NXGN Nextgen Healthcare, Inc. - 10-K

ITEM 1A. RISK FACTORS

You should carefully consider the risks described below, as well as the other cautionary statements and risks described elsewhere, and the other information contained in this Report and in our other filings with the SEC, including subsequent Quarterly Reports on Form 10-Q and Current Reports on Form 8-K. We operate in a rapidly changing environment that involves a number of risks. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties not presently known to us or that we currently deem immaterial may also affect our business operations. If any of these known or unknown risks actually occur, our business, financial condition or results of operations could be materially and adversely affected, in which case the trading price of our common stock may decline, and you may lose all or part of your investment. The following information should be read in conjunction with Part II, Item 7, “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and the consolidated financial statements and related notes in Part II, Item 8, “Financial Statements and Supplementary Data” of this Form 10-K.

Risks Related to our Business

We face significant, evolving competition which, if we fail to properly address, could adversely affect our business, results of operations, financial condition, and price of our stock. The markets for healthcare information systems are intensely competitive and rapidly evolving. We face significant competition from a number of different sources. Several of our competitors have substantially greater name recognition and financial, technical, product development and marketing resources than we do. Some of our competitors, have, and may continue to become more active in our markets both through internal development and acquisitions. Moreover, we expect that competition will continue to increase as a result of consolidation in both the IT and healthcare industries. Transaction induced and other competitive pressures and factors may result in price erosion and make the adoption and renewal of our solutions more difficult. Further, as we continue to enhance and develop new solutions and services, including in the areas of interoperability, data and analytics, and value-based care, we expect to face new competitors, and these new competitors may have more experience in these markets. There can be no assurance that we will be able to compete successfully against current and future competitors or that the competitive pressures that we face will not materially and adversely impact our business, financial condition, and operating results.

We may not be able to develop and market new products to and services respond to technological changes or evolving industry standards and our clients may not accept our products or services. The markets in which we operate are characterized by rapid technological and regulatory change, evolving industry standards and increasingly sophisticated client needs. In order to compete successfully, we must keep pace with our competitors in anticipating and responding to these rapid changes. Our future success will depend, in part, upon our ability to enhance existing solutions and develop and introduce in a timely manner or acquire new solutions that keep pace with technological and regulatory developments and industry requirements, satisfy increasingly sophisticated client requirements and achieve market acceptance. If we are unable, for technological or other reasons, to develop or acquire on a timely and cost-effective basis new software solutions or enhancements to existing solutions or if such new solutions or enhancements do not achieve market acceptance, or if new technologies emerge that are able to deliver competitive offerings at lower prices, more efficiently, more conveniently, or more securely than our offerings, our business, financial condition, and results of operations can be adversely affected.

Saturation or consolidation in the healthcare industry could result in the loss of existing clients, a reduction in our potential client base and downward pressure on the prices for our products and services. As the healthcare information systems market continues to evolve, saturation of this market with our products or our competitors' products could limit our revenues and opportunities for growth. There has also been increasing consolidation amongst healthcare industry participants in recent years, creating integrated healthcare delivery systems with greater market power. As provider networks and managed care organizations consolidate, the number of market participants decreases and competition to provide products and services like ours become more intense. The importance of establishing and maintaining relationships with key industry participants becomes greater and our inability to make initial sales of our systems to, or maintain relationships with, newly formed groups and/or healthcare providers that are replacing or substantially modifying their healthcare information systems could adversely affect our business, results of operation and financial condition. Consolidation in our industry can result in fewer new footprint opportunities or lead to the replacement of our products and services in existing clients, cause downward pricing pressures and have an adverse impact on our business, results of operations and financial condition.

We depend on strategic relationships and our business could be materially impacted if we fail to manage these relationships properly . We face risk and/or possibility of claims from activities related to strategic partners. We depend on strategic relationships and third-party suppliers and our revenue and operating earnings could suffer if we fail to manage these relationships properly. To be successful, we must continue to maintain our existing strategic relationships and establish additional strategic relationships as necessary with leaders in the markets in which we operate. If we lose any of these third-party relationships or fail to establish additional relationships, or if our relationships fail to benefit us as expected, this could materially and adversely impact our business, financial condition, and operating results. We rely on third parties to provide certain services for our business. For example, we use national clearinghouses in the processing of some insurance claims, and we outsource the printing and delivery of patient statements for our clients. These third parties could raise their prices or be acquired by our competitors or decide to compete with us in some or all of the markets in which we operate, which could potentially create short or long-term disruption to our business, negatively impacting our revenue, profit and/or stock price. We also have relationships with certain third parties where these third parties serve as sales channels through which we generate a portion of our revenue. In addition, we could be subject to claims as a result of the activities, products, or services of these third-party service providers even though we were not directly involved in the circumstances leading to those claims.

Table of Contents

We have acquired companies, and may engage in future acquisitions, which may be expensive, time consuming, subject to inherent risks and from which we may not realize anticipated benefits. Historically, we have acquired numerous businesses, technologies, and products. We may acquire additional businesses, technologies, and products if we determine that these additional businesses, technologies and products are likely to serve our strategic goals. Acquisitions have inherent risks, which, if materialized, may have a material adverse effect on our business, financial condition, operating results or prospects, including, but not limited to the following: (i) failure to achieve projected synergies and performance targets; (ii) potentially dilutive issuances of our securities, the incurrence of debt and contingent liabilities and amortization expenses related to intangible assets with indefinite useful lives; (iii) using cash as acquisition currency may adversely affect interest or investment income, which may in turn adversely affect our earnings and /or earnings per share; (iv) unanticipated expenses or difficulty in fully or effectively integrating or retaining the acquired technologies, software products, services, business practices, management teams or personnel, which would prevent us from realizing the intended benefits of the acquisition; (v) failure to maintain uniform standard controls, policies and procedures across acquired businesses; (vi) difficulty in predicting and responding to issues related to product transition such as development, distribution and client support; (vii) the assumption of known and unknown liabilities; (viii) the possibility that the due diligence process in any such acquisition may not completely identify material issues associated with product quality, product architecture, product development, intellectual property issues, regulatory risks, compliance risks, key personnel issues or legal and financial contingencies, including any deficiencies in internal controls and procedures and the costs associated with remedying such deficiencies; and (ix) the possibility that acquired assets become impaired, or that acquired assets lead us to determine that existing assets become impaired, requiring us to take a charge to earnings which could be significant; and (x) the possibility of disputes over post-closing purchase price adjustments such as performance-based earnouts. A failure to successfully integrate acquired businesses or technology could, for any of these reasons, have an adverse effect on our financial condition and results of operations.

If we are unable to manage our growth, including in the new markets we may enter, our business and financial results could suffer. We have in the past experienced periods of growth which have placed, and may continue to place, a significant strain on our non-cash resources. In addition, our future financial results will depend in part on our ability to profitably manage our business in new markets that we may enter. We are engaging in the strategic identification of, and competition for, growth and expansion opportunities in new markets or offerings, including in the areas of interoperability, patient engagements, data analytics and population health. In order to successfully execute on our growth initiatives, we will need to, among other things, manage changing business conditions, anticipate, and react to changes in the regulatory environment, and develop expertise in areas outside of our business's traditional core competencies. As we expand into new countries and markets, we will need to successfully address the risks inherent in the expansion of international operations, such as differing legal and regulatory requirements that may apply to our products and/or how we operate, including those that pertain to privacy and data protection, trade and employment restrictions and intellectual protections, among other risks, which could involve significant costs or require changes in products or business practices. Failure to successfully address these risks and other difficulties in managing future growth, including in new markets, could have a significant negative impact on our business, financial condition, and results of operations.

We may experience reduced revenues and/or be forced to reduce our prices in response to changes to the healthcare regulatory landscape . We may be subject to pricing pressures with respect to our future sales arising from various sources, including among other things, government action affecting reimbursement levels. Our clients and the other entities with which we have business relationships are affected by changes in statutes, regulations, and limitations on government spending for Medicare, Medicaid, and other programs. Recent and future government actions and legislation could limit government spending for Medicare and Medicaid programs, limit payments to healthcare providers, increase emphasis on competition, impose price controls, initiate new and expanded value-based reimbursement programs and create other programs that potentially could have an adverse effect on our clients and the other entities with which we have a business relationship. If we experience significant downward pricing pressure, our revenues may decline along with our ability to absorb overhead costs, which may leave our business less profitable.

Our operations are dependent upon attracting and retaining key personnel. If such personnel were to leave unexpectedly, we may not be able to execute our business plan. Our future performance depends in significant part upon the continued service of our key development, client service and senior management personnel and successful recruitment of new talent. These personnel have specialized knowledge and skills with respect to our business and our industry. The industry in which we operate is characterized by a high level of employee mobility and aggressive recruiting of skilled personnel. There can be no assurance that our current employees will continue to work for us. Loss of services of key employees could have an adverse effect on our business, results of operations and financial condition. Furthermore, we may need to grant additional equity incentives to key employees and provide other forms of incentive compensation to attract and retain such key personnel. Equity incentives may be dilutive to our per share financial performance. Failure to provide such types of incentive compensation could jeopardize our recruitment and retention capabilities.

We have substantial development and other operations in India, and we use offshore third-party partners located in India and other countries, that subject us to regulatory, economic, social and political uncertainties and to laws applicable to U.S. companies operating overseas and other risks of global operations. We are subject to several risks associated with having a portion of our assets and operations located in India and by using third party service providers in India and other countries. Many U.S. companies have benefited from many policies of the Government of India and the Indian state governments in the states in which we operate, which are designed to promote foreign investment generally and the

Table of Contents

business process services industry in particular, including significant tax incentives, relaxation of regulatory restrictions, liberalized import and export duties and preferential rules on foreign investment and repatriation. There is no assurance that such policies will continue. Various factors, such as changes in the current Government of India, could trigger significant changes in India’s economic liberalization and deregulation policies and disrupt business and economic conditions in India generally and our business in particular. In addition, our financial performance and the market price of our common stock may be adversely affected by general economic conditions and economic and fiscal policy in India, including changes in exchange rates and controls, interest rates and taxation policies, as well as social stability and political, economic or diplomatic developments affecting India in the future. Our ability to recruit, train and retain qualified employees, develop and operate our captive facility could be adversely affected if India does not successfully overcome challenges associated with sustaining its economic growth. In addition, U.S. governing authorities may pressure us to perform work domestically rather than using offshore resources. Furthermore, local laws and customs in India may differ from those in the U.S. For example, it may be a local custom for businesses to engage in practices that are prohibited by our internal policies and procedures or U.S. laws and regulations applicable to us, such as the Foreign Corrupt Practices Act (“FCPA”). The FCPA generally prohibits U.S. companies from giving or offering money, gifts, or anything of value to a foreign official to obtain or retain business and requires businesses to make and keep accurate books and records and a system of internal accounting controls. We cannot guarantee that our employees, contractors, and agents will comply with all of our FCPA compliance policies and procedures. If we or our employees, contractors, or agents fail to comply with the requirements of the FCPA or similar legislation, government authorities in the U.S. and elsewhere could seek to impose civil or criminal fines and penalties which could have a material adverse effect on our business, operating results, and financial condition.

If we fail to finalize a settlement with the DOJ or fail to comply with the terms of any such final settlement of the DOJ’s investigations into certain of the Company’s business practices, our business, results of operations and financial condition will be materially and adversely affected. In addition, even if we finalize the settlement, we may face additional investigations or lawsuits. Commencing in April 2017, we have received requests for documents and information from the United States Attorney's Office for the District of Vermont and other government agencies in connection with an investigation concerning the certification we obtained for our software under the United States Department of Health and Human Services' Electronic Health Record (EHR) Incentive Program. The requests for information relate to, among other things: (a) data used to determine objectives and measures under the Meaningful Use (MU) and the Physician Quality Reporting System (PQRS) programs, (b) our EHR product and its performance, including defects that relate to patient safety or meaningful use certifications, (c) the software code used in certifying our EHR software and information, and (d) marketing programs and payments provided for the referral of EHR business. In late 2022, the United States Attorney’s Office informed NextGen of the existence of a sealed qui tam lawsuit concerning the issues NextGen has been discussing with their Office. While we have not yet reached a final, binding settlement agreement with the DOJ, we have reached an agreement in principle and have recorded legal settlement expense to reflect the anticipated payment to the DOJ if the settlement currently being negotiated is consummated. We also recorded an estimated amount of expense associated with attorneys’ fees that upon a final settlement would be paid to the private law firm that brought the original qui tam lawsuit. See Note 17, “Contingencies,” to our consolidated financial statements included in Part II, Item 8, “Financial Statements and Supplementary Data” of this Form 10-K for additional information. We expect that a final settlement with the DOJ, if it were to be completed, may include other material non-financial terms and conditions, including a civil settlement agreement. A variety of material issues remain subject to further negotiation and approval by us and the government before any binding resolution can be finalized, and additional accruals and expenses may be necessary following further negotiation. We cannot provide assurances that our efforts to reach a final settlement with the DOJ will be successful or, if they are, the timing or final terms of any such settlement. In addition, compliance with the terms of any such final settlement documents could impose significant costs and burdens on us. If we fail to comply with any such final settlement documents, the DOJ may impose substantial monetary penalties, exclude us from Medicare, Medicaid, and other federal healthcare programs, and/or bring administrative, civil or criminal charges against us, which could have a material adverse effect on our business, financial condition and results of operations. If a final agreement cannot be reached, the existing qui tam lawsuit will proceed to litigation and the DOJ may bring additional claims or other enforcement actions against us. These proceedings could lead to material fines, penalties, damages, and liabilities which could be substantial, as well as other material sanctions, and we would expect to incur significant costs in connection with such enforcement action and proceedings, regardless of the outcome. If any or all of these events occur, our business, financial condition and results of operations could be materially and adversely affected. Even if we were to reach a final settlement with the DOJ, such settlement or the conduct involved in the settlement may cause other governmental agencies to initiate investigations or proceedings, or may cause private parties such as shareholders, to threaten or initiate litigation, any of which could result in substantial and material fines, penalties, damages, expenses and/or liabilities, divert management’s attention from other business concerns and have a material adverse effect on our business, results of operations and financial condition. We may also be subject to negative publicity related to these matters that could harm our reputation, reduce demand for our solutions and services, result in employee attrition and negatively impact our stock price.

Risks Related to Our Operations, Products and Services

Our business is subject to data security risks and cyber-attacks, and if we are unable to safeguard the security and privacy of our client’s data, our services may be perceived as not being secure, clients may curtail or stop using our services, we may incur significant liabilities, and our reputation and business may be harmed. Our services involve the collection, storage, transmission and processing of clients’ proprietary and confidential information, including the personally identifiable and protected health information of our clients’ patients, as well as the personal and confidential information of our

Table of Contents

employees and others. Because of the sensitivity of this information, security features of our network, software, and systems are very important. Threat actors regularly attempt to gain access to our information and systems through various techniques. These threats include cyber attacks, the use of harmful malware or ransomware, security breaches, acts of vandalism or theft, (including by employees), computer viruses, misplaced or lost data, programming and/or human errors, power outages, protected health information leakage from implementing third-party technology to process and share data, hardware failures or other similar events. Furthermore our increased use of mobile and cloud technologies, including as a result of the shift to work-from-home arrangements resulting from the COVID-19 pandemic, has heightened these cybersecurity and privacy risks, including risks from cyber attacks such as phishing, spam emails, hacking, social engineering, and malicious software. We have expended and may continue to expend significant capital and other resources to protect against data incidents, cyber attacks, or security breaches or to alleviate or mitigate problems caused by data incidents, cyber attacks, or security breaches.

