Item 1A.
Risk Factors
Risks Relating to our Operations and Service Offering
We operate in a highly competitive industry, and our current or future competitors may be able to compete more effectively than we do, which could have a material adverse effect on our operating results, growth rates and market share.
The market for our solutions is and will continue to be highly competitive. The rapid changes in the U.S. healthcare market resulting from pressures to reduce healthcare cost inflation and regulatory and legislative initiatives are increasing the level of competition. We face competition from internal RCM departments and external participants. External participants that are our competitors include end-to-end RCM providers, software vendors and other technology-supported RCM business process outsourcing companies, traditional consultants, and information technology outsourcers. Our competitors may be able to respond more quickly and effectively than we can to new or changing opportunities, technologies, standards, regulations, or customer requirements. We may not be able to compete successfully with these companies, and these or other competitors may introduce technologies or services that render our technologies or services obsolete or less marketable. Even if our technologies and services are more effective than the offerings of our competitors, our competitors may offer similar solutions at a lower price, which may cause our customers to choose our competitors’ solutions over ours. Increased competition is likely to result in pricing pressures, which could adversely affect our operating results, growth rate, or market share. Even if we have a good relationship and strong performance history with the customer, open and competitive bidding practices mean we may not be awarded the renewal business or may have to aggressively price our services to be successful.
The markets for our RCM service offering may develop more slowly than we expect.
Our success depends, in part, on the willingness of healthcare organizations to implement integrated solutions for the areas in which we provide services. Some organizations may be reluctant or unwilling to implement our solutions for a number of reasons, including failure to perceive the need for improved revenue cycle operations, lack of knowledge about the potential benefits our solutions provide, concerns over the cost of using an external solution, or as a result of investments or planned investments in internally developed solutions, choosing to continue to rely on their own internal resource.
Delayed or unsuccessful implementation of our technologies or services with our customers or implementation costs that exceed our expectations may adversely affect our operating results.
In periods during which we add new customers, our operating costs are typically higher because we incur expenses to integrate our solutions with our customers’ existing patient accounting and clinical systems. The implementation process varies from customer to customer, and we may face unanticipated challenges, including failure to obtain approvals or access rights from our customers’ vendors in a timely manner or at all. If the implementation process is not executed successfully or is delayed, our relationships with our customers and our operating results may be adversely affected. Implementation of our solutions also requires us to integrate our employees into the customer’s operations. Depending on our customers’ implementation needs, we may be required to devote a larger number of our employees than anticipated, which may increase our costs and adversely affect operating results.
We may be liable to our customers or third parties if errors occur during the provision of our services, or if we fail to maintain high service levels, our anticipated net services revenue may be lower.
The services we offer are complex and involve numerous manual and automated touchpoints with patients, providers and payers, which inherently creates a higher error risk. Errors can result from the interface of our proprietary technology applications and a customer’s existing technologies or we may make human errors in any aspect of our service offerings. The costs incurred in correcting any significant errors may be substantial and could adversely affect our operating results. Our customers, or third parties such as our customers’ patients, may assert claims against us alleging that they suffered damages due to our errors, and such claims could subject us to significant legal defense costs in excess of our existing insurance coverage and adverse publicity regardless of the merits or eventual outcome of such . In addition, if we are to maintain high service levels and our customers to agreed upon in financial or operating metrics, the incentive fee payments to us from such customers may be lower than anticipated.
Our business operations currently include the collection, on behalf of our customers, of medical co-pays and other payments that are due to our customers from their patients. This business practice has been perceived negatively by the public and this negative perception has adversely affected and may continue to adversely affect our business, operating results, and financial condition.
We currently collect, on behalf of our customers, medical co-pays and other non-defaulted payments that are due to our customers from their patients, pursuant to managed services agreements with our customers. Collection of these payments from patients may become a more significant part of our RCM services as industry trends continue to increase patient responsibility as a percentage of total compensation to healthcare providers. This business practice, which has been negatively perceived by the public, has made it more difficult to retain existing customers and attract new customers, extended the time it takes to enter into service agreements with new customers, and resulted, and may continue to result, in a material adverse effect on our business, operating results, and financial condition.
