European Economic Area, or EEA, and the collection and use of personal data, including clinical trial data, is governed by the provisions of the General Data Protection Regulation, or GDPR, which came into effect in May 2018. The GDPR imposes stringent data privacy and security requirements on companies in relation to the processing of personal data of data subjects within the EEA. The GDPR, together with national legislation, regulations and guidelines of the EEA member states and the United Kingdom governing the processing of personal data, impose strict obligations and restrictions on the ability to process personal data, including health data from clinical trials and adverse event reporting. The law is also developing rapidly and, in July 2020, in its Schrems II ruling, the Court of Justice of the EU invalidated the EU-U.S. Privacy Shield data transfer mechanism, limiting how organizations could lawfully transfer personal data from the EEA to the U.S. Other data transfer mechanisms such as the standard contractual clauses, or SCCs, approved by the European Commission have faced challenges in European courts (including being called into question in Schrems II), may require additional risk analysis and supplemental measures to be used, and may be challenged, suspended or invalidated. In addition, the European Commission has proposed updated SCCs. Such developments may cause us to have to make further expenditures on local infrastructure, limit our ability to process personal data, change internal business processes or otherwise affect or restrict sales and operations. Complying with these numerous, complex and often changing regulations is expensive and difficult, and failure to comply with any Data Protection Laws or any security incident or breach involving the misappropriation, loss or other unauthorized use or disclosure of sensitive or confidential information, whether by us, one of our vendors, or another third party, or any perception that any of these has occurred, could negatively affect our business, financial condition and results of operations, including but not limited to: investigation costs, material fines and penalties; compensatory, special, punitive and statutory damages; claims, demands, and litigation; regulatory investigations and other proceedings; consent orders regarding our privacy and security practices; requirements that we provide notices, credit monitoring services or credit restoration services or other relevant services to impacted individuals; adverse actions against our licenses to do business; and injunctive relief. Further, the United Kingdom has implemented legislation that substantially implements the GDPR in the United Kingdom, which legislation provides for penalties for violations of up to the greater of 17.5 million British pounds or four percent of annual global turnover, whichever is higher. Following the exit of the United Kingdom from the EU, however, aspects of the future regulation of data in the United Kingdom and the relationship of the United Kingdom and the EU remain unclear, including with respect to how data transfers to and from the United Kingdom will be regulated. On June 28, 2021, the European Commission announced a decision of "adequacy" concluding that the United Kingdom ensures an equivalent level of data protection to the GDPR, which provides some relief regarding the legality of continued personal data flows from the EEA to the United Kingdom. Some uncertainty remains, however, as this adequacy determination must be renewed after four years and may be modified or revoked in the interim. Other countries also are considering or have passed legislation requiring local storage, processing or security of data, or similar requirements, which could increase the cost and complexity of delivering our products. We make public statements about our use and disclosure of personal information through our Cue Virtual Care Delivery Apps and external Privacy Policies. Although we endeavor to comply with our external Privacy Policies, we may at times fail to do so or be alleged to have failed to do so. The publication of our external Privacy Policies that provide promises and assurances about data privacy and security can subject us to potential government or legal action if they are found to be deceptive, unfair or misrepresentative of our actual practices. Any failure, real or perceived, by us to comply with our external Privacy Policies, Data Protection Laws, or consumer protection-related laws and regulations applicable to us could cause our customers to reduce their use of our products and could materially and adversely affect our business, financial condition, and results of operations. In many jurisdictions, enforcement actions and consequences for non-compliance can be significant and are rising. In addition, from time to time, concerns may be expressed about whether our products or processes compromise the privacy of customers and others. Concerns about our practices with regard to the collection, use, retention, security, disclosure, transfer, and other processing of personal information or other privacy-related matters, even if unfounded, could damage our reputation and materially and adversely affect our business, financial condition, and results of operations. Many statutory requirements, both in the United States and abroad, include obligations for companies to notify individuals of security breaches involving certain personal information, which could result from breaches experienced by us or our vendors. For example, laws in all 50 U.S. states and the District of Columbia require businesses to provide notice to consumers if certain unencrypted personal information has been disclosed as a result of a data breach. These laws are not consistent, and compliance in the event of a widespread data breach is difficult and may be costly. Moreover, states frequently amend existing