Despite our implementation of security and privacy measures designed to ensure data security and compliance with applicable laws and rules, our network, systems, and services are vulnerable to these threats. Because techniques used to attack or compromise our systems change frequently and generally are not recognized until launched against a target, we may be unable to anticipate these techniques or to implement adequate preventive security measures. Although we train and monitor our employees, it is possible that our employees may, intentionally or unintentionally, act in ways that create security vulnerabilities, present security risks to the network, or otherwise compromises our security measures and our systems. If our security measures are unable to safeguard our network, systems, and services, and the confidential, proprietary, personal, and protected health information stored and processed thereon, someone may be able to obtain unauthorized access to our network, systems, and software, as with the security incidents described below, and then employee, client, or patient data thereon. As a result, our reputation could be damaged, we could lose clients or business partners, our business may suffer, and we could face damages for contract breach, penalties for violation of applicable laws or regulations and significant costs for remediation and remediation efforts to prevent future occurrences, all of which could have a material adverse effect on our business, operations, and financial results.

We rely upon our clients as users of our system for key activities to promote security of the system and the data within it, such as administration of client-side access credentialing and control of client-side display of data. On occasion, our clients have failed to perform these activities. Failure of clients to perform these activities may result in claims against us that this reliance was misplaced, which could expose us to significant expense and harm to our reputation even though our policy is to enter into business associate agreements with our clients. In addition, our clients may authorize or enable third parties to access their client data or the data of their patients on our systems. Because we do not control such access, we cannot ensure the complete propriety of that access or integrity or security of such data in our systems.

Violations of state or federal privacy or data security laws may result in claims against us or may limit or prevent our use of data, which could harm our business. Certain health privacy laws, data breach notification laws, privacy laws, and consumer protection laws may apply directly to our business and/or those of our collaborators and may impose restrictions on our collection, use, storage, and dissemination of individuals’ personal information and protected health information. Patients about whom we obtain personal and health information, as well as the healthcare services clients who share this information with us, may have statutory or contractual rights that limit our ability to use and disclose the information. We may be required to expend significant capital and other resources to ensure ongoing compliance with applicable privacy and data security laws. Claims that we have violated individuals’ privacy rights, violated applicable privacy or data security laws and regulations or breached our contractual obligations, even if we are not found liable, could be expensive and time-consuming to defend and could result in adverse publicity that could harm our business. This could impair our functions, processes and databases that reflect, contain, or are based upon such data and may prevent use of such data. In addition, this could interfere with or prevent creation or use of rules and analyses or limit other data-driven activities that are beneficial to our business. Moreover, we may be subject to claims or liability for use or disclosure of information by reason of lack of valid notice, permission or waiver. These claims or liabilities could subject us to unexpected costs and adversely affect our operating results.

Data security incidents or security breaches could have numerous material adverse effects on our business and could result in significant liabilities, losses, and damages . In the course of our business operations, we collect, store, process, compile, and transmit confidential information, including personal information, patient health information, financial information and other sensitive information of our employees, our clients, and our clients’ patients. We also use third-party contractors to provide certain of these services, such as the service provides that host our technology platform. Although we train and monitor our employees and have systems and technical, physical, and administrative safeguards in place that we believe are reasonably designed to prevent and detect data security incidents and security breaches, we have no guarantee that these programs and controls will be adequate to prevent all possible security threats, cyber attacks, vulnerabilities, malfeasance, or errors. It is possible that our own employees, or that of our clients and vendors, may engage in conduct that compromises security or privacy.

Unauthorized access to or the compromise of our computer systems or data, or to the computer systems or data of our contractors, could result in the misappropriation or loss of assets or the disclosure of sensitive information, including any resulting from the incidents described below and in Note 17 to our audited financial statements, the corruption of data, disruption of our business operations, damage our reputation, reduce demand for our services, require us to devote financial and other resources to mitigate these breaches, subject us to litigation from our clients or shareholders, as well as actions by regulatory agencies, and result in damages being assessed against us.

Table of Contents

In addition, the other systems with which we may interface, such as the internet and related systems may be vulnerable to security breaches, viruses, malware, programming errors, or similar disruptive problems. The effect of these security breaches and related issues could also disrupt our ability to perform certain key business functions and could potentially reduce demand for our services. Accordingly, we have expended significant resources toward establishing and enhancing the security of our related infrastructures, although no assurance can be given that they will be entirely free from potential breach or compromise. Maintaining and enhancing our infrastructure security may require us to expend significant capital in the future.

The success of our strategy to offer our EDI services and SaaS solutions depends on the confidence of our clients in our ability to securely transmit confidential information. Our EDI services and SaaS solutions rely on encryption, authentication and other security technology licensed from third parties to achieve secure transmission of confidential information. We may not be able to stop unauthorized attempts to gain access to or disrupt the transmission of communications by our clients. Anyone who is able to circumvent our security measures could misappropriate or steal confidential user information or interrupt our, or our clients’, operations. In addition, our EDI and SaaS solutions may be vulnerable to viruses, malware, physical or electronic break-ins and similar disruptions.

High-profile security breaches, especially companies supporting the healthcare industry, have increased in recent years, and security industry experts and government officials have warned about the risks of hackers and cyber-attacks targeting information technology products and businesses. Although this is an industry-wide problem that affects other software and hardware companies, we may be targeted by computer hackers because we are a prominent healthcare information technology company and have high profile clients. These risks will increase as we continue to grow our cloud offerings, store and process increasingly large amounts of our clients’ confidential data, including personally identifiable and protected health information, and host or manage parts of our clients’ businesses in cloud-based/multi-tenant information technology environments. We use third party cloud providers in connection with our cloud-based offerings or third-party providers to host our own data, in which case we may have to rely on the processes, controls and security such third parties have in place to protect the infrastructure. Moreover, unauthorized access, acquisition, use, alteration, destruction, or disclosure of such sensitive information, including any resulting from the incidents described below, could result in civil or criminal liability or regulatory action, including potential fines and penalties.

The costs we have had to incur and which we could continue to incur to address any security incidents or security breaches increase our expenses, and our efforts to resolve these problems may not be successful and could result in interruptions, delays, cessation of service and loss of existing or potential clients that may impede our sales, development of solutions, provision of services, or other critical functions. If a cyberattack or other security incident were to allow unauthorized access to or unauthorized acquisition, use, modification, or disclosure of our clients’ or suppliers’ data, personal information or protected health information of patients, our own data, or our information technology systems (much like what occurred in the January and March 2023 incidents described below), or if our products or services are perceived as having security vulnerabilities, we could suffer significant damage to our brand and reputation. This could lead to fewer clients using our products or services and make it more difficult for us to obtain new clients, resulting in reduced revenue and earnings. These types of security incidents could also lead to lawsuits, regulatory investigations and claims, and increased legal liability, such as the lawsuits stemming from the March 2023 security incident as described below and in Note 17 to our audited financial statements.

On January 6, 2023, we became aware of unauthorized access to a limited part of the corporate NextGen Healthcare network, which, upon investigation, revealed that NextGen was the target of a sophisticated cyber attack. We immediately executed our internal response procedures and launched an in-depth forensic investigation with the help of leading third-party forensic experts. We also took measures to contain the threat and to successfully eradicate it from our network. Though our operations returned to normal in relatively short order, out of an abundance of caution, we notified any clients who were impacted by the disruption and incident. Because of the sophisticated nature of the cyber attack on our systems, our in-depth forensic investigation into the nature and full scope of the incident remains ongoing and we continue to perform a detailed and manual review and analysis of the data potentially impacted to understand if any personally identifiable information or protected health information was accessed without authorization during the attack. Impact to personally identifiable information or protected health information belonging to our employees, clients, or patients could trigger data breach notification obligations, which could result in lawsuits from impacted clients, patients, or employees, regulatory inquiries, significant damage to our reputation, loss of sales and clients, and other damages or losses.

Separately, on March 30, 2023, we were alerted to suspicious activity on our NextGen Office (NGO) system. In response, we executed our internal response procedures and launched a forensic investigation with the help of leading third-party forensic experts. We also took measures to contain the incident and contacted law enforcement. From our forensic investigation, we determined that an unknown third-party gained unauthorized access to a limited set of electronically stored personal information on the NGO system between March 29, 2023 and April 14, 2023. We also determined that the unknown third-party accessed the NGO system by using NGO client credentials that appeared to have been stolen from sources or incidents unrelated to us, and then used those credentials to access the NGO system. We performed an analysis and review of the impacted data and discovered that certain personal information belonging to approximately 1 million patients was included in the electronic data accessed during the incident. The information impacted included: name, date of birth, address, and social security number. However, there was no evidence to suggest there was any access or impact to any protected health information or any medical records. On April 28, 2023, we sent written notification to all impacted individuals and offered them 24 months of free fraud detection monitoring and identity theft protection. We also directly notified impacted NGO clients as well as state regulatory authorities and the three credit bureaus.

Table of Contents

Following our notification of the data breach, we were named as a defendant in thirteen putative class action lawsuits in the United States District Court for the Northern District of Georgia, all of which assert various claims stemming from the data breach and NextGen Healthcare’s alleged failure to safeguard personal information. These lawsuits seek monetary damages, injunctive and declaratory relief, and attorneys’ fees and costs. We believe we have meritorious defenses to these actions and intend to vigorously oppose the claims asserted in these complaints. We cannot reasonably estimate the range of potential losses that may be associated with these lawsuits because of the early stage of each lawsuit. We also cannot assure you that we will not become subject to other lawsuits, inquiries, or claims relating to or arising from the March incident. Although we maintain cyber-technology liability insurance, it is possible that the ultimate amount paid by us, if we are unsuccessful in defending all of the litigation, will be in excess of our cyber-technology liability insurance coverage applicable to claims of this nature.

Furthermore, even though we carry cyber-technology insurance policies that provide insurance coverage under certain circumstances, we may suffer other losses and costs as a result of the security incidents described above or other security incidents or security breaches that exceed the coverage available under our insurance policies or for which we do not have coverage. In the future, such insurance may not be available on commercially reasonable terms, or at all. Our risk and exposure to these matters remains heightened because of, among other things, the value of healthcare-related data and the interconnectivity and interdependence of third parties to our systems. In addition, publicity related to security incidents, including the security incidents described above, could in the future have a range of other adverse effects on our business or prospects, including causing or contributing to loss of customer confidence, reduced customer demand, reduced customer retention, strategic growth opportunities, and associated retention and recruiting difficulties, some, or all of which could be material.

The occurrence of actual cyber security events, such as the security incidents described above, could magnify the severity of the adverse effects of future incidents on our business. Because the techniques used to obtain unauthorized access, disable, or degrade service, or sabotage information systems can be difficult to detect for extended periods of time and can involve difficult or prolonged assessment or remediation periods even once detected, there can be no assurance that the steps we take in response to an incident, including the security incidents identified above, will be sufficient to prevent future significant incidents. As threats continue to evolve and increase, we have already devoted and expect to continue to devote significant resources in order to modify and enhance our security controls and to identify and remediate any security vulnerabilities. Our risk and exposure to these matters remains heightened because of, among other things, the value of healthcare-related data and the interconnectivity and interdependence of third parties to our systems.

We may experience interruption at our data centers or client support facilities, which could interrupt clients’ access to their data, exposing us to significant costs and reputational harm. We perform data center and/or hosting services for certain clients, including the storage of critical patient and administrative data and the provision of support services, at company-managed facilities and through third party hosting arrangements with public cloud providers. We also use public cloud providers and other third parties in connection with hosting our own data. While we control and generally have exclusive access to our servers and all of the components of our network that are located in our external data centers, we do not control the operation of these facilities and they may be vulnerable to damage or interruption from hurricanes, earthquakes, floods, fires, power loss telecommunications failures and similar events. Likewise, our use of a single cloud vendor could increase our exposure to interruptions if the vendor were to experience a catastrophic event impacting its service offering. System redundancy, disaster recovery and other continuity measures may be inadequate. Any interruption, damage or breach of our systems or with those of third parties on which we rely, such as our cloud service providers, could damage our reputation, cause us to lose existing clients, hurt our ability to obtain new clients, result in significant revenue loss, create potential liabilities for our clients and us and increase insurance and other operating costs.

Our business depends on continued and unimpeded access to the internet and we rely on bandwidth providers, data center providers, and other third parties over which we exercise limited control. We deliver products and services that are dependent on the development and maintenance of the infrastructure of the internet and other telecommunications services by third parties. Any failure or interruption in the services provided by these third parties or our own systems, or any failure of or by third-party providers’ systems or our own systems to handle current or higher volume of use, could significantly harm our business. We exercise limited control over our third-party suppliers, which increases our vulnerability to problems with services they provide. In the event of any difficulties, outages and delays by internet service providers, we may be impeded from providing services, which could result in substantial costs to remedy those problems or negatively impact our relationship with our clients, our business, results of operations and financial condition.

Our products or services could fail to perform properly due to errors or similar problems which could have an adverse effect on our business, results of operations and financial condition. Our products and services, and the third-party software products or services incorporated therein, may contain defects or errors, including errors in the design, coding, implementation, or configuration, which could create vulnerabilities and affect the ability of our products and services to properly function, integrate or operate with other offerings, or achieve market acceptance. This includes third-party software products or services incorporated into our own solutions and services. Errors and defects in our products and services can also result in data loss or corruption or cause the information that we collect to be incomplete or inaccurate. In addition, errors may arise from interface of our solutions with systems and data that we did not develop and the function of which is outside our control or undetected in our testing. As a result, when problems occur, it may be difficult to identify the source of the problem. It is possible that errors may be found after introduction of new products or services or enhancements to existing products or services. If we detect errors before we introduce a solution, we may have to delay deployment for an extended

Table of Contents

period while we address the problem. If we do not discover errors until after deployment, we may need to provide enhancements to correct such errors. Remediating product defects and errors could consume our development and management resources. Quality or performance issues with our products and services may result in product-related liabilities, unexpected expenses, and diversion of resources to remedy errors, harm to our reputation, lost sales, delays in commercial releases, delays in or loss of market acceptance of our solutions, license termination or renegotiations, and privacy or security vulnerabilities. Any of the foregoing could materially and adversely impact our reputation as well as our business, financial condition, and operating results.