Negative public perception and proposed legislation in the United States regarding offshore outsourcing may increase the cost of delivering our services.
Offshore outsourcing is a politically sensitive topic in the United States. For example, various organizations and public figures in the United States have expressed concern about a perceived association between offshore outsourcing providers and the loss of jobs in the United States. Current or prospective customers may elect to perform such RCM services themselves or may be discouraged from transferring these services from onshore to offshore providers to avoid negative perceptions that may be associated with using an offshore provider. Any slowdown or reversal of existing industry trends towards offshore outsourcing would increase the cost of delivering our services if we had to relocate aspects of our services from our global business services operations to the United States, where operating costs are higher.
In the United States, federal and state legislation has been proposed, and in several states enacted, to restrict or discourage U.S. companies from outsourcing their services to companies outside the United States. Further, through rule making or executive action, some states have imposed limitations on offshore outsourcing of administrative services for the Medicaid program. It is possible that additional legislation could be enacted or regulatory guidance issued that would restrict U.S. private sector companies that have federal or state government contracts, or that receive government funding or reimbursement, such as Medicare or Medicaid payments, from outsourcing their services to offshore service providers. Any changes to existing laws or the enactment of new legislation restricting offshore outsourcing in the United States may adversely affect our ability to do business, particularly if these changes are widespread, and could have a material adverse effect on our business, operating results, financial condition, and cash flows.
Risks Relating to our Customers
If we are unable to retain our existing customers or acquire new customers, our operating results could be adversely affected.
Our future financial performance depends in part upon the retention of our customers and our ability to acquire new customers. We earn net services revenue primarily from managed services agreements pursuant to which we receive performance-based fees. Our profitability on customer agreements increases over time, as we integrate our systems, processes, and procedures with our customers. Customers can elect not to renew their managed services agreements with us upon expiration. Certain customer agreements permit early termination for convenience, subject to a notice period. If a customer does not renew or terminates a managed services agreement for any reason, we may not recognize sufficient revenue from that customer prior to the non-renewal or termination to offset the implementation costs associated with that customer.
Some of our managed services agreements require us to adhere to extensive, complex data security, network access, and other institutional procedures and requirements of our customers, and we cannot guarantee that some of our customers will not allege that we have not complied with all such procedures and requirements. Factors external to us and beyond our control, including but not limited to cyber attacks, failures of a contracted vendor, or regulatory changes, may cause a failure to perform under a contract. If a breach of a managed services agreement occurs or there is an actual or perceived service level performance failure, we may be liable to the customer for damages or may need to allocate additional resources or incur additional costs to resolve the breach that has arisen, and either we or the customer may generally terminate an agreement for a material uncured breach by the other.
Increasing consolidation within the healthcare provider industry may also make it more difficult for us to acquire new customers and retain existing customers, as consolidated healthcare systems may be more likely to have incumbent revenue cycle management providers or significant internal revenue cycle capabilities. For example, certain of our smaller customers have been acquired by larger healthcare systems and ceased to be customers.
We face a selling cycle of variable length to secure new RCM operating partner agreements, making it difficult to predict the timing of specific new customer relationships and related revenue.
We face a selling cycle of variable length, typically spanning six to 18 months or longer, to secure a new managed services agreement. Even if we succeed in developing a relationship with a potential new customer, we may not be successful in entering into a managed services agreement with that customer. In addition, we cannot accurately predict the timing of entering into managed services agreements with new customers due to the complex procurement decision processes of most healthcare providers, which often involves high-level management or board committee approvals. Due to our variable selling cycle length, we have only a limited ability to predict the timing of specific new customer relationships, which affects our ability to predict future revenues and cash flows.
The imposition of legal responsibility for obligations related to our customers’ employees could adversely affect our business and subject us to liability.