laws, requiring attention to changing regulatory requirements. We also may be contractually required to notify affected customers, regulators, credit reporting agencies or other affected individuals of a security breach. Such notifications are costly, and the disclosures or the failure to comply with such requirements, could lead to material adverse effects, including without limitation, negative publicity, a loss of customer confidence in our services or security measures, or breach of contract claims. There can be no assurance that the limitations of liability in our contracts would be enforceable or adequate or would otherwise protect us from liabilities or damages if we fail to comply with applicable Data Protection Laws, Data Protection Obligations, or other legal obligations. In addition, although we may have contractual protections with our vendors, contractors, and consultants, any actual or perceived security breach or incident suffered by our subcontractors could harm our reputation and brand, expose us to potential liability or require us to expend significant resources on data security and in responding to any such actual or perceived breach or incident. Any contractual protections we may have from our vendors, contractors or consultants may not be sufficient to adequately protect us from any such liabilities and losses, and we may be unable to enforce any such contractual protections. We expect that there will continue to be new proposed laws and regulations concerning data privacy and security, and we cannot yet determine the impact such future laws, regulations and standards may have on our business. New laws, amendments to or re-interpretations of existing laws, regulations, standards and other obligations may require us to incur additional costs and restrict our business operations. Because the interpretation and application of Data Protection Laws and other obligations are still uncertain, and often contradictory and in flux, it is possible that the scope and requirements of these laws may be interpreted and applied in a manner that is inconsistent with our practices and our efforts to comply with the evolving Data Protection Laws may be unsuccessful. If so, this could result in government-imposed fines or orders requiring that we change our practices, which could adversely affect our business. We cannot assure you that our third-party partners and vendors with access to our or our customers', suppliers' and employees' personal information and other sensitive or confidential information in relation to which we are responsible will not breach contractual obligations imposed by us or violate Data Protection Laws, or that they will not experience security breaches or attempts thereof, which could affect our business, including putting us in breach of our obligations under the Data Protection Laws, which could in turn adversely affect our business, results of operations and financial condition. We cannot assure you that our contractual measures and our own privacy- and security-related safeguards will protect us from the risks associated with the third-party processing, storage and transmission of such information. We may receive inquiries or be subject to investigations, proceedings or actions, by various government entities regarding our privacy and information security practices and processing ("Regulatory Proceedings"). These Regulatory Proceedings could result in a material adverse effect, including without limitation, interruptions of, or required changes to, our business practices, the diversion of resources and the attention of management from our business, regulatory oversights and audits, discontinuance of necessary processing, or other remedies that adversely affect our business. In addition to the possibility of fines, lawsuits, regulatory investigations, public censure, other claims and penalties, and significant costs for remediation and damage to our reputation, we could be materially and adversely affected if laws or regulations are expanded to require changes in our data processing practices and policies or if governing jurisdictions interpret or implement their legislation or regulations in ways that negatively impact our business. Complying with these various laws and regulations could cause us to incur substantial costs or require us to change our business practices and compliance procedures in a manner adverse to our business. Any inability to adequately address data privacy or security-related concerns, even if unfounded, or to comply with applicable laws, regulations, standards, or other actual or asserted obligations relating to data privacy and security, could result in additional cost and liability to us, harm our reputation and brand, damage our relationships with customers and have a material and adverse impact on our business. While we maintain general liability insurance coverage, cyber insurance coverage and other insurance, we cannot assure that such coverage will be adequate or otherwise protect us from or adequately mitigate liabilities or damages with respect to claims, costs, expenses, litigation, fines, penalties, business loss, data loss, regulatory actions or material adverse effects arising out of our data processing, privacy, data protection, or data security practices or any security breaches or incidents we may experience, or that such coverage will continue to be available on acceptable terms or at all. The successful assertion of one or more large claims against us that exceeds our available insurance coverage, or results in changes to our insurance policies (including premium increases or the imposition of large deductible or co-insurance requirements), could have an adverse effect on our business. In addition, we cannot be sure that our existing insurance coverage will continue to be available on acceptable terms or that our insurers will not deny coverage as to any future claim.