We may be liable for use of content we provide . We provide content for use by healthcare providers in treating patients. Certain of this content is provided by third-party content suppliers. In addition, certain of our solutions provide applications that relate to patient clinical information. If this content is incorrect or incomplete, adverse consequences may occur and give rise to third party claims based on the nature and content of health information provided or made available through our solutions. We could also be subject to liability for content that may be accessible through our website or third-party websites linked from our website or through content and information that may be posted by users in chat rooms, bulletin boards or on websites created by professionals using our applications. Even if these claims do not result in liability to us, investigating and defending against these claims could be expensive and time consuming and could divert management’s attention away from our operations.

We may be subject to claims for system errors, warranties, or product liability, which could have an adverse effect on our business, results of operations and financial condition. Because our products and services are used in clinical settings to collect, store and display health-related information used in the diagnosis and treatment of patients and for related practice management purposes, such as admissions and billing, our clients and users of our systems have a heightened sensitivity to errors and defects. If our products or services are alleged to have contributed to faulty clinical decisions, injury to patients or negative financial impact to clients, we might be subject to claims or litigation by our clients or their patients. Any failure by our products to provide accurate and timely information concerning patients, their medication, treatment, and health status, generally, could result in claims against us which could materially and adversely impact our financial performance, industry reputation and ability to market new system sales. In addition, a court or government agency may take the position that our delivery of health information directly, including through licensed practitioners, or delivery of information by a third-party site that a consumer accesses through our websites, exposes us to assertions of malpractice, other personal injury liability, or other liability for wrongful delivery/handling of healthcare services or erroneous health information. We maintain insurance to protect against claims associated with the use of our products as well as liability limitation language in our end-user agreements, but there can be no assurance that our insurance coverage or contractual language would adequately cover any claim asserted against us. A successful claim or series of claims brought against us in excess of or outside of our insurance coverage could have an adverse effect on our business, results of operations and financial condition. Even unsuccessful claims could result in our expenditure of funds for litigation and management time and resources.

We are subject to the effect of payer and provider conduct which we cannot control and accordingly, there is no assurance that revenue for our services will continue at historic levels . We offer certain electronic claims submission products and services as part of our product line. While we have implemented certain product features designed to maximize the accuracy and completeness of claims submissions, these features may not be sufficient to prevent inaccurate claims data from being submitted to payers. Should inaccurate claims data be submitted to payers, we may be subject to liability claims. Electronic data transmission services are offered by certain payers to healthcare providers that establish a direct link between the provider and payer. This process reduces revenue to third party EDI service providers such as us. A significant increase in the utilization of direct links between providers and payers would reduce the number of transactions that we process and for which we are paid, resulting in a decrease in revenue and an adverse effect on our financial condition and results of operations.

We face risks related to the periodic maintenance and upgrades that need to be made to our products. As we continue to develop and improve upon our technology and offerings, we need to periodically upgrade and maintain the products deployed to our clients. This process can require a significant amount of our internal time and resources and be complicated and time consuming for our clients. Certain upgrades may also pose the risk of system delays or failure. If our periodic upgrades and maintenance cause disruptions to our clients, we may lose revenue-generating transactions, our clients may elect to use other solutions and we may also be the subject of negative publicity that may adversely affect our business and reputation.

Our failure to obtain licenses for, or our use of, third-party technologies and services could harm our business. We depend upon licenses for some of the technology used in our products as well as other services from third party vendors. Most of these arrangements can be continued/renewed only by mutual consent and may be terminated for any number of reasons. We may not be able to continue using the products or services made available to us under these arrangements on commercially reasonable terms or at all. As a result, we may have to discontinue, delay, or reduce product shipments or services provided until equivalent technology or services can be identified, licensed, developed, or integrated, and this inability could harm our business and operating results. Most of our third-party licenses are non-exclusive. Our competitors may obtain the right to use any of the business elements covered by these arrangements and use these elements to compete directly with us. Our use of third-party technologies also exposes us to increased risks, including risks associated with the integration of new technology into our solutions, the diversion of our resources from development of our own proprietary technology and our inability to generate revenue from third-party technologies and services sufficient to offset associated costs which would negatively impact our results of operations. Further, the operation of our products would be impaired if errors occur in third

Table of Contents

party technology or content that we incorporate, and we may incur additional costs to repair or replace the defective technology or content. It may be difficult for us to correct any errors in third party products because the products are not within our control.

Regulatory, Legal and Compliance Risks

There is significant uncertainty in the healthcare industry in which we operate, and the current governmental laws and regulations, as well as any future modifications to the regulatory environment, may adversely impact our business, financial condition, and results of operations. The healthcare industry is subject to changing political, economic, legal, and regulatory influences that may affect the procurement processes and operation of healthcare facilities and our costs to deliver products and services that enable our clients to meet their compliance requirements. During the past decade, the healthcare industry has been subject to increased legislation and regulation of, among other things, reimbursement rates, payment programs and information technology programs and certain capital expenditures. These health reform laws contain various provisions which impact us and our clients. Some of these provisions have a positive impact, by expanding the use of electronic health records in certain federal programs, for example, while others, such as reductions in reimbursement for certain types of providers, have a negative impact due to fewer available resources. The continued increase in fraud and abuse penalties is expected to adversely affect participants in the healthcare sector, including us. The full impact of healthcare reform legislation and of further statutory actions to reform healthcare payment on our business is unknown, but there can be no assurance that health care reform legislation will not adversely impact either our operational results or the manner in which we operate our business.

As existing regulations mature and become better defined, we anticipate that these regulations will continue to directly affect certain of our products and services, but we cannot fully predict the effect at this time. Healthcare providers may react to these laws and any future proposals, and the uncertainty surrounding such proposals, by curtailing or deferring investments, including those for our products and services. Our efforts to provide solutions that enable our clients to comply with these regulations could be time consuming and expensive and may adversely affect our business model. We have taken steps to modify our products, services, and internal practices as necessary to facilitate our compliance with the regulations, but there can be no assurance that we will be able to do so in a timely or complete manner. Achieving compliance with these regulations could be costly and distract management’s attention and divert other company resources, and any noncompliance by us could result in civil and criminal penalties.

The healthcare industry is heavily regulated and our failure to comply with regulatory requirements could create liability for us and adversely affect our business. As a participant in the healthcare industry, our business, and that of our clients, is subject to a wide array of complex and rapidly changing federal and state laws, regulations, and industry initiatives, including in the areas of information sharing, electronic health record and interoperability standards, e-prescribing, claims processing and transmission, security and privacy of patient data, and healthcare fraud, including laws prohibiting the submission of false or fraudulent claims which apply to healthcare providers and others that make, offer, seek or receive referrals or payments for products or services that may be paid for through any federal or state healthcare program and, in some instances, any private program. These laws are complex and their application to our specific services and relationships may not be clear and may be applied to our business in ways that we do not anticipate. The impact of these regulations on us is both direct, to the extent that we are ourselves subject to these laws and regulations, and also indirect, in terms of government program requirements applicable to our clients for the use of health information technology. Federal and state regulatory and law enforcement authorities have recently increased enforcement activities with respect to Medicare and Medicaid fraud and abuse regulations and other healthcare reimbursement laws and rules. Increases in fraud and abuse penalties may also adversely affect participants in the health care sector, including us.

Other specific risks include, but are not limited to, risks relating to:

Privacy and Security of Patient Information. As part of the operation of our business, we and our third-party service providers collect, process and store significant amounts of sensitive, confidential, and proprietary information, including personally identifiable information, such as payment data and protected health information. U.S. federal, state and local laws and foreign legislation govern the confidentiality of personal and patient medical record information, how that information may be used, and the circumstances under which such information may be released. These regulations govern both the disclosure and use of confidential personal and patient medical record information and require the users of such information to implement specified security and privacy measures. HIPAA regulations apply national standards for some types of electronic health information transactions and the data elements used in those transactions to ensure the integrity, security and confidentiality of health information and standards to protect the privacy of individually identifiable health information and require us to enter into business associate agreements with our clients and vendors. Failure by us to enter into adequate business associate agreements with any client or vendor would place us in violation of applicable standards and requirements and could expose us to liability. We and our clients are also subject to evolving state laws regarding the privacy and security of healthcare information and personal information generally. These rules, and any future changes to privacy and security rules, may increase the cost of compliance and could subject us to additional enforcement actions, which could further increase our costs and adversely affect the way in which we do business.

Foreign regulations, including the EU General Data Protection Regulation (“GDPR”), may impose restrictions on the processing of personal data (including health-data) that, in some respects, are more stringent, and impose more significant burdens on subject businesses, than current privacy standards in the United States. In non-U.S. jurisdictions, we also are

Table of Contents

subject to potential restrictions on cross-border transfers of personal data to the United States as well as other countries where we have operations or partnerships.

Data protection regulations impact how businesses, including both us and our clients, can collect and process the personal data of individuals. The costs of compliance with, and other burdens imposed by, such laws, regulations and policies, or modifications thereto, that are applicable to us may limit the use and adoption of our products and services and could have a material adverse impact on our business, results of operations and financial condition. Furthermore, we incur development, resource, and capital costs in delivering, updating, and supporting products and services to enable our clients to comply with these varying and evolving standards. Federal, state and non-U.S. governmental enforcement personnel have substantial powers and remedies, particularly in the EU, to pursue suspected or perceived violations. If we fail to comply with any applicable laws or regulations, we could be subject to civil penalties, sanctions and contract liability and could otherwise damage our reputation. Enforcement investigations, even if meritless, could have a negative impact on our reputation, cause us to lose existing clients or limit our ability to attract new clients.

In addition to data privacy and security laws, we are contractually subject to industry standards adopted by industry groups and may become subject to such obligations in the future. For example, the PCI DSS requires companies to adopt certain measures to ensure the security of cardholder information, including using and maintaining firewalls, adopting proper password protections for certain devices and software, and restricting data access.

We may be subject to false or fraudulent claim laws . There are numerous federal and state laws that forbid submission of false information or the failure to disclose information in connection with submission and payment of physician claims for reimbursement. In some cases, these laws also forbid abuse of existing systems for such submission and payment. Any failure of our revenue cycle management services to comply with these laws and regulations could result in substantial liability including, but not limited to, criminal liability, could adversely affect demand for our services and could force us to expend significant capital, research and development and other resources to address the failure. Errors by us or our systems with respect to entry, formatting, preparation or transmission of claim information may be determined or alleged to be in violation of these laws and regulations. Determination by a court or regulatory agency that our services violate these laws could subject us to civil or criminal penalties, invalidate all or portions of some of our client contracts, require us to change or terminate some portions of our business, require us to refund portions of our services fees, cause us to be disqualified from serving clients doing business with government payers and have an adverse effect on our business. Determination by a court that we have violated the FCA may subject us to treble damages, plus mandatory civil penalties for each separate false claim. Even if these matters are not resolved against us, the uncertainty and expense associated with unresolved legal proceedings could harm our business and reputation. It is possible that resolution of one or any combination of more than one legal matter could result in a material adverse impact on our financial position or results of operations.

In most cases where we are permitted to do so, we calculate charges for our revenue cycle management services based on a percentage of the collections that our clients receive as a result of our services. To the extent that violations or liability for violations of these laws and regulations require intent, it may be alleged that this percentage calculation provides us or our employees with incentive to commit or overlook fraud or abuse in connection with submission and payment of reimbursement claims. CMS has stated that it is concerned that percentage-based billing services may encourage billing companies to commit or to overlook fraudulent or abusive practices.

A portion of our business involves billing of Medicare claims on behalf of its clients. In an effort to combat fraudulent Medicare claims, the federal government offers rewards for reporting of Medicare fraud which could encourage others to subject us to a charge of fraudulent claims, including charges that are ultimately proven to be without merit.

Additionally, under the FCA, the federal government allows private individuals to file a complaint or otherwise report actions alleging the defrauding of the federal government by an entity. These suits, known as qui tam actions or “whistleblower” suits may be brought by, with only a few exceptions, any private citizen who believes that he has material information of a false claim that has not been previously disclosed. If the federal government intervenes, the individual that filed the initial complaint may share in any settlement or judgment. If the federal government does not intervene in the action, the whistleblower plaintiff may pursue its allegation independently. Some states have adopted similar state whistleblower and false claims provisions. Qui tam actions under the FCA and similar state laws may lead to significant fines, penalties, settlements or other sanctions, including exclusion from Medicare or other federal or state healthcare programs, which could result in a material adverse impact on our financial position or results of operations

Interoperability and Other Regulatory Standards. Our clients are concerned with and often require that our software solutions and health care devices be interoperable with other third-party health care information technology suppliers. The Cures Act includes numerous provisions intended to encourage this nationwide interoperability. In March 2020, the ONC finalized additional regulations under the Cures Act to enforce the Act’s policy directives relating to data sharing and interoperability. Specifically, it calls on developers of certified EHRs and health IT products to adopt standardized application programming interfaces (“APIs”), which will help allow individuals to securely and easily access structured and unstructured EHI formats using smartphones and other mobile devices. This provision and others included in the rule create a lengthy list of new certification and maintenance of certification requirements that developers of EHRs and other health IT products must meet in order to maintain approved federal government certification status. Meeting and maintaining this certification status will require additional development costs. Other regulatory provisions included in the Cures Act could create compliance costs and/or regulatory risks for the company.

Table of Contents

Because these regulations are subject to future changes and/or significant enforcement discretion by federal agencies, the ultimate impact of these regulations is unknown. Market forces or governmental authorities could continue to create software interoperability or other regulatory standards that could apply to our solutions, and if our applicable products or services are not consistent with those standards, we could be forced to incur substantial additional development costs. If our applicable products or services are not consistent with these varying and evolving standards or do not support our clients in their efforts to meet new certification requirements, our market position and sales could be adversely affected, which could materially and adversely impact our financial condition and operating results.

The ONC rule also implements the information blocking provisions of the Cures Act, including identifying reasonable and necessary activities that do not constitute information blocking. Under the Cures Act, the HHS has the regulatory authority to investigate and assess civil monetary penalties of up to $1,000,000 against certified health IT developers found to be in violation of “information blocking” prohibitions. This new oversight and authority to investigate claims of information blocking creates significant risks for us and our clients and could potentially create substantial new compliance costs.

Federal Requirements for the Use of Certified Health Information Technology. Various federal, state and non-government agencies continue to generate requirements for the use of certified health information and technology and interoperability standards which affect the design of such technology. Although the incentive programs available to healthcare providers who implemented EHRs and demonstrated meaningful use under the HITECH Act has expired, the requirements associated with certification and privacy remain in effect. In addition, the Cures Act has tied CEHRT to certain of its policy goals, and participation in Medicare’s alternative payment models has also been conditioned on the adoption of CEHRT. These regulations will also mandate adoption of updated and expanded certified capabilities of CEHRT that our clients must adopt to remain able to participate in the federal programs mentioned earlier. In addition, the ONC has increased its surveillance activities concerning vendor compliance relative to CEHRT.

Where clients have relied on our software as being certified according to applicable HITECH Act technical standards, we may face liability related to any incentive that the physicians received in reliance upon such certification if this certification were to be challenged. Failure to maintain this certification under the HITECH Act could also jeopardize our relationships with customers who are relying upon us to provide certified software and will make our products and services less attractive to customers than the offerings of other EHR vendors who maintain certification of their products. If our clients do not receive or lose expected payments from other incentive pay for value programs this could harm or delay their willingness to purchase future products or upgrades. We also cannot predict the speed at which healthcare providers will participate in the relevant programs or whether healthcare providers will select our products and services at all.