Under our co-management model, we work with customers’ employees engaged in the activities included in the scope of our services. Our co-management model agreements establish the division of responsibilities between us and our customers for various personnel management matters, including compliance with and liability under various employment laws and regulations. We could, nevertheless, be found to have liability with our customers for actions against or by employees of our customers, including under various employment laws and regulations, such as those relating to discrimination, retaliation, wage and hour matters, occupational safety and health, family and medical leave, notice of facility closings and layoffs and labor relations, and any such liability could result in a material adverse effect on our business.
Risks Relating to our Cybersecurity and Technology
If our information technology security measures are breached or fail, resulting in unauthorized access to customer data, our service may be perceived as not being secure, which could impact our ability to attract new customers, cause a loss of revenues from current customers due to penalties or contract termination, or cause us to incur significant liabilities.
Our services involve the storage and transmission of customers’ proprietary information and protected health, financial, payment, and other personal information of patients. We rely on proprietary and commercially available systems, software, tools, and monitoring, as well as other processes, to provide security for processing, transmission, and storage of such information. Due to the sensitivity of this information, the effectiveness of such security efforts is very important. If our security measures are breached or fail as a result of third-party action, employee error, malfeasance, or otherwise, someone may be able to obtain unauthorized access to customer or patient data. Improper activities by third parties, advances in computer and software capabilities and encryption technology, new tools and discoveries, and other events or developments may facilitate or result in a compromise or breach of our computer systems. Techniques used to obtain unauthorized access or to sabotage systems change frequently and generally are not recognized until launched a target, and we may be to anticipate these techniques or to implement adequate preventive measures. Our security measures may not be in these types of activities, and the information technology security measures of our third-party data centers and service providers may not be adequate.
To date, cyber attacks have not had a material impact on our business, operating results, or financial condition; however, we could suffer material losses in the future as a result of cyber attacks, and we are not able to predict the severity of these attacks. Our risk and exposure to these matters remains heightened because of, among other things, the evolving nature of these threats, the ongoing shortage of qualified cyber security professionals, and the interconnectivity and interdependence of third parties to our systems. The occurrence of a cyber attack, breach, unauthorized access, misuse, computer virus or other malicious code, or other cyber security event could jeopardize or result in the unauthorized disclosure, gathering, monitoring, misuse, corruption, , or of confidential information that belongs to us or our customers or PHI that is processed and stored in, and transmitted through, our computer systems and networks. The occurrence of such an event could also result in to our software, computers, or systems, or otherwise cause or in our, our customers’, or third parties’ operations. If a of our information technology security occurs, we could face for contract , for of applicable laws or regulations, possible lawsuits by individuals affected by the , and significant remediation costs and efforts to prevent future occurrences. Although we currently carry insurance coverage to protect ourselves some of these risks, our to continue to obtain such insurance coverage at reasonable costs could also have a material effect on us. In addition, whether there is an actual or a perceived of our information technology security, the market perception of the effectiveness of our security measures could be and we could current or potential customers.
Disruptions in service or damage to our global business services centers or third-party operated data centers could adversely affect our business.
Our global business services centers and third-party operated data centers are essential to our business. Our operations depend on the availability of our global business service centers and their operating effectiveness in maintaining and protecting our applications, which are located in data centers that are operated and controlled by third parties. In addition, our information technologies and systems, as well as our data centers and global business services centers, are vulnerable to damage or interruption from various causes, including (1) natural disasters, war, acts of terrorism, and public health events, including the COVID-19 pandemic, and (2) power losses, computer systems failures, internet and telecommunications or data network failures, operator error, losses of and corruption of data, and similar events. We have a business continuity plan and maintain insurance against fires, floods, other natural disasters, and general business to mitigate the effects of a , relocation, or change in operating environment at one of our data centers or global business services centers, but the situations we plan for and the amount of insurance coverage we maintain may not be adequate in every case. In addition, the occurrence of any of these events could result in , , or cessations in service to our customers, or in , , or cessations in the direct connections we establish between our customers and payers. Any of these events could or inhibit our ability to provide our services, reduce the of our services to current or potential customers, and affect our financial condition and operating results.