The market for diagnostic testing is extremely competitive. Further, the diagnostic testing industry, as well as the manner in which healthcare services are delivered more broadly, is currently experiencing rapid change, technological and scientific breakthroughs, new product introductions and enhancements and evolving industry standards, as well as the emergence of telehealth and other changes in the way healthcare services are delivered. All of these factors could affect the degree to which our products gain market acceptance or approval or result in our products being less marketable or becoming obsolete. Our future success will depend on our ability to successfully compete with established and new market participants and to keep pace with scientific and technological changes and the evolving needs of customers and the healthcare marketplace. We will be required to continuously enhance the Cue Health Monitoring System and develop new tests to keep pace with evolving standards of care. If we do not update our products to keep pace with technological and scientific advances, our products could become obsolete and sales of our products could decline or fail to grow as expected. Central labs continue to represent the most significant portion of the diagnostic testing market, and as a result we will be competing against very large and well-established lab companies such as Quest Diagnostics, Inc. and Laboratory Corporation of America. These companies have also expanded beyond centralized laboratory testing into home sample collection. In addition, we also face intense competition from other companies that develop or already have molecular tests, whether at point-of-care or at-home, as well as companies that have or are developing antigen and antibody tests. Competitors with diagnostic testing platforms include private and public companies, such as Abbott Laboratories, Becton, Dickinson and Company, BioMerieux SA, Bio-Rad Laboratories, Inc., Danaher Corp., Ellume Limited, Everly Health, Inc., F. Hoffman-La Roche Ltd., Fluidigm Corporation, GenMark Diagnostics Inc., Ginkgo Bioworks, Inc., Mammoth Biosciences, Inc., LetsGetChecked, Qiagen N.V., Quidel Corporation, Sherlock Biosciences, Inc., Siemens AG, Thermo Fisher Scientific, Inc. and Visby Medical, Inc. as well as several retailers, such as The Kroger Company, Walmart Inc. and Alberstons Companies, Inc. In addition, we may also experience competition from technology-enabled health companies such as 1Life Healthcare, Inc. (d/b/a as OneMedical), American Well Corporation, Hims and Hers Health, Inc., and Teledoc Health, Inc. We may also face competition from other companies, including other technology companies. Many of our current or potential competitors, either alone or with their collaboration partners, have significantly greater financial resources and expertise than we do in research and development, manufacturing, obtaining regulatory clearances and approvals and regulatory compliance, and sales and distribution. Mergers and acquisitions involving diagnostic testing or other healthcare companies may result in even more resources being concentrated among a smaller number of our competitors. Smaller or early-stage companies may also prove to be significant competitors, particularly through collaborative arrangements with large and established companies or customer networks. Our commercial opportunity could be reduced or eliminated if our competitors develop and commercialize diagnostic products or services that are more accurate, more convenient to use or more cost-effective than our products. Our competitors also may obtain FDA or other regulatory clearance or approval for their products more rapidly than we may obtain clearance or approval for our products, which could result in our competitors establishing a strong market position before we are able to enter a particular market. Further, some of our competitors' products may be sold at prices that may be lower than our pricing, which could adversely affect our sales or force us to reduce our prices, which could harm our revenue, operating income or market share. If we are unable to compete successfully, we may be unable to increase or sustain our revenue or achieve profitability and our future growth prospects may be materially harmed. To remain competitive, we will need to expand our test menu and continually develop improvements to our products and other offerings. We cannot assure you that we will be able to successfully compete in the marketplace or develop and commercialize new tests or improvements to our products and other offerings on a timely basis. Our competitors may develop and commercialize competing or alternative products or services and improvements faster than we are able to do so, which would negatively affect our ability to increase or sustain our revenue or achieve profitability and could materially adversely affect our future growth prospects.

The United States has recently experienced historically high levels of inflation. According to the U.S. Department of Labor, the annual inflation rate for the United States was approximately 6.5% and 7.0% for 2022 and 2021. If the inflation rate continues to increase, such as increases in the costs of labor, it will likely affect all of our expenses, especially employee compensation expenses. Additionally, the United States is experiencing an acute workforce shortage, which in turn, has created a hyper-competitive wage environment that may increase our operating costs. To the extent inflation results in rising interest rates and has other adverse effects on the market, it may adversely affect our consolidated financial condition and results of operations.