It is also possible that additional regulations or government programs related to electronic health records, amendment or repeal of current healthcare laws and regulations or the delay in regulatory implementation could require us to undertake additional efforts to meet expanded CEHRT standards, materially impact our ability to compete in the evolving healthcare IT market, materially impact healthcare providers' decisions to implement electronic health records systems or have other impacts that would be unfavorable to our business. The costs of achieving and maintaining CEHRT are also significant and because the definition of CEHRT and its use requirements for clients are subject to regulatory changes. We cannot predict the content or effect of possible changes to these laws or new federal and state laws that might govern these systems and services. Our inability to design our systems and services in a manner that facilitates our clients’ compliance with these laws could result in a material adverse impact on our financial position or results of operations.

Electronic Prescribing. The use of our software by physicians to perform a variety of functions, including electronic prescribing, is governed by state and federal law, including fraud and abuse laws. States have differing prescription format requirements and there is significant variation in the laws and regulations governing prescription activity, as federal law and the laws of many states permit the electronic transmission of certain controlled prescription orders, while the laws of several states neither specifically permit nor specifically prohibit the practice. Restrictions exist at the federal level on the use of electronic prescribing for controlled substances and certain other drugs. Some states have passed complementary laws governing the use of electronic prescribing tools in the use of prescribing opioids and other controlled substances, and we expect this to continue to be addressed with regulations in other states. Regulations in this area impose certain requirements which can be burdensome and evolve regularly and may adversely affect our business model.

FDA Regulation of Software as a Medical Device. The U.S. Food and Drug Administration (“FDA”) may in the future determine that our technology solutions are subject to the Federal Food, Drug, and Cosmetic Act. The December 2016 Cures Act clarified the definition of a medical device to exclude certain health information technology such as EHRs; however, the legislation did leave the opportunity for that designation to be revisited if determined to be necessary by changing industry and technological dynamics. As a result, our software may potentially be subject to regulation by the FDA as a medical device. Regulation of our software by the FDA as a medical device would require the registration of the applicable manufacturing facility and software and hardware products, application of detailed record-keeping and manufacturing standards, application of the medical device excise tax, and FDA approval or clearance prior to marketing. An approval or clearance requirement could create delays in marketing, and the FDA could require supplemental filings or object to certain of these applications, the result of which could adversely affect our business, financial condition and results of operations.

Proprietary rights are material to our success, and the misappropriation of these rights could adversely affect our business and our financial condition. We are dependent on the maintenance and protection of our intellectual property, and we rely largely on technical security measures, license agreements, confidentiality procedures and employee nondisclosure agreements to protect our intellectual property. The majority of our software is not patented, and existing copyright laws offer

Table of Contents

only limited protection. We may not be able to adequately protect against theft, copying, reverse engineering, misappropriation, infringement or unauthorized use or disclosure of our intellectual property, which could have an adverse effect on our competitive position. Further, the laws of some foreign countries do not protect our proprietary rights to as great an extent as do the laws of the United States and are often not enforced as vigorously as those in the United States.

If we are deemed to infringe on the proprietary rights of third parties, we could incur unanticipated expense and be prevented from providing our products and services. We are occasionally involved in intellectual property infringement or misappropriation claims. These claims, even if unmeritorious, are expensive to defend and are often incapable of prompt resolution. If we are unsuccessful in defending these claims, we could be required to pay a substantial damage award, develop alternative technology, obtain a license, or cease using, selling, offering for sale, licensing, implementing, or supporting the applicable technology. In addition, claims may be brought against third parties from which we purchase software, and such claims could adversely affect our ability to access third party software for our systems.

We face the risks and uncertainties that are associated with litigation and investigations, which may adversely impact our marketing, distract management and have a negative impact upon our business, results of operations and financial condition. We face the risks associated with litigation and investigations concerning the operation of our business, including claims by clients regarding product and contract disputes, by patients relating to the processing and hosting of their personally identifiable information and protected health information, by other third parties asserting infringement of intellectual property rights, by current and former employees regarding certain employment matters, by certain shareholders, and by governmental and regulatory bodies for failures to comply with applicable laws. The uncertainty associated with substantial unresolved disputes may have an adverse effect on our business. In particular, such disputes could impair our relationships with existing clients and our ability to obtain new clients. Defending litigation and investigative matters may require substantial cost and may result in a diversion of management's time and attention away from business operations, which could have an adverse effect on our business, results of operations and financial condition.

We face risks related to litigation advanced by a former director and shareholder of ours. On October 7, 2013, a complaint was filed against our Company and certain of our officers and directors by Ahmed Hussein, a former director and significant shareholder of our Company. The amended complaint generally alleges fraud and deceit, constructive fraud, negligent misrepresentation and breach of fiduciary duty in connection with statements made to our shareholders regarding our financial condition and projected future performance. The amended complaint seeks actual damages, exemplary and punitive damages and costs. Trial commenced on July 6, 2021. On July 29, 2021, a jury rendered a verdict in favor of the Company and the individual defendants on all counts. Plaintiff has appealed the jury verdict. See Note 16, “Commitments, Guarantees and Contingencies,” to our consolidated financial statements included in Part II, Item 8, “Financial Statements and Supplementary Data” of this Form 10-K for additional information.

Capital and Credit Risks

Our credit agreement contains restrictive and financial covenants that may limit our operational flexibility. If we fail to meet our obligations under the credit agreement, our operations may be interrupted, and our business and financial results could be adversely affected. On March 12, 2021, we entered into a revolving credit agreement with various lenders, secured by substantially all of our and our material domestic subsidiaries’ existing and future property. The credit agreement and potential subsequent amendments may include certain customary covenants that impose restrictions on our business and financing activities that could limit our operations or flexibility to take certain actions. The credit agreement also contains certain customary affirmative covenants requiring us to maintain specified levels of financial performance. Our ability to comply with these covenants may be affected by events that could be beyond our control. A breach of these covenants could result in an event of default under the credit agreement which, if not cured or waived, could result in the indebtedness becoming immediately due and payable, which in turn could result in material adverse consequences that negatively impact our business, the market price for our common stock, and our ability to obtain financing in the future. In addition, our credit agreement’s covenants, consent requirements, and other provisions may limit our flexibility to pursue or fund strategic initiatives or acquisitions that might be in the long-term interests of our Company and shareholders.

Our indebtedness and liabilities could limit the cash flow available for our operations, expose us to risks that could adversely affect our business, financial condition and results of operations and impair our ability to satisfy our obligations under the Convertible Notes. Our indebtedness could have significant negative consequences for our security holders and our business, results of operations and financial condition by, among other things:

increasing our vulnerability to adverse economic and industry conditions;

limiting our ability to obtain additional financing

requiring the dedication of a substantial portion of our cash flow from operations to service our indebtedness, which will reduce the amount of cash available for other purposes;

limiting our flexibility to plan for, or react to, changes in our business;

diluting the interests of our existing stockholders as a result of issuing shares of our common stock upon conversion of the Convertible Notes; and

Table of Contents

placing us at a possible competitive disadvantage with competitors that are less leveraged than us or have better access to capital.

Our business may not generate sufficient funds, and we may otherwise be unable to maintain sufficient cash reserves, to pay amounts due under our indebtedness, including the Convertible Notes, and our cash needs may increase in the future. In addition, our existing Credit Agreement contains, and any future indebtedness that we may incur may contain, financial and other restrictive covenants that limit our ability to operate our business, raise capital or make payments under our other indebtedness. If we fail to comply with these covenants or to make payments under our indebtedness when due, then we would be in default under that indebtedness, which could, in turn, result in that and our other indebtedness becoming immediately payable in full.

We may be unable to raise the funds necessary to repurchase the Convertible Notes for cash following a fundamental change, or to pay the cash amounts due upon conversion, and our other indebtedness may limit our ability to repurchase the Convertible Notes or pay cash upon their conversion. Noteholders may, subject to a limited exception, require us to repurchase their Convertible Notes following a fundamental change (as defined in the Convertible Note Indenture) at a cash repurchase price generally equal to the principal amount of the Convertible Notes to be repurchased, plus accrued and unpaid interest, if any. In addition, all conversions of Convertible Notes will be settled partially or entirely in cash. We may not have enough available cash or be able to obtain financing at the time we are required to repurchase the Convertible Notes or pay the cash amounts due upon conversion. In addition, applicable law, regulatory authorities and the agreements governing our other indebtedness may restrict our ability to repurchase the Convertible Notes or pay the cash amounts due upon conversion. Our existing Credit Agreement contains certain limitations on cash payments for the conversion, redemption or repurchase of the Convertible Notes, including compliance with certain leverage ratios on a pro forma basis after giving effect to such cash payments. Our failure to repurchase Convertible Notes or pay the cash amounts due upon conversion when required will constitute a default under the Convertible Note Indenture. A default under the Convertible Note Indenture or the fundamental change itself could also lead to a default under agreements governing our other indebtedness, which may result in that other indebtedness becoming immediately payable in full. We may not have sufficient funds to satisfy all amounts due under the other indebtedness and the Convertible Notes.

Provisions in the Convertible Note Indenture could delay or prevent an otherwise beneficial takeover of us. Certain provisions in the Convertible Notes and the Convertible Note Indenture could make a third-party attempt to acquire us more difficult or expensive. For example, if a takeover constitutes a fundamental change, then noteholders will have the right to require us to repurchase their Convertible Notes for cash. In addition, if a takeover constitutes a make-whole fundamental change, then we may be required to temporarily increase the conversion rate. In either case, and in other cases, our obligations under the Convertible Notes and the Convertible Note Indenture could increase the cost of acquiring us or otherwise discourage a third party from acquiring us or removing incumbent management, including in a transaction that noteholders or holders of our common stock may view as favorable.

The accounting method for the Convertible Notes could adversely affect our reported financial condition and results. The accounting method for reflecting the Convertible Notes on our balance sheet, accruing interest expense for the Convertible Notes and reflecting the underlying shares of our common stock in our reported diluted earnings per share may adversely affect our reported earnings and financial condition. In accordance with ASU 2020-06, we expect that the Convertible Notes will be reflected as a liability on our balance sheets, with the initial carrying amount equal to the principal amount of the Convertible Notes, net of issuance costs. The issuance costs will be treated as a debt discount for accounting purposes, which will be amortized into interest expense over the term of the Convertible Notes. As a result of this amortization, the interest expense that we expect to recognize for the Convertible Notes for accounting purposes will be greater than the cash interest payments we will pay on the Convertible Notes, which will result in lower reported income. In addition, we expect that the shares underlying the Convertible Notes will be reflected in our diluted earnings per share using the “if converted” method, in accordance with ASU 2020-06. Under that method, if the conversion value of the Convertible Notes exceeds their principal amount for a reporting period, then we will calculate our diluted earnings per share assuming that all of the Convertible Notes were converted at the beginning of the reporting period and that we issued shares of our common stock to settle the excess. However, if reflecting the Convertible Notes in diluted earnings per share in this manner is anti-dilutive, or if the conversion value of the Convertible Notes does not exceed their principal amount for a reporting period, then the shares underlying the Convertible Notes will not be reflected in our diluted earnings per share. The application of the if-converted method may reduce our reported diluted earnings per share, and accounting standards may change in the future in a manner that may adversely affect our diluted earnings per share. Furthermore, if any of the conditions to the convertibility of the Convertible Notes is satisfied, then we may be required under applicable accounting standards to reclassify the liability carrying value of the Convertible Notes as a current, rather than a long-term, liability. This reclassification could be required even if no noteholders convert their Convertible Notes and could materially reduce our reported working capital.

Uncertainty in global economic and political conditions may negatively impact our business, operating results or financial condition . Global economic and political uncertainty have caused in the past, and may cause in the future, unfavorable business conditions such as a general tightening in the credit markets, lower levels of liquidity, increases in the rates of default and bankruptcy and extreme volatility in credit, equity and fixed income markets. These macroeconomic conditions could negatively affect our business, operating results or financial condition in a number of ways. Instability can make it difficult for our clients, our vendors, and us to accurately forecast and plan future business activities and could cause constrained spending on our products and services, delays and a lengthening of our sales cycles and/or difficulty in collection of our accounts receivable. Current or potential clients may be unable to fund software purchases, which could cause them to

Table of Contents

delay, decrease or cancel purchases of our products and services or to not pay us or to delay paying us for previously purchased products and services. Our clients may cease business operations or conduct business on a greatly reduced basis. Bankruptcies or similar insolvency events affecting our clients may cause us to incur bad debt expense at levels higher than historically anticipated. Further, economic instability could limit our ability to access the capital markets at a time when we would like, or need, to raise capital, which could have an impact on our ability to react to changing business conditions or new opportunities. Finally, our investment portfolio is generally subject to general credit, liquidity, counterparty, market and interest rate risks that may be exacerbated by these and global financial conditions and other geopolitical factors, including as a result of the Russian invasion of Ukraine and continuing uncertainty surrounding the effects of Covid-19. If the banking system or the fixed income, credit or equity markets deteriorate or remain volatile, our investment portfolio may be impacted and the values and liquidity of our investments could be adversely affected as well. In addition, our compliance with complex foreign and United States laws and regulations that apply to our global operations and sales efforts increases our cost of doing business.

Tax, Finance and Accounting Related Risks

We are subject to changes in and interpretations of financial accounting matters that govern the measurement of our performance, one or more of which could adversely affect our business, financial condition, cash flows, revenue, results of operations, and debt covenant compliance . Based on our reading and interpretations of relevant guidance, principles or concepts issued by, among other authorities, the American Institute of Certified Public Accountants, the Financial Accounting Standards Board and the Commission, we believe our current business arrangements, transactions, and related estimates and disclosures have been properly reported. However, there continue to be issued interpretations and guidance for applying the relevant standards to a wide range of sales and licensing contract terms and business arrangements that are prevalent in the software industry. Future interpretations or changes by the regulators of existing accounting standards or changes in our business practices could result in changes in our revenue recognition and/or other accounting policies and practices that could adversely affect our business, financial condition, cash flows, revenue and results of operations. In addition, changes in accounting rules could alter the application of certain terms in our credit agreement, thereby impacting our ability to comply with our debt covenants.