In addition, despite the implementation of security measures, our infrastructure, data centers, global business services centers, or systems that we interface with, including the internet and related systems, may be vulnerable to physical break-ins, improper employee or contractor access, programming errors, computer viruses, malicious code, phishing attacks, denial-of-service attacks, or other cyber attacks and information security threats by third parties seeking to disrupt operations or misappropriate information or similar physical or electronic breaches of security. Any of these can cause system failure, including network, software, or hardware failure, which can result in service disruptions. As a result, we may be required to expend significant capital and other resources to protect security and hackers or to alleviate caused by such .
Risks Relating to our Employees
If we are unable to attract, hire, integrate, and retain key personnel and other necessary employees, our business could be harmed.
Our future success depends in part on the continued contributions of our executive officers and other key personnel, each of whom may be difficult to replace. The loss of services of any of our executive officers or key personnel, or the inability to continue to attract qualified personnel, could have a material adverse effect on our business.
To manage potential future growth, we will need to hire, integrate, and retain highly skilled and motivated employees, and will need to work effectively with a growing number of customer employees engaged in revenue cycle operations. Competition for the caliber and number of employees we require is intense. We may face difficulty identifying and hiring qualified personnel at compensation levels consistent with our existing compensation and salary structure. In addition, we invest significant time and expense in training each of our employees, which increases their value to competitors who may seek to recruit them. Under the terms of our operating partner model agreements, we expect to transition a significant number of our customers’ revenue cycle management employees to our employment. We may experience difficulties in integrating and retaining these employees. We employ a significant number of personnel internationally and expect continued international growth. Significant growth in the technology sector in India has increased competition to attract and retain skilled employees and has led to a commensurate increase in compensation expense. If we fail to retain our employees, we could incur significant expenses in hiring, integrating, and training their replacements, and the quality of our services and our ability to serve our customers could diminish, resulting in a material adverse effect on our business.
Our growing global business services operations expose us to risks that could have a material adverse effect on our operating costs.
Our reliance on an international workforce exposes us to business disruptions caused by the political and economic environment in those regions. Terrorist attacks and acts of violence or war may directly affect our facilities and workforce or contribute to general instability. Our global business services operations require us to comply with local laws and regulatory requirements, which are complex and of which we may not always be aware, and expose us to foreign currency exchange rate risk. Our global business services operations may also subject us to trade restrictions, reduced or inadequate protection for intellectual property rights, security breaches, and public health events, including the COVID-19 pandemic, and other factors that may adversely affect our business. Negative developments in any of these areas could increase our operating costs or otherwise harm our business.
Risks Related to Ascension and the Transaction
Healthcare providers affiliated with Ascension currently account for a significant portion of our net services revenue. The early termination of our A&R MPSA with Ascension would have a material adverse effect on our business, operating results, and financial condition.
Healthcare providers affiliated with Ascension have accounted for a significant portion of our net services revenue each year since our formation. In 2021, 2020, and 2019, net services revenue from healthcare providers affiliated with Ascension represented 61%, 64%, and 67% of our total net services revenue, respectively. The early termination of the A&R MPSA or a reduction in our fees due to reduced business at Ascension or a contract renewal or renegotiation could have a material adverse effect on our business, operating results, and financial condition.
Our agreement with Ascension requires us to offer to Ascension service fees that are at least as low as the fees we charge any other customer receiving comparable services at comparable or lower volumes.
Our A&R MPSA with Ascension requires us to offer to Ascension's affiliated healthcare providers fees for our services that are at least as low as the fees we charge any other customer receiving comparable services at lower volumes. If we were to charge lower service fees to any other customer receiving comparable services at lower volumes, we would be obligated to charge such lower fees to the hospital systems affiliated with Ascension effective as of the date such lower charges were first implemented for such other customer. If we offer customers lower rates as discussed above, it could have a material adverse effect on our operating results and financial condition.
The Investor, an affiliate of TowerBrook and Ascension, is a significant shareholder in R1 and may have conflicts of interest with us or other stockholders in the future.