An element of our business strategy is to market our products outside the United States, if cleared, authorized or approved. Currently, we have a CE mark in the European Union, as well as Interim Order authorization from Health Canada, which is the department of the Government of Canada responsible for national health policy, for our COVID-19 test. In June 2021, our COVID-19 test also received regulatory approval from the CDSCO for professional point-of-care use in India. In November 2021, we received authorization in Singapore from the Health Sciences Authority (HSA) for the Cue COVID-19 Test under the Pandemic Special Access Route (PSAR). We expect to seek further authorizations, clearances and approvals outside of the United States. As a result, we expect that our business will be subject to risks associated with doing business outside the United States, including an increase in our expenses and diversion of our management's attention from other aspects of our business. Accordingly, our business and financial results in the future could be adversely affected due to a variety of factors, including: - failure by us or our distributors to obtain regulatory clearance, authorization or approval for the use of our products in various countries and other jurisdictions;- multiple, conflicting and changing laws and regulations such as privacy security and data use regulations, tax laws, export and import restrictions, economic sanctions and embargoes, employment laws, anti-corruption laws, regulatory requirements, reimbursement or payor regimes and other governmental approvals, permits and licenses;- additional potentially relevant third-party patent rights;- pricing pressures and differing reimbursement regimes;- complexities and difficulties in obtaining intellectual property protection and maintaining, defending and enforcing our intellectual property;- difficulties in staffing and managing foreign operations;- employment risks related to hiring employees outside the United States;- logistics and regulations associated with shipping samples, including infrastructure conditions and transportation delays;- limits in our ability to penetrate international markets;- financial risks, such as longer payment cycles, difficulty collecting accounts receivable, the impact of local and regional financial crises on demand and payment for our products and exposure to foreign currency exchange rate fluctuations;- regulatory authorities revoking or terminating our authorizations and approvals in Canada, the European Union and India, or other jurisdictions;- natural disasters, political and economic instability, including wars, terrorism and political unrest, outbreak of disease, boycotts, curtailment of trade and other business restrictions;- regulatory and compliance risks related to adherence with foreign privacy, data protection and data security laws, including the General Data Protection Regulation 2016/679 and other similar bodies of law;- political and economic instability related to the military conflict between Russian and Ukraine and between Israel and Hamas and the related impact on macroeconomic conditions as a result of such conflict, which may negatively impact our customers and distributors;- regulatory and compliance risks that relate to maintaining accurate information and control over sales and distributors' activities that may fall within the purview of the U.S. Foreign Corrupt Practices Act, or FCPA, its books and records provisions, or its anti-bribery provisions, or laws similar to the FCPA in other jurisdictions in which we may now or in the future operate, such as the United Kingdom's Bribery Act of 2010, or U.K. Bribery Act; and - onerous anti-bribery requirements of several member states in the EU, the United Kingdom, and other countries that are constantly changing and require disclosure of information to which U.S. legal privilege may not extend. Any of these factors or other risks associated with international operations could significantly harm our future international expansion and operations and, consequently, our revenue and results of operations.

Like other companies, our business has been and will continue to be affected by the COVID-19 pandemic. For example, the spread of COVID-19 has caused us to modify our business practices (including on-site employee and visitor testing, employee travel, employee work locations, and the cancellation of physical participation in meetings, events and conferences) and terminate our clinical study for our influenza test. Future planned clinical studies may also be postponed due to, among other things, low infection prevalence and/or the shuttering of research facilities where clinical studies are conducted. Postponement of such studies may delay us from completing development and seeking regulatory clearances or approvals for our tests currently in development and future products. We may take further actions as may be required by government authorities or that we determine are in the best interests of our employees, consumers and partners. The degree to which COVID-19, or future public health emergencies, will impact our business and operations going forward is unknown and will depend on future developments, which are highly uncertain and cannot be predicted, including, but not limited to, the continued duration and spread of the outbreak, the emergence of novel variants, the degree of severity of the outbreak and existing and new variants, the development and administration of existing and new therapeutic treatments and vaccines, the actions taken by national, regional, and local governments and health officials to contain the virus or treat its impact, how quickly and to what extent normal economic and operating conditions can resume, whether the supply of components and raw materials will remain sufficient to satisfy demand and any impact on its pricing, and whether any of our third-party manufacturers experience any business interruptions which result in the delay of delivery of our products or components. Even after any public health emergency, such as the outbreak of COVID-19, has subsided, we may experience material impacts to our business as a result of its global economic impact, including any recession or other negative widespread economic impacts that may occur as a result of the pandemic.