Failure to maintain effective internal controls in accordance with Section 404 of the Sarbanes-Oxley Act of 2002 could have an adverse effect on our business, and our per share price may be adversely affected. Pursuant to Section 404 of the Sarbanes-Oxley Act of 2002 (“Section 404”) and the rules and regulations promulgated by the SEC to implement Section 404, we are required to include in our Form 10-K a report by our management regarding the effectiveness of our internal control over financial reporting. The report includes, among other things, an assessment of the effectiveness of our internal control over financial reporting. The assessment must include disclosure of any material weakness in our internal control over financial reporting identified by management. As part of the evaluation undertaken by management and our independent registered public accountants pursuant to Section 404, our internal control over financial reporting was effective as of our most recent fiscal year end. However, if we fail to maintain an effective system of disclosure controls or internal controls over financial reporting, we may discover material weaknesses that we would then be required to disclose. Any material weaknesses identified in our internal controls could have an adverse effect on our business. We may not be able to accurately or timely report on our financial results, and we might be subject to investigation by regulatory authorities. This could result in a loss of investor confidence in the accuracy and completeness of our financial reports, which may have an adverse effect on our stock price. No evaluation process can provide complete assurance that our internal controls will detect and correct all failures within our company to disclose material information otherwise required to be reported. The effectiveness of our controls and procedures could also be limited by simple errors or faulty judgments. In addition, if we continue to expand, through either organic growth or through acquisitions (or both), the challenges involved in implementing appropriate controls will increase and may require that we evolve some or all of our internal control processes. It is also possible that the overall scope of Section 404 may be revised in the future, thereby causing ourselves to review, revise or reevaluate our internal control processes which may result in the expenditure of additional human and financial resources.

Our software products are generally shipped as orders are received and accordingly, we have historically operated with a minimal backlog of license fees. As a result, a portion of our revenue in any quarter is dependent on orders booked and shipped in that quarter and is not predictable with any degree of certainty. Furthermore, our systems can be relatively large and expensive, and individual systems sales can represent a significant portion of our revenue and profits for a quarter such that the loss or deferral of even one such sale can adversely affect our quarterly revenue and profitability. Clients often defer systems purchases until our quarter end, so quarterly revenue from system sales generally cannot be predicted and frequently are not known until after the quarter has concluded. Our sales are dependent upon clients’ initial decisions to replace or substantially modify their existing information systems, and subsequently, their decision concerning which products and services to purchase. These are major decisions for healthcare providers and, accordingly, the sales cycle for our systems can vary significantly and typically ranges from six to twenty-four months from initial contact to contract execution/shipment. Because a significant percentage of our expenses are relatively fixed, a variation in the timing of systems sales, implementations and installations can cause significant variations in operating results from quarter to quarter. As a result, we believe that interim period-to-period comparisons of our results of operations are not necessarily meaningful and should not be relied upon as indications of future performance. Further, our historical operating results are not necessarily indicative of future performance for any particular period. We currently recognize revenue in accordance with the applicable accounting guidance as defined by the FASB. There can be no assurance that application and subsequent interpretations of these pronouncements will not further modify our revenue recognition policies, or that such modifications would not adversely affect our operating results reported in any particular quarter or year. Due to all of the foregoing factors, it is possible that our operating results may

Table of Contents

be below the expectations of public market analysts and investors. In such event, the price of our common stock would likely be adversely affected.

Risks Related to our Common Stock

The unpredictability of our quarterly operating results may cause the price of our common stock to fluctuate or decline. Our revenue may fluctuate in the future from quarter to quarter and period to period, as a result of a number of factors including, without limitation:

the size and timing of orders from clients;

the specific mix of software, hardware and services in client orders;

the length of sales cycles and installation processes;

the ability of our clients to obtain financing for the purchase of our products;

changes in pricing policies or price reductions by us or our competitors;

the timing of new product announcements and product introductions by us or our competitors;

changes in revenue recognition or other accounting guidelines employed by us and/or established by the Financial Accounting Standards Board ("FASB") or other rule-making bodies;

changes in government healthcare policies and regulations, such as the shift from fee-for-service reimbursement to value-based reimbursement;

accounting policies concerning the timing of the recognition of revenue;

the availability and cost of system components;

the financial stability of clients;

market acceptance of new products, applications and product enhancements;

our ability to develop, introduce and market new products, applications and product enhancements;

our success in expanding our sales and marketing programs;

deferrals of client orders in anticipation of new products, applications, product enhancements, or public/private sector initiatives;

execution of or changes to our strategy;

personnel changes; and

general market/economic factors.

Our common stock price has been volatile, which could result in substantial losses for investors purchasing shares of our common stock and in litigation against us. Volatility may be caused by several factors including but not limited to:

actual or anticipated quarterly variations in operating results;

rumors about our performance, software solutions, or merger and acquisition activity;

changes in expectations of future financial performance or changes in estimates of securities analysts;

governmental regulatory action;

health care reform measures;

client relationship developments;

purchases or sales of company stock;

activities by one or more of our major shareholders concerning our policies and operations;

changes occurring in the markets in general;

macroeconomic conditions, both nationally and internationally; and

other factors, many of which are beyond our control.

Furthermore, the stock market in general, and the market for software, healthcare and high technology companies in particular, has experienced extreme volatility that often has been unrelated to the operating performance of particular companies. These broad market and industry fluctuations may adversely affect the trading price of our common stock, regardless of actual operating performance. Moreover, in the past, securities class action litigation has often been brought

Table of Contents

against a company following periods of volatility in the market price of its securities. We may in the future be the target of similar litigation. Securities litigation could result in substantial costs and divert management’s attention and resources.

Risks Related to COVID-19

The widespread outbreak of an illness or any other communicable disease, or any other public health crises, such as the COVID-19 pandemic, and the governmental and societal responses thereto, could adversely affect our business, results of operations, and financial position. Widespread outbreaks of disease or other public health crises, such as the COVID-19 pandemic, and responses thereto have in the past and may in the future adversely affect our business and the business of our customers and suppliers. For example, declines in patient volumes at the onset of the COVID-19 pandemic negatively impacted our revenue in the fourth quarter of fiscal 2020, most notably for purchases of software and hardware, and the impact of the disruption also impacted the first half of fiscal 2021, primarily in managed services and EDI, which are volume driven. We may experience further negative financial impacts due to a number of factors, including without limitation:

Social, economic, and labor instability in India which continues to experience a severe COVID-19 resurgence and where we have operations;

A general decline in business activity including the impact of our clients’ office closures;

A disproportionate impact on the healthcare groups and other healthcare professionals with whom we contract;

Financial pressures on our clients, which may in turn result in their deferment of purchase decisions, or a delay in collections or non-payment;

Extensions of the length of sales and implementation cycles;

Disruptions to our supply chains and our third-party vendors, partners, and suppliers; and

The potential negative impact on the health or productivity of employees, especially if a significant number of them are impacted.

The magnitude and duration of the disruption and resulting decline in business activity will largely depend on future developments which are highly uncertain and cannot be predicted, including the duration and severity of the pandemic, resurgences or additional “waves” of outbreaks of the virus (including new strains or mutations of the virus), the impact of the pandemic on economic activity, the actions taken by health authorities and policy makers to contain its impacts on public health and the global economy, and the effectiveness of vaccines. Even after the COVID-19 pandemic has subsided, we may experience material adverse impacts to our business because of the global or U.S. economic impact and any recession that has occurred or may occur in the future. Additionally, concerns over the economic impact of the COVID-19 pandemic have caused extreme volatility in financial and capital markets which has and may continue to adversely impact our stock price and may adversely impact our ability to access capital markets. The COVID-19 pandemic may also have the effect of heightening many of the other risks described above.

Table of Contents

ITEM 7. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS

Except for the historical information contained herein, the matters discussed in this management’s discussion and analysis of financial condition and results of operations (“MD&A”), including discussions of our trend analyses, product development plans, business and growth strategies, future operations, financial condition and prospects, share repurchases, developments in and the impacts of government regulation and legislation, and market factors influencing our results, may include forward-looking statements that involve certain risks and uncertainties, all of which are based on current expectations, estimates, and forecasts, and the beliefs and assumptions of our management. Actual results may differ from those anticipated by us as a result of various factors, both foreseen and unforeseen, including, but not limited to, our ability to continue to develop and sell new products and services in markets characterized by rapid technological evolution, consolidation and competition from larger, better-capitalized competitors, our ability to finalize a settlement with the DOJ, cybersecurity and data protection risk and related liabilities, current or potential legal proceedings involving us, shits in our revenue mix that may impact gross margins, and the effect of developments in and the impacts of government regulation and legislation. Many other economic, competitive, governmental and technological factors could affect our ability to achieve our goals, and interested persons are urged to review the risk factors discussed in “Item 1A. Risk Factors” as set forth herein, as well as in our other public disclosures and filings with the Securities and Exchange Commission ("SEC").

This MD&A is provided as a supplement to the consolidated financial statements and notes thereto included elsewhere in this Annual Report on Form 10-K ("Report") in order to enhance your understanding of our results of operations and financial condition and should be read in conjunction with, and is qualified in its entirety by, Item 1A Risk factors and the consolidated financial statements and related notes thereto included elsewhere in this Report. Historical results of operations, percentage margin fluctuations and any trends that may be inferred from the discussion below are not necessarily indicative of the operating results for any future period. For information regarding the year ended March 31, 2021, including a year-to-year comparison of our financial condition and results of operations for the years ended March 31, 2022 and March 31, 2021, refer to Item 7, "Management's Discussion and Analysis of Financial Condition and Results of Operations" of our Annual Report on Form 10-K for the year ended March 31, 2022, filed with the SEC on May 18, 2022.

Company Overview

NextGen Healthcare is a leading provider of innovative, cloud-based, healthcare technology solutions that empower ambulatory healthcare providers to manage the risk and complexity of delivering care in the United States healthcare system. Our combination of technological breadth, depth, and domain expertise positions us as a preferred solution provider and trusted advisor for our clients. In addition to highly configurable core clinical and financial capabilities, our portfolio includes tightly integrated solutions that deliver on ambulatory healthcare imperatives, including consumerism, digitization, risk allocation, regulatory influence, and integrated care and health equity.

We serve clients across all 50 states. Over 100,000 providers use NextGen Healthcare solutions to deliver care in nearly every medical specialty in a wide variety of practice models including accountable care organizations (“ACOs”), independent physician associations (“IPAs”), managed service organizations (“MSOs”), veterans service organizations (“VSOs”), and dental service organizations (“DSOs”). Our clients range from some of the largest and most progressive multi-specialty groups in the country to sole practitioners with a wide variety of business models. With the addition of behavioral health to our medical and oral health capabilities, we continue to extend our share not only in federally qualified health centers (“FQHCs”) but also in the growing integrated care market.

Our company was incorporated in California in 1974. Previously named Quality Systems, Inc., we changed our corporate name to NextGen Healthcare, Inc. in September 2018, and in 2021, we changed our state of incorporation to Delaware. As a remote-first company, we no longer maintain a principal executive office. Our principal website is www.nextgen.com. We operate on a fiscal year ending on March 31.

Our Vision, Mission and Strategy

NextGen Healthcare’s vision is better healthcare outcomes for all. We strive to achieve this vision by delivering innovative solutions and insights aimed at creating healthier communities. We focus on improving care delivered in ambulatory settings but do so recognizing that the entire healthcare ecosystem needs to work in concert to achieve the quadruple aim… “to improved patient experience, improved provider experience, improve the health of a population, and reduce per capita health care costs.”

Our long-term strategy is to position NextGen Healthcare as both the essential, integrated, delivery platform and the most trusted advisor for the ambulatory practices of the future. To that end, we primarily serve organizations that provide or orchestrate care in ambulatory settings and do so across diverse practice sizes, specialties, care modalities, and business models. These customers include conventional practices as well as new market entrants.

We plan to invest in our current capabilities as well as build and/or acquire new capabilities. In October 2019, we acquired Topaz Information Systems, LLC for its behavioral health solutions. In December 2019, we acquired Medfusion, Inc. for its Patient Experience Platform capabilities (i.e., patient portal, self-scheduling, and patient pay) and OTTO Health, LLC for its virtual care solutions, notably telemedicine. In August 2022, we divested our commercial dental assets, further emphasizing

Table of Contents

the company’s focus on serving ambulatory care In November 2022, we acquired TSI Healthcare, LLC ("TSI") for its purpose-built clinical content and differentiated service offerings, which expands the addressable market served by our Enterprise domain, including new specialties, such as rheumatology, pulmonology, and cardiology. The integration of these acquired technologies has made NextGen Healthcare’s solutions among the most comprehensive in the market. Further, we are also actively innovating our business models and exploring new high-growth market domains.

Market Opportunity, and Trends

The scale and scope of the healthcare industry continues to expand. Annual United States healthcare spend today represents nearly $4.1 trillion and ~20% of GDP. A significant portion of this spend is directed towards the treatment of chronic conditions and administrative solutions that service an increasingly complex system with diverse stakeholders. While there are several convergent market forces reshaping the healthcare industry landscape, we are focused on six trends we believe will materially impact the markets we participate in and our customer value proposition:

Regulatory Drivers – Medicare and Medicaid continue to expand and represent approximately a third of covered lives. Further, the 21st Century Cures Act (“Cures Act”) certification requirements and impending changes by Centers for Medicare & Medicaid Services (“CMS”) to Medicare reimbursement and shared savings programs parameters (i.e., MIPS, MSSP and telehealth programs) represent continued and escalating regulatory requirements in the healthcare industry broadly and the shape of primary healthcare. Considering these regulatory and market-based changes, many ambulatory practices have come to place a very high value on partnering with vendors that demonstrate the expertise and consistency to stay ahead of these regulatory and industry changes.

Risk Reallocation – As healthcare shifts away from defined benefit models towards defined contribution, employers, payors, providers, and consumers are increasingly evaluating models to share and reallocate risk. In 2020, nearly 40% of all healthcare payments representing over 75% of all covered lives flowed through an alternative payment model. While Medicare Advantage related payments led the charge with over 55% of payments tied to alternative models, a plurality of commercial payors are also leveraging value-based provider arrangements to incent care quality standards and reduce health disparities. For providers, effective participation in these models requires a full view of the patient population’s clinical and cost data and robust financial management solutions and services to navigate multiple contract types.

Consumerism – Consumers increasingly direct their own healthcare and require greater levels of access, convenience, and experience personalization. Beyond tailoring healthcare interactions to their needs and preferences, they also expect greater transparency about the costs for visits, medications, and procedures. Accompanied by a significant shift of care from inpatient to lower cost outpatient settings and virtual modes, healthcare is poised to become increasingly ‘retail-like’ and will place unique demands on practices and care providers who need comprehensive engagement platforms to attract, retain and engage patients through their complete health journey

New Modalities and Coordinated Team Based Care – Untethered from physical clinics and desktops, care is now being delivered in “boundless” venues by multiple, coordinated care providers.

Meaningful Interoperability & Digitization – Greater levels of data exchange, automation, Artificial Intelligence (AI) and speech enabled workflows.

Integrated Care and Health Equity – Integrated, whole-person health continues to trend strongly as evidenced by FQHCs/CHCs receiving Health Resources and Services Administration (“HRSA”) funding to drive integrated medical, behavioral, and oral health. Public sector and private investment in understanding and addressing social determinants of health and improving community health are growing.

NextGen Healthcare is well positioned to play a key role in guiding our clients through short-term and long-term changes that impact healthcare in the United States and is committed to helping them deliver better outcomes.