The total shares issued to the Investor represent 50% of the voting power of our stockholders as of February 15, 2022. The Investor also owns a warrant to acquire up to 40.5 million shares of our common stock. As a result of this ownership, so long as certain ownership thresholds are met, the Investor, among other things, has the right to nominate a majority of the members of our Board and has a consent right over certain corporate actions, including any amendment of the A&R MPSA, the incurrence of indebtedness in excess of $100.0 million, the acquisition of any assets or properties in excess of $100.0 million or the making of any capital expenditures in excess of $25.0 million, the approval of our annual budget, and the hiring or termination of our chief executive officer.
The interests of the Investor and its affiliates may differ from our other stockholders in material respects. For example, the Investor may have an interest in pursuing acquisitions, divestitures, financings, or other transactions that, in their judgment, could enhance their equity investments, even though such transactions might involve risks to other stockholders. Additionally, Ascension is an affiliate of the Investor and as our largest customer their interests may differ from other stockholders’ interests. The Investor, its affiliates, and its advisors are also in the business of making or advising on investments in companies, and may from time to time in the future, acquire interests in, or provide advice to, businesses that directly or indirectly compete with certain portions of our business or are suppliers or customers of ours. They may pursue acquisition opportunities that may be complementary to our business and, as a result, those acquisition opportunities may not be available to us. Due to the Investor’s ownership level, certain actions of the Investor or its affiliates could negatively impact our stock price. Other stockholders should consider that the interests of the Investor or its affiliates may differ from theirs in material respects.
Risks Related to our Business
The COVID-19 pandemic could continue to negatively affect our business, operating results, and financial condition.
COVID-19 continues to be characterized as a pandemic by the World Health Organization and has been deemed a Public Health Emergency in the U.S. since January 30, 2020. Despite the availability of vaccines, the emergence of new virus variances and surges in cases and hospitalizations have required international, federal, state and local governments to continuously update certain restrictions on businesses and travel, and future changes or elimination of such restrictions cannot be predicted with certainty. These measures continue to impact our workforce and operations and the operations of our customers. These impacts continue to include the need for personal protective equipment and other protective measures for front-line employees and work-from-home arrangements. Additionally, we have seen declines in patient volumes, which reflects the response of many patients and providers to governmental restrictions, economic impacts, and concerns regarding the spread of the virus in which elective procedures and physician visits have been delayed or cancelled. While patient volumes have generally returned to pre-COVID levels, we cannot be certain of the impact of future surges in cases or restrictions.
Restrictions on our employees’ ability to travel could affect our ability to sell or onboard certain services. We have a large number of employees now working remotely, and such arrangements may involve increased use of public Wi-Fi and use of office equipment off premises, which may make our business more vulnerable to cybersecurity incidents or breach attempts. In addition, we have a significant number of personnel in India, which has implemented strict travel restrictions that could impair our ability to manage day-to-day service delivery for our customers, which could result in, among other things, losses of revenue or breaches of our customer contracts if a large number of personnel were unable to work at the same time. Further, reductions in patient volumes may cause our customers to have a reduced need for our personnel on site to manage their RCM activities, which may lead to us incurring additional costs to maintain our staffing levels.
Adverse impacts to our customers’ businesses as a result of the COVID-19 pandemic could cause delays in, or limit customers’ ability to, make timely payments to us, which could adversely affect our operating results and liquidity. The COVID-19 pandemic has also significantly increased economic and demand uncertainty and has led to disruption and volatility in the global capital markets, which can increase the cost of capital and adversely impact our ability to access capital.
These and other impacts of the COVID-19 pandemic could have the effect of heightening many of the other risks described in this “Risk Factors” section. The extent to which COVID-19 will ultimately impact our business, operating results, and liquidity will depend on future developments, which are highly uncertain and cannot be predicted, including new information which may emerge concerning the severity and duration of the COVID-19 pandemic, travel restrictions, business closures or business disruption, and the actions taken throughout the world, including in our markets, to contain COVID-19 or treat its impact. In addition, we may not be able to respond to all of the developments of the COVID-19 pandemic in a timely manner to prevent near- or long-term adverse impacts to our results. As a result of these factors, the COVID-19 pandemic may have a material adverse effect on our business, operating results, financial condition, and cash flows.
We may fail to realize the success of strategic initiatives and other investments.