Our Value Proposition

NextGen Healthcare’s value proposition to our clients can be summarized by the four “I’s” as follows:

Integration – Delivering a broad and highly integrated set of solutions and end-user experiences. NextGen Healthcare, a top ranked platform solution provider, is driving greater levels of efficiency and engagement for practices. Our clients value the full breadth of our solution offering and seamless integration into their clinical workflows. This integration is an important determinant of our success.

Interoperability – Building seamlessly connected data and human networks across ambulatory healthcare. NextGen Healthcare’s Interoperability solutions help create a frictionless environment where those that need important healthcare data can rapidly find and utilize it. For example, NextGen Healthcare powers over a third of all United States state-based Health Information Exchanges (“HIE’s”), with over 170 million patient records passing over our network of almost 2.8 million directory addresses.

Table of Contents

Insights – Providing intelligence at the point of care to enable better health and financial decision-making. We are helping our clients move from being data rich to insight rich. By providing intelligence, through innovative solutions that take data out of electronic health records (“EHRs”), normalize, cleanse, and present it back as usable data pipelines, NextGen Healthcare can help optimize prescription guidance, care gap reviews, billing quality, practice variance, etc. and insert it directly into clinician’s workflows in order to facilitate sound clinical and financial decisions when serving patients.

Impact – Delivering and shaping outcomes in all aspects of our solutions and service. NextGen Healthcare is pivoting towards becoming a true performance partner for our clients and is evidenced by proactively helping manage performance and outcomes for our clients.

NextGen Healthcare delivers value to our clients in several ways. Our solutions enable our clients to address current needs while preparing for the needs of the future including expanding access to health services, enhancing the coordination and management of care, and optimizing patient outcomes while also ensuring the sustainability of their practices. Specifically, we offer a range of solutions to allow clinicians to practice anywhere and work in new and innovative collaboration models.

NextGen Healthcare provides integrated cloud-based solutions and services that align with our client’s strategic imperatives. Ultimately, this value is reflected in the overall insights and impact delivered to the client. The foundation for our integrated ambulatory care platform is a core of our industry-leading EHR and practice management (“PM”) systems that support clinical, financial and patient engagement activities.

We optimize the core with an automation and workflow layer that gives our clients control over how platform capabilities are implemented to drive their desired outcomes. The workflow layer includes mobile and voice-enabled capabilities proven to reduce physician burden. Recognizing that engaged patients are key to positive outcomes, our patient experience platform enables our clients to create personalized care experiences that enhance trust and drive patient loyalty. Further, we support the advances in integrated care that focus on the whole person with solutions supporting behavioral and oral health. Our cloud-based population health and analytics engine allows our clients to improve results in both fee-for-service and fee-for-value environments.

In support of extensibility, we surround the core with open, web-based application programming interfaces (“APIs”) to drive the secure exchange of health and patient data with connected health solutions. Our commitment to interoperability, defragmenting care and our experience powering many of the nation’s HIE’s places us in a unique position to enable our clients to leverage this technology to lower the cost of care and improve the patient and provider experience by providing an integrated community patient record.

Finally, to ensure our clients get maximum value from our solutions, we have augmented our technology with key services aligned with their needs, helping to ensure they reach their organizational goals. We partner with our clients to optimize their information technology (“IT”) operations, enhance revenue cycle processes across fee-for-service and fee-for-value models, service line expansion and operations, as well as advise on long-term strategy.

Positioning NextGen Healthcare for Growth. As NextGen Healthcare applies this value proposition framework across the ambulatory care market, we incorporate some or all our current solution offerings within three broad domains illustrated in Figure 1 below:

Enterprise – The Enterprise domain is both the largest and encompasses our broadest portfolio of solutions (e.g., clinical, financial, and patient engagement solution portfolios) provided to ambulatory care practices that incorporate 10 or more healthcare providers.

Office – The Office domain reflects almost all solutions (software solutions and adjacent services) provided to an ambulatory care practice that incorporates fewer than 10 healthcare providers. Our main offering in this group is a cloud-based, multi-tenant SaaS EHR and PM solution, called NextGen ® Office.

Insights – The Insights domain incorporates solutions that address interoperability, data and analytics, and value-based care. Previously described as population health and connected health, the Insights solutions portfolio is offered to clients across both our Enterprise and Office domains as well as additional ambulatory healthcare stakeholders addressing connectivity or value-based care needs. NextGen is highlighting this domain as a reflection of its overall importance and high future growth potential.

Table of Contents

Figure 1: NextGen Healthcare Solutions Domains

Results of Operations

The following table sets forth the percentage of revenue represented by each item in our consolidated statements of net income and comprehensive income for the years ended March 31, 2023 and 2022 (certain percentages below may not sum due to rounding):

Fiscal Year Ended March 31,

Revenues:

Recurring

Software, hardware, and other non-recurring

Total revenues

Cost of revenue:

Recurring

Software, hardware, and other non-recurring

Amortization of capitalized software costs and acquired intangible assets

Total cost of revenue

Gross profit

Operating expenses:

Selling, general and administrative

Research and development costs, net

Amortization of acquired intangible assets

Impairment of assets

Restructuring costs

Total operating expenses

Income from operations

Interest income

Interest expense

Other income (expense), net

Income before provision for income taxes

Provision for income taxes

Net income (loss)

Table of Contents

Revenues

The following table presents our consolidated revenues for the years ended March 31, 2023 and 2022 (in thousands):

Fiscal Year Ended March 31,

Recurring revenues:

Subscription services

Support and maintenance

Managed services

Transactional and data services

Total recurring revenues

Software, hardware, and other non-recurring revenues:

Software license and hardware

Other non-recurring services

Total software, hardware and other non-recurring revenues

Total revenues

Recurring revenues as a percentage of total revenues

We generate revenue from sales of licensing rights and subscriptions to our software solutions, hardware and third-party software products, support and maintenance, managed services, transactional and data services, and other non-recurring services, including implementation, training, and consulting services performed for clients who use our products.

Consolidated revenue for the year ended March 31, 2023 increased $56.8 million compared to the prior year, comprised of a $54.2 million increase in recurring revenues and a $2.6 million increase in software, hardware and other non-recurring revenues. The increase in recurring revenues was driven by $21.4 million higher subscription services, $17.7 million higher managed services revenue, and a $17.2 million increase in transactional and data services, partially offset by a $2.1 million decrease in support and maintenance. The increase in subscription services reflect the incremental revenues associated with the acquisition of TSI and higher subscriptions of our NextGen Office and Insights solutions, including interoperability, virtual visits, mobile, financial analytics, and NextGen Enterprise solutions, due to higher recent bookings. The increase in managed services revenue was primarily due to increases in revenue cycle management ("RCM") services and hosting services associated with higher recent bookings. The increase in transactional and data services revenue was primarily driven by higher bookings and transaction volumes associated with our patient pay solutions, partially offset by a decrease in electronic data interchange (“EDI”) and data services revenue due to lower transaction volume. Support and maintenance decreased primarily due to net client attrition, our continued shift to subscription-based solutions, the negative impact to revenues associated with the acquisition of TSI, which was one of our value-added resellers, and the disposition of our Commercial Dental assets, as described in Note 8, "Business Combinations and Disposals" of our notes to the consolidated financial statements included elsewhere in this Report. The increase in software, hardware, and other non-recurring revenues was primarily due to higher professional services revenue from more hours incurred and projects completed in the current year period, partially offset by a decrease in software license revenue due to lower software bookings.

Bookings reflect the estimated annual value of our executed contracts, adjusted to include the effect of pre-acquisition bookings if applicable, and are believed to provide a broad indicator of the general direction and progress of the business. Total bookings were $166.5 million for the year ended March 31, 2023 compared to $152.5 million in the prior year, primarily reflecting higher bookings of patient pay services, NextGen Enterprise subscriptions, and EDI, partially offset by lower bookings of software and maintenance.

We continue to see overall practice volumes at healthy, pre-pandemic levels. This reflects in our volume- and transaction-based solutions, as noted above, and reflects an ongoing industry trend of procedure volumes migrating out of higher cost settings, like hospitals, favoring lower cost care settings and independent healthcare providers. We also continue to see healthy activity levels in our current pipeline. Sales development activities, such as lead generation and demos, indicate a positive demand environment. We have not been significantly impacted by the current economic concerns and general market conditions, and we continue to constructively engage prospects and our clients to find ways to achieve better outcomes for all.

Table of Contents

Cost of Revenue and Gross Profit

The following table presents our consolidated cost of revenue and gross profit for the years ended March 31, 2023 and 2022 (in thousands):

Fiscal Year Ended March 31,

Cost of revenue:

Recurring

Software, hardware, and other non-recurring

Amortization of capitalized software costs and acquired intangible assets

Total cost of revenue

Gross profit

Gross margin %

Cost of revenue consists primarily of compensation expense, including share-based compensation, for personnel that deliver our products and services. Cost of revenue also includes amortization of capitalized software costs and acquired technology, third party consultant and outsourcing costs, costs associated with our EDI business partners and clearinghouses, patient pay processing and support costs, hosting service costs, third party software costs and royalties, and other costs directly associated with delivering our products and services. Refer to Note 10, "Intangible Assets" and Note 11, "Capitalized Software Costs" of our notes to consolidated financial statements included elsewhere in this Report for additional information on current period amortization of capitalized software costs and acquired technology and an estimate of future expected amortization.

Share-based compensation expense included in cost of revenue was $3.1 million and $2.2 million for the years ended March 31, 2023 and 2022, respectively.

Gross profit for the year ended March 31, 2023 increased $10.2 million compared to the prior year while our gross margin percentage decreased to 47.6% for the year ended March 31, 2023 compared to 50.5% in the prior year period.

The increase in cost of revenue for the year ended March 31, 2023 compared to the prior year period was primarily due to higher transactional and data costs directly associated with higher recent revenues and bookings of our patient pay services. Recurring cost of revenue, including costs of subscription services and managed services, also increased driven by higher hosting costs, third party costs, and higher salaries and benefits from increased employee headcount related to delivering our software solutions and services, directly associated with higher revenues and bookings. Software, hardware, and other non-recurring services revenue costs increased compared to the prior periods primarily due to higher salaries and benefits from increased employee headcount and an increase in consulting costs associated with the delivery of our professional services as we accelerate Spring’21 migration. These increases in cost of revenue were partially offset by lower amortization of capitalized software costs and acquired intangible assets.

Our gross margin for the year ended March 31, 2023 compared to the prior year period decreased primarily due to increased investments in professional services as we accelerate Spring’21 migration and a shift in product mix to lower margin transactional and data services, including patient pay services, and managed services, as noted above.

Selling, General and Administrative Expense

The following table presents our consolidated selling, general and administrative expense for the years ended March 31, 2023 and 2022 (in thousands):

Fiscal Year Ended March 31,

Selling, general and administrative

Selling, general and administrative, as a percentage of revenue

Selling, general and administrative expense consists of compensation expense, including share-based compensation, for management and administrative personnel, selling and marketing expense, facilities costs, depreciation, professional service fees, including legal and accounting services, legal settlements, acquisition and transaction-related costs, and other general corporate and administrative expenses.

Share-based compensation expense included in selling, general and administrative expenses was $26.1 million and $19.9 million for the years ended March 31, 2023 and 2022, respectively. The increase in share-based compensation expense is due to increased utilization of share-based awards to incentivize our executives and employees. Refer to Note 16, "Stockholders’ Equity" of our notes to consolidated financial statements included elsewhere in this Report for additional information on our share-based awards and related incentive plans.

Selling, general and administrative expenses increased $13.8 million for the year ended March 31, 2023 compared to the prior year period is primarily due to $35.2 million of estimated legal settlement and related costs associated with the DOJ investigation regulatory matter (refer to Note 17, "Commitments, Guarantees and Contingencies" of our notes to consolidated

Table of Contents

financial statements included elsewhere in this Report for additional information), increased share-based compensation expense, as noted above, higher travel, conferences, and conventions costs, and incremental acquisition costs associated with the acquisition of TSI in November 2022. These increases were partially offset by higher legal and related costs for our shareholder litigation matter incurred in the prior year period, including an $11.4 million payment related to the indemnification of certain expenses related to the Hussein matter, approximately $9.3 million of incremental proxy contest expenses associated with our prior year annual shareholders’ meeting, and lower facilities and infrastructure costs as we transition to a remote-first company.

Research and Development Costs, net

The following table presents our consolidated net research and development costs, capitalized software costs, and gross expenditures prior to capitalization, for the years ended March 31, 2023 and 2022 (in thousands):

Fiscal Year Ended March 31,

Gross expenditures

Capitalized software costs

Research and development costs, net

Research and development costs, as a percentage of revenue

Capitalized software costs as a percentage of gross expenditures

Gross research and development expenditures, including costs expensed and costs capitalized, consist of compensation expense, including share-based compensation for research and development personnel, certain third-party consultant fees, software maintenance costs, and other costs related to new product development and enhancement to our existing products.

The healthcare information systems and services industry is characterized by rapid technological change, requiring us to engage in continuing investments in our research and development to update, enhance and improve our systems. This includes expansion of our software and service offerings that support pay-for-performance initiatives around accountable care organizations, bringing greater ease of use and intuitiveness to our software products, enhancing our managed cloud and hosting services to lower our clients' total cost of ownership, expanding our interoperability and enterprise analytics capabilities, and furthering development and enhancements of our portfolio of specialty-focused templates within our electronic health records software.

The capitalization of software development costs results in a reduction to our reported net research and development costs. Our software capitalization rate, or capitalized software costs as a percentage of gross expenditures, has varied historically and may continue to vary based on the nature and status of specific projects and initiatives in progress. Although changes in software capitalization rates have no impact on our overall cash flows, it results in fluctuations in the amount of software development costs that may be capitalized or expensed up front and the amount of net research and development costs reported in our consolidated statements of net income and comprehensive income, and ultimately also affects the future amortization of our previously capitalized software development costs. Refer to Note 11, "Capitalized Software Costs" of our notes to financial statements included elsewhere in this Report for additional information on current period amortization of capitalized software costs and an estimate of future expected amortization.

Share-based compensation expense included in research and development costs was $4.2 million and $4.5 million for the years ended March 31, 2023 and 2022, respectively.

Net research and development costs for the year ended March 31, 2023 increased $5.6 million compared to the prior year due to $15.1 million increase in our gross expenditures net of $9.5 million higher capitalization of software costs. Our software capitalization rate fluctuates due to differences in the nature and status of our projects and initiatives during a given year, which affects the amount of development costs that may be capitalized. The increase in gross expenditures was primarily driven by an increase in consulting costs and higher personnel costs from increased headcount associated with the timing and status of research and development projects. Our software capitalization rate fluctuates due to differences in the nature and status of our projects and initiatives during a given year, which affects the amount of development costs that may be capitalized.

Amortization of Acquired Intangible Assets

The following table presents our amortization of acquired intangible assets for the years ended March 31, 2023 and 2022 (in thousands):

Fiscal Year Ended March 31,

Amortization of acquired intangible assets

Table of Contents

Amortization of acquired intangible assets included in operating expense consists of the amortization related to our customer relationships, re-acquired rights and trade names intangible assets acquired as part of our business combinations. Refer to Note 10, "Intangible Assets" of our notes to consolidated financial statements included elsewhere in this Report for an estimate of future expected amortization.