The anticipated benefits of acquisitions, strategic initiatives, and other investments will depend on, among other things, our ability to realize anticipated synergies, cost savings, and operational benefits of corresponding activity, which benefits are subject to, among others, the following risks:
• the incurrence of additional indebtedness in connection with the financing of an acquisition may have an adverse effect on our liquidity;
• we may fail to retain key employees of the acquired company;
• we may be unable to successfully integrate personnel from acquired companies, while at the same time attempting to provide consistent, high quality services;
• we may fail to realize the anticipated synergies and cost savings we expect from an acquisition;
• future developments may impair the value of our purchased goodwill or intangible assets;
• we may face difficulties establishing, integrating, or combining operations and systems;
• we may face challenges retaining the customers of an acquired business;
• we may encounter unforeseen internal control, regulatory or compliance issues; and
• we may face other additional risks relating to regulatory matters, legal proceedings, or tax laws or positions.
If any of these risks occur, we may not be able to realize the anticipated benefits of an acquisition, or they may take longer to realize than expected. The integration process could result in the distraction of our management, the disruption of our ongoing business, or inconsistencies in our services, standards, controls, procedures, and policies, any of which could adversely affect our ability to maintain relationships with customers, vendors, and employees or to achieve the anticipated benefits of an acquisition, or could otherwise adversely affect our business and operating results.
On January 9, 2022, we entered into a definitive agreement to acquire Cloudmed, a leader in Revenue Intelligence™ solutions for healthcare providers, in exchange for shares of common stock equal to approximately 30% of the fully diluted shares of our common stock as of the date of the agreement on a pro forma basis, after giving effect to the acquisition. The total consideration is expected to be approximately $4.1 billion, inclusive of approximately $857 million in net debt, based on our closing stock price on January 7, 2022. Completion of the acquisition is subject to customary closing conditions, including complying with requests from governmental agencies, which could delay consummation of the acquisition. Further, the benefits of the acquisition will depend in part on the successful integration of Cloudmed’s business into our operations in a timely and efficient manner. In order to provide our customers with the same level of service after the acquisition closes, we will need to integrate our product lines and development organizations with those of Cloudmed. This may be difficult, unpredictable, and subject to delay because the businesses have been developed independently and were designed without regard to such integration.
In addition, we expect to incur significant acquisition costs associated with combining the operations of the two companies, which cannot be estimated accurately at this time. There can be no assurance that the conditions to the consummation of the acquisition will be satisfied or waived, that the acquisition will be completed, or, if consummated, that the expected benefits of the acquisition will be realized.
Since January 1, 2020, our common stock has traded at a price per share as high as $31.28 and as low as $7.12. Market prices for securities of companies that undergo significant acquisitions may be volatile. Our trading price may be highly volatile in the future and could be subject to wide fluctuations in response to various factors, including the announced acquisition of Cloudmed. See Note 23, Subsequent Event, to our consolidated financial statements for additional information regarding the acquisition of Cloudmed.
We have a substantial amount of indebtedness. The agreement that governs our indebtedness contains covenants that could impact our ability to perform certain transactions without obtaining pre-approval from our lenders.
We have a substantial amount of indebtedness because of our strategic initiatives. The loan agreement for this indebtedness contains certain customary representations and warranties, affirmative and negative financial covenants, indemnity obligations, and events of default. The amount of debt and related covenants could have significant consequences to us, including:
• affecting our ability to obtain additional financing, if necessary, for working capital, capital expenditures, acquisitions, or other purposes may be impaired or such financing may not be available on favorable terms, or at all;
• negative financial covenants contained in the debt agreement require us to meet financial tests that may affect our flexibility in planning for, and reacting to, changes in our business, including possible acquisition opportunities;
• a substantial portion of our cash flow is required to make principal and interest payments on our indebtedness, reducing the funds that would otherwise be available for operations and future business opportunities; and
• level of indebtedness makes us more vulnerable than our less leveraged competitors to competitive pressures or a downturn in our business or the economy generally.
Our ability to comply with the provisions of the debt agreement may be