Amortization of acquired intangible assets for the year ended March 31, 2023 increased $0.1 million, compared to the prior year period due to the amortization of customer relationships and re-acquired rights assets associated with our acquisition of TSI in November 2022 (refer to Note 8, "Business Combinations and Disposals" of our notes to consolidated financial statements included elsewhere in this Report for additional information). This increase was partially offset by the declining amortization of the customer relationships intangible assets associated with Medfusion and HealthFusion, which are amortized under an accelerated method of amortization.

Restructuring Costs and Impairment of Assets

During the year ended March 31, 2023, we implemented a business restructuring plan as part of our continued efforts to preserve and grow the value of the Company through client-focused innovations while reducing our cost structure. We recorded restructuring costs of $2.5 million, consisting of payroll-related costs, such as severance, outplacement costs, and continuing healthcare coverage, associated with the involuntary separation of employees pursuant to a one-time benefit arrangement, within operating expenses in our consolidated statements of net income and comprehensive income. As of March 31, 2023, the remaining restructuring liability associated with payroll-related costs was $2.0 million.

During the year ended March 31, 2022, we recorded $0.5 million of restructuring costs, consisting of payroll-related costs, such as severance, outplacement costs, and continuing healthcare coverage, associated with the involuntary separation of employees pursuant to a one-time benefit arrangement, within operating expenses in our consolidated statements of net income and comprehensive income.

During the year ended March 31, 2023, we vacated portions of certain leased locations and recorded impairments of $3.2 million to our right-of-use assets and certain related fixed assets associated with the vacated locations, or portions thereof, in St. Louis, Atlanta, Horsham, Hunt Valley, Chapel Hill, Irvine and Bangalore based on projected sublease rental income and estimated sublease commencement dates and the remeasurement of our operating lease liabilities associated with the modification and early termination of certain leases.

During the year ended March 31, 2022, we vacated portions of certain leased locations and recorded impairments of $3.9 million to our right-of-use assets and certain related fixed assets associated with the vacated locations, or portions thereof, in Irvine, Horsham, Atlanta, Fairport, Hunt Valley, Bangalore, and St. Louis based on projected sublease rental income and estimated sublease commencement dates.

The impairment analyses noted above were performed by operating right-of-use asset and the impairment charges were estimated by comparing the fair value of each operating right-of-use asset based on the expected cash flows to its respective book value. We determined the discount rate for each lease based on the approximate interest rate on a collateralized basis with similar remaining terms and payments as of the impairment date. Significant judgment was required to estimate the fair value of each operating right-of-use asset and actual results could vary from the estimates, resulting in potential future adjustments to amounts previously recorded.

Interest and Other Income and Expense

The following table presents our interest expense for the years ended March 31, 2023 and 2022 (in thousands):

Fiscal Year Ended March 31,

Interest income

Interest expense

Other income (expense), net

Interest expense relates to our convertible senior notes and revolving credit agreement, as well as the related amortization of deferred debt issuance costs. The increase in interest expense for the year ended March 31, 2023 compared to the prior year period is primarily related to the $275.0 million aggregate principal amount of 3.75% Convertible Senior Notes due 2027 that we issued on November 1, 2022, as described in more detail in Note 12, “Debt” of our notes to consolidated financial statements included elsewhere in this Report. Interest expense changes are also caused by fluctuations in outstanding balances under our revolving credit agreement and the related amortization of debt issuance costs. As of March 31, 2023, we had no outstanding balances under the revolving credit agreement.

Interest income is earned from funds in our money market and marketable securities accounts. The increase in interest income compared to the prior year period is primarily due to interest income on our marketable securities in the current period.

Other income (expense), net for the year ended March 31, 2023 primarily represents the $10.3 million gain from our disposition of our Commercial Dental assets (refer to Note 8, "Business Combinations and Disposals" of our notes to

Table of Contents

consolidated financial statements included elsewhere in this Report for additional information), net accretion income on our marketable securities, and fluctuations in the India foreign exchange rates.

Provision for Income Taxes

The following table presents our provision for income taxes for the years ended March 31, 2023 and 2022 (in thousands):

Fiscal Year Ended March 31,

Provision for income taxes

Effective tax rate

The change in the effective tax rate for the year ended March 31, 2023 compared to the prior year was driven primarily by a net increase of the foreign and state impact, and higher nondeductible expenses for legal, executive and stock compensation, partially offset with an increase of the research and development credit and other adjustments to the deferred and valuation allowance and uncertain tax positions.

Liquidity and Capital Resources

The following table presents selected financial statistics and information for the years ended March 31, 2023 and 2022 (in thousands):

Fiscal Year Ended March 31,

Cash and cash equivalents

Marketable securities

Unused portion of revolving credit agreement (1)

Total liquidity

Net income (loss)

Net cash provided by operating activities

We had no outstanding borrowings under our $300.0 million revolving credit agreement as of March 31, 2023 and 2022.

Our principal sources of liquidity are our cash generated from operations, driven mostly by our net income and working capital management, our cash and cash equivalents, marketable securities, and our debt arrangements.

We believe that our cash and cash equivalents on hand at March 31, 2023, together with our cash flows from operating activities and liquidity provided by our marketable securities and debt arrangements, will be sufficient to meet our working capital and capital expenditure requirements for the next twelve months. We intend to expend some of our available funds for the development and/or acquisition of products complementary to our existing product line as well as new versions of certain of our products. These developments are intended to take advantage of more powerful technologies and to increase the integration of our products. Our investment policy is determined by our Board of Directors. Excess cash, if any, may be invested in very liquid short term assets including tax exempt and taxable money market funds, certificates of deposit and short-term municipal bonds with weighted-average maturities of 365 days or less at the time of purchase. Our Board of Directors continues to review alternate uses for our cash including an expansion of our investment policy and other items. Any or all of these programs could significantly impact our investment income in future periods.

For the period beyond the next twelve months, we believe that we will be able to meet our working capital and capital expenditure needs from our existing cash and cash equivalents, marketable securities, cash flows generated from our operating activities, and, if necessary, proceeds from our debt arrangements. Our cash, cash equivalents, and marketable securities consist of bank deposits, United States treasury securities, money market funds, corporate notes and bonds, agency securities, and commercial paper. Our assessments of the period of time through which our existing liquidity and capital resources will be adequate to support our ongoing operations and our expected sources of capital for the future operations of our business after such period of time are forward-looking statements and involve risks and uncertainties. Our actual results could vary as a result of, and our near- and long-term future capital requirements will depend on, many factors, including our growth rate, the timing and extent of spending to support our infrastructure and research and development efforts, the expansion of sales and marketing activities, the timing of new product development and enhancements, and other general market and economic factors.

We may, from time to time, enter into arrangements to acquire or invest in complementary businesses, services and technologies, including intellectual property rights, and such acquisitions and investments could increase our need for additional capital. We may be required to seek additional financing from time to time in the future. In the event that additional financing is required from outside sources, we may not be able to raise it on terms acceptable to us or at all.

Table of Contents

Cash Flows from Operating Activities

The following table summarizes our consolidated statements of cash flows for the years ended March 31, 2023 and 2022 (in thousands):

Fiscal Year Ended March 31,

Net income (loss)

Non-cash expenses

Cash from net income, as adjusted

Change in contract assets and liabilities, net

Change in accounts receivable

Change in all other assets and liabilities

Net cash provided by operating activities

For the year ended March 31, 2023, cash provided by operating activities decreased $9.9 million compared to the prior year due to a $26.1 million decrease from lower net income, as adjusted for non-cash expenses, $11.9 million decrease from net changes in accounts receivable and $3.6 million decrease from net changes in contract balances, partially offset by a $31.8 million increase from net changes in other assets and liabilities. Non-cash expenses decreased $21.8 million primarily due to a $10.3 million gain from the disposition of our Commercial Dental assets reflected in the current year period, changes in our deferred income taxes, lower amortization of operating lease assets, and lower amortization of intangible assets, partially offset by higher share-based compensation expense. The decrease in cash from changes in accounts receivable is primarily related to growth in subscriptions and milestone invoicing from higher recent bookings, as well as incremental invoicing from our acquisition of TSI, partially offset by continued efforts to resolve aged balances and improve collections. The decrease in cash associated with net changes in contract assets and liabilities is primarily due to an increase in contract liabilities associated with our acquisition of TSI and higher subscriptions invoicing due to higher recent bookings, partially offset by lower contract assets from lower software bookings and RCM contract terminations in the current year period. The increase in cash from net changes in other assets and liabilities is primarily due to $34.0 million in accrued estimated legal settlement and related costs associated with the DOJ investigation regulatory matter in the current period and changes in our income tax assets and liabilities, including our uncertain tax positions tax liability, partially offset by a decrease in cash related to higher payments of prior year incentive bonuses paid in the current year period compared to the prior year due to a higher rate of bonus achievement for the prior fiscal year.

Cash Flows from Investing Activities

Net cash used in investing activities for the years ended March 31, 2023 and 2022 was $216.9 million and $28.1 million, respectively. The $188.8 million net increase in cash used in investing activities compared to the prior year is primarily due to $140.0 million in purchases of marketable securities in the current year period, $51.3 million of cash paid, net of cash acquired, for the acquisition of TSI, and $9.5 million higher additions to capitalized software in the current year period, partially offset by $11.3 million in cash proceeds from the disposition of our Commercial Dental assets.

Cash Flows from Financing Activities

Net cash provided by financing activities in the year ended March 31, 2023 was $212.6 million compared to net cash used for financing activities of $37.3 million in the prior year. The increase in cash provided by financing activities is primarily due to $275.0 million in proceeds from our convertible senior notes, net of $8.5 million in debt issuance costs, partially offset by a $14.0 million increase in share repurchases in the current year period.

Table of Contents

Contractual Obligations and Commitments

Convertible Senior Notes

On November 1, 2022, we issued $275.0 million in aggregate principal amount of 3.75% Convertible Senior Notes due 2027 (“Notes”). The Notes were issued pursuant to, and are governed by, an indenture, dated as of November 1, 2022, between the Company and U.S. Bank Trust Company, National Association, as trustee. Net proceeds from the issuance of the Notes were approximately $266.5 million, after deducting issuance costs totaling $8.5 million.

The Notes will accrue interest at a rate of 3.75% per annum, payable semi-annually in arrears on May 15 and November 15 of each year, beginning on May 15, 2023. The Notes will mature on November 15, 2027, unless earlier repurchased, redeemed or converted.

Approximately $10.7 million in interest payments are due within the next 12 months for our Notes. There are no required principal payments on the Notes prior to their maturity.

Refer to Note 12, “Debt” of our notes to consolidated financial statements included elsewhere in this Report for additional information.

Line of Credit

On March 12, 2021, we entered into a $300 million second amended and restated revolving credit agreement (the “Credit Agreement”). The Credit Agreement matures on March 12, 2026 and the full balance of the revolving loans and all other obligations under the Credit Agreement must be paid at that time. In addition, we are required to prepay the revolving loan balance if at any time the aggregate principal amount outstanding under the Credit Agreement exceeds the aggregate commitments thereunder.

On May 17, 2022, we entered into an amendment to the Credit Agreement, which, among other changes, provides more favorable terms and flexibility with regards to our ability to obtain additional revolving credit commitments and/or term loans thereunder, including amendments to the net leverage ratio and definition of restricted payments.

On October 27, 2022, the Company entered into that certain Amendment No. 2 to Credit Agreement (the “Second Amendment”) with the Administrative Agent and the lenders party thereto. The Second Amendment modifies the Credit Agreement to make certain updates to the conditions restricting the making of certain dividends, distributions, and other restricted payments by the Company so that the Company’s compliance with the net leverage ratio governor contained in such conditions is calculated net of the net cash proceeds of the Notes issued pursuant to the Indenture. On March 12, 2021, we entered into a $300 million second amended and restated revolving credit agreement (the “Credit Agreement”). The Credit Agreement matures on March 12, 2026 and the full balance of the revolving loans and all other obligations under the Credit Agreement must be paid at that time. In addition, we are required to prepay the revolving loan balance if at any time the aggregate principal amount outstanding under the Credit Agreement exceeds the aggregate commitments thereunder.

As of March 31, 2023, we had no outstanding borrowings under the Credit Agreement. Refer to Note 12, “Debt” of our notes to consolidated financial statements included elsewhere in this Report for additional information.

Non-cancelable Operating Leases

As of March 31, 2023, the total amount of future lease payments under operating leases was $8.3 million, of which $4.1 million is short-term. Our operating leases have a weighted average remaining lease term of 2.0 years. Included in our total future lease payments are $7.4 million of remaining lease obligations for vacated properties, of which $3.6 million is short-term. The preceding numbers do not include $0.7 million of future lease obligations, of which $0.1 million is short-term, for a lease that we have entered into that has not yet commenced. Remaining lease obligations for vacated properties relates to certain locations, including Cary, Brentwood, North Canton, Fairport, Atlanta, St. Louis, and portions of Irvine, Hunt Valley and Chapel Hill that we have vacated as part of our reorganization efforts and are actively marketing for sublease. Refer to Note 7, “Leases” and Note 18, "Restructuring Plan" of our notes to consolidated financial statements included elsewhere in this Report for additional information. The remaining obligations have not been reduced by projected sublease rentals or by minimum sublease rentals of $2.0 million due in future periods under non-cancelable subleases.

Purchase Obligations

As of March 31, 2023, we had minimum purchase commitments of $153.7 million related to payments due under certain non-cancelable agreements to purchase goods and services, of which $35.1 million is due within the next 12 months.

Share Repurchase Program

In October 2021, our Board of Directors ("Board") authorized a share repurchase program under which we may repurchase up to $60.0 million of our outstanding shares of common stock through March 2023. The timing and amount of any share repurchases under the share repurchase program will be determined by our management at its discretion based on ongoing assessments of the capital needs of the business, the market price of our common stock and general market conditions. The

Table of Contents

program does not obligate the Company to acquire any particular amount of our common stock, and the share repurchase program may be suspended or discontinued at any time at our discretion.

In October 2022, our Board authorized a new share repurchase program under which we may repurchase up to an additional $100.0 million of outstanding shares of our common stock through March 2025.

During the year ended March 31, 2023, we repurchased 2.7 million shares of common stock for a total of $49.9 million at a weighted-average share repurchase price of approximately $18.62. During the year ended March 31, 2022, we repurchased 2.2 million shares of common stock for a total of $35.9 million at a weighted-average share repurchase price of approximately $16.53.

As of March 31, 2023, $74.3 million remained available for share repurchases pursuant to the Company’s share repurchase programs.

Deferred Compensation

Deferred compensation liability was $8.0 million, for which timing of future benefit payments to employees is not determinable. To offset this liability, we have purchased life insurance policies on some of the participants. The Company is the owner and beneficiary of the policies and the cash values are intended to produce cash needed to help make the benefit payments to employees when they retire or otherwise leave the Company. The cash surrender value of the life insurance policies for deferred compensation was $8.1 million.

Income Taxes

We have an uncertain tax position liability of $5.9 million as of March 31, 2023, for which timing of expected payments is not determinable.

Off-Balance Sheet Arrangements

During the year ended March 31, 2023, we did not have any relationships with unconsolidated organizations, financial partnerships, or special purpose entities that would have been established for the purpose of facilitating off-balance sheet arrangements or other limited purposes.

Recent Accounting Pronouncements

Refer to Note 2, “Summary of Significant Accounting Policies” of our notes to consolidated financial statements included elsewhere in this Report for a discussion of recently issued accounting pronouncements.

Critical Accounting Policies and Estimates

The discussion and analysis of our consolidated financial statements and results of operations is based upon our consolidated financial statements, which have been prepared in accordance with accounting principles generally accepted in the United States of America ("GAAP"). The preparation of these consolidated financial statements requires us to make estimates and judgments that affect our reported amounts of assets, liabilities, revenue and expenses, and related disclosures. We base our assumptions, estimates and judgments on historical experience, current trends, and other factors we believe to be reasonable under the circumstances, and we evaluate these estimates on an ongoing basis. On a regular basis, we review the accounting policies and update our assumptions, estimates, and judgments, as needed, to ensure that our consolidated financial statements are presented fairly and in accordance with GAAP. Actual results could differ materially from our estimates under different assumptions or conditions. To the extent that there are material differences between our estimates and actual results, our financial condition or results of operations will be affected.

Our significant accounting policies, as described in Note 2, “Summary of Significant Accounting Policies” of our notes to consolidated financial statements included elsewhere in this Report, should be read in conjunction with management’s discussion and analysis of financial condition and results of operations. We believe that the following accounting policies are the most critical to aid in fully understanding and evaluating our reported financial results because application of such policies require significant judgment regarding the effects of matters that are inherently uncertain and that affect our consolidated financial statements.

Revenue Recognition

Application of the revenue recognition guidance requires a significant amount of judgments and estimates, which may impact the amount and timing of revenue recognition and related disclosures. Refer to Note 3, "Revenue from Contracts with Customers" of our notes to consolidated financial statements included elsewhere in this Report for additional information regarding our revenue recognition policies, significant judgments, and estimates.

Table of Contents

Software Development Costs

Software development costs, consisting primarily of employee salaries and benefits and certain third party costs, incurred in the development of new software solutions and enhancements to existing software solutions for external sale are expensed as incurred, and reported as net research and development costs in the consolidated statements of net income and comprehensive income, until technological feasibility has been established. After technological feasibility is established, the incremental software development costs are capitalized until general release occurs. Amortization of capitalized software begins upon general release and is recorded on a straight-line basis over the estimated economic life of the related product, which is typically three years. The total of capitalized software costs incurred in the development of products for external sale are reported as capitalized software costs within our consolidated balance sheets.

We also incur costs related to the development of software applications for our internal-use and for the development of software-as-a-service ("SaaS") based solutions sold to our clients. The development costs of our SaaS-based solutions are considered internal-use for accounting purposes. Our internal-use capitalized development costs are stated at cost and amortized on a straight-line basis over the estimated useful lives of the assets, which is typically three years. Application development stage costs generally include costs associated with internal-use software configuration, coding, installation and testing. Costs related to the preliminary project stage and post-implementation activities are expensed as incurred. Costs of significant upgrades and enhancements that result in additional functionality are also capitalized, whereas costs incurred for maintenance and minor upgrades and enhancements are expensed as incurred. Capitalized software costs for the development of SaaS-based solutions are reported as capitalized software costs within our consolidated balance sheets and capitalized software costs for the development of our internal-use software applications are reported as equipment and improvements within our consolidated balance sheets.

We periodically reassess the estimated economic life and the recoverability of our capitalized software costs. If we determine that capitalized amounts are not recoverable based on the expected net cash flows to be generated from sales of the applicable software solutions, the amount by which the unamortized capitalized costs exceed the net realizable value is written off as a charge to earnings. The net realizable value is estimated as the expected future gross revenues from that product reduced by the estimated future costs of completing and disposing of that product, including the costs of performing maintenance and client support required to satisfy our responsibility at the time of sale. In addition to the assessment of net realizable value, we review and adjust the remaining estimated lives of our capitalized software costs, if necessary. We also perform a periodic review of our software solutions and dispose of fully amortized capitalized software costs after such products are determined to no longer be used by our clients.

Although we currently believe that our approach to estimates and judgments as described herein is reasonable, actual results could differ and we may be exposed to increases or decreases in revenue that could be material.

Business Combinations

In accordance with the accounting for business combinations, we allocate the purchase price of the acquired business to the tangible and intangible assets acquired and liabilities assumed based on their estimated fair values as of the acquisition date. The fair values of acquired assets and liabilities assumed represent our best estimate of fair value. The estimated fair value of the acquired tangible and intangible assets and liabilities assumed were determined using multiple valuation approaches depending on the type and nature of tangible or intangible asset acquired, including but not limited to the income approach, the excess earnings method and the relief from royalty method approach. The purchase price allocation methodology contains uncertainties as it requires us to make assumptions and to apply judgment to estimate the fair value of acquired assets and liabilities, including, but not limited to, intangible assets, goodwill, and contingent consideration liabilities. We estimate the fair value of the contingent consideration liabilities based on our projection of expected results, as needed. Unanticipated events or circumstances may occur which could affect the accuracy of our fair value estimates, including assumptions regarding industry economic factors and business strategies. We expect to finalize the purchase price allocation as soon as practicable within the measurement period, but not later than one year following the acquisition date. Any adjustments to fair value subsequent to the measurement period are reflected in the consolidated statements of net income and comprehensive income.

Goodwill

Goodwill acquired in a business combination is measured as the excess of the purchase price, or consideration transferred, over the net acquisition date fair values of the assets acquired and the liabilities assumed. Goodwill is not amortized as it has been determined to have an indefinite useful life.

We test goodwill for impairment annually during our first fiscal quarter, referred to as the annual test date. We will also test for impairment between annual test dates if an event occurs or circumstances change that would indicate the carrying amount may be impaired. Impairment testing for goodwill is performed at a reporting-unit level, which is defined as an operating segment or one level below an operating segment (referred to as a component). We operate as one segment and have a single reporting unit. The measures evaluated by our chief operating decision maker ("CODM"), consisting of our Chief Executive Officer, to assess company performance and make decisions about the allocation of resources include consolidated revenue and consolidated operating results.

Table of Contents

As part of our annual goodwill impairment test, we may elect to first assess qualitative factors to determine whether it is more likely than not that the fair value of our single reporting unit is less than its carrying amount. We assess events or changes in circumstances in totality, including macroeconomic and industry conditions, market and competitive environment, changes in customers or customer mix, cost factors, loss of key personnel, significant changes in legislative environment or other legal factors, changes in the use of our acquired assets, changes in our strategic direction, significant changes in projected future results of operations, changes in the composition or carrying amount of our net assets, and changes in our stock price. Based on our assessment, if we conclude that it is more likely than not that the fair value of the reporting unit is less than its carrying amount, then additional impairment testing is not required. Otherwise, if we determine that a quantitative impairment test should be performed, we then evaluate goodwill for impairment by comparing the estimated fair value of the reporting unit with its book value, including goodwill. If the estimated fair value exceeds book value, goodwill is considered not to be impaired and no additional steps are necessary. If, however, the fair value of the reporting unit is less than book value, then an impairment charge is recorded for the difference between the reporting unit’s fair value and carrying amount, not to exceed the carrying amount of the goodwill.

During the quarter ended June 30, 2022, we performed a qualitative assessment, which indicated that it was more likely than not that the fair value of goodwill exceeded its net carrying value and, therefore, additional impairment testing was not deemed necessary. We also did not identify any events or circumstances that would require an interim goodwill impairment test.

Application of the goodwill impairment test required significant judgment, including the identification of reporting units and determination of the fair value of the reporting unit. We determined the fair value of our reporting unit utilizing the average of two valuation methods, consisting of the income approach (based upon estimates of future discounted cash flows for the reporting unit) and a market comparable approach (based upon valuation multiples of companies that operate in similar industries with similar operating characteristics). The cash flows used to determine fair value under the income approach required significant judgments and represent Management's best estimates of projected operating results, terminal and long-term growth rates of our business, useful life over which cash flows will occur, and our weighted average cost of capital, that are dependent on a number of significant assumptions based on historical experience, expectations of future performance, and the expected macroeconomic environment, which are subject to change given the inherent uncertainty in predicting future results. We also considered our stock price and market capitalization as a corroborative step in assessing the reasonableness of the fair values estimated for the reporting unit as part of the goodwill impairment assessment.

The estimates used to calculate the fair value of a reporting unit changes from year to year based on operating results, market conditions, and other factors. Changes in these estimates and assumptions could materially affect the determination of fair value and goodwill impairment for the reporting unit. We currently also do not believe there is a reasonable likelihood that there will be a material change in the future estimates or assumptions we used to test for impairment losses on goodwill. However, if actual results are not consistent with our estimates or assumptions, we may be exposed to future impairment charges that could be material.

Refer to Note 9, "Goodwill" of our notes to consolidated financial statements included elsewhere in this Report for additional information regarding our goodwill policies, significant judgments, and estimates.

Intangible Assets

Intangible assets consist of trade names, customer relationships, re-acquired rights, data health database, and software technology, all of which are associated with our business acquisitions.

The intangible assets are recorded at fair value and are reported net of accumulated amortization. We currently amortize the intangible assets over periods ranging from 3 to 11 years using a method that reflects the pattern in which the economic benefits of the intangible asset are consumed. We assess the recoverability of intangible assets at least annually or whenever adverse events or changes in circumstances indicate that impairment may have occurred. Impairment is deemed to have occurred if the future undiscounted cash flows expected to result from the use of the related assets are less than the carrying value of such assets, and a loss is recognized to reduce the carrying value of the intangible assets to fair value, which is determined by discounting estimated future cash flows. In addition to the impairment assessment, we routinely review the remaining estimated lives of our intangible assets and record adjustments, if deemed necessary.

Although currently we believe that our approach to estimates and judgments as described herein is reasonable, actual results could differ and we may be exposed to decreases in the fair value of our intangible assets, resulting in impairment charges that could be material. We test intangible assets for impairment if we believe indicators of impairment exist.

Table of Contents

Share-Based Compensation

We record share-based compensation related to share-based awards granted under equity incentive plans.

Share-based compensation expense associated with restricted stock awards is estimated using the closing share price of the common stock on the date of grant. Share-based compensation expense associated with performance stock awards that contain market conditions is based on the grant date fair value estimated using a Monte Carlo-based valuation model. Share-based compensation expense associated with performance stock awards that contain performance conditions are estimated using a probability-adjusted achievement rate combined with the closing share price of the common stock on the date of grant.

Share-based compensation expense is recognized as expense over the requisite service period in our consolidated statements of net income and comprehensive income.

We currently do not believe there is a reasonable likelihood there will be a material change in the future estimates or assumptions we use to determine share-based compensation expense. However, if actual results are not consistent with our estimates or assumptions, we may be exposed to changes in share-based compensation expense that could be material.

See Note 16, “Stockholders' Equity,” of our notes to consolidated financial statements included elsewhere in this Report for a complete discussion of our stock-based compensation plans and our accounting policies, significant judgments, and estimates.

Reserves on Accounts Receivable

We maintain reserves for estimated potential sales returns and allowances for credit losses on our accounts receivable. Accounts receivable are reported net of an allowance for credit losses on our consolidated balance sheets.

Our standard contracts generally do not contain provisions for clients to return products or services. However, we historically have accepted sales returns under limited circumstances. We estimate expected sales returns and other forms of variable consideration considering our customary business practice and contract-specific facts and circumstances, and we consider such estimated potential returns as variable consideration when allocating the transaction price to the extent it is probable that there will not be a significant reversal of cumulative revenue recognized.

Allowance for credit losses are reserves related to estimated losses resulting from our clients’ inability to make required payments are established based on our assessment of the collectability of client accounts, including review of our historical experience of bad debt expense and the aging of our accounts receivable balances, net of specifically reserved accounts and amounts billed prior to revenue recognition. Specific reserves are based on our estimate of the probability of collection for certain accounts. As part of our assessment of the adequacy of the allowance for credit losses, we consider a number of factors including, but not limited to, historical credit loss experience and adjustments for certain asset-specific risk characteristics, such as bankruptcy filings, internal assessments of client credit quality, age of the client receivable balances, review of major third-party credit-rating agencies, and evaluation of external factors such as economic conditions, including the potential impacts of the COVID-19 pandemic, that may affect a client’s ability to pay, or other client-specific factors. Accounts are written off as uncollectible only after we have expended extensive collection efforts.

If a major client’s creditworthiness or financial condition were to deteriorate, if actual defaults are higher than our historical experience, or if other circumstances arise, our estimates of the recoverability of amounts due to us could be overstated, and additional reserves or allowances could be required, which could have an adverse impact on our operating results. Although we currently believe that our approach to estimates and judgments as described herein is reasonable, actual results could differ and we may be exposed to increases or decreases in required reserves that could be material.

See Note 4, “Accounts Receivable,” of our notes to consolidated financial statements included elsewhere in this Report for additional information.

Table of Contents

Leases

Our leasing arrangements are reflected on the balance sheet as right-of-use assets and liabilities pertaining to the rights and obligations created by the leased assets. We determine whether an arrangement is a lease at inception and classify it as finance or operating. All of our existing material leases are classified as operating leases. Our leases do not contain any residual value guarantees.

Right-of-use lease assets and corresponding lease liabilities are recognized at commencement date based on the present value of lease payments over the expected lease term. Since the interest rate implicit in our lease arrangements is not readily determinable, we determine an incremental borrowing rate for each lease based on the approximate interest rate on a collateralized basis with similar remaining terms and payments as of the lease commencement date to determine the present value of future lease payments. Our lease terms may include options to extend or terminate the lease. Currently, it is not reasonably certain that we will exercise those options and therefore, we utilize the initial, noncancelable, lease term to calculate the lease assets and corresponding liabilities for all our leases. We have certain insignificant short-term leases with an initial term of twelve months or less that are not recorded in our consolidated balance sheets. Operating right-of-use lease assets are classified as operating lease assets on our consolidated balance sheets.

Our lease agreements generally contain lease and non-lease components. Non-lease components primarily include payments for maintenance and utilities. We have applied the practical expedient to combine fixed payments for non-lease components with our lease payments for all of our leases and account for them together as a single lease component, which increases the amount of our lease assets and corresponding liabilities. Payments under our lease arrangements are primarily fixed, however, certain lease agreements contain variable payments, which are expensed as incurred and not included in the operating lease assets and liabilities.

Operating lease costs are recognized on a straight-line basis over the lease term and included as a selling, general and administrative expense in the consolidated statements of net income and comprehensive income.

Refer to Note 7, "Leases" of our notes to consolidated financial statements included elsewhere in this Report for additional information.

Table of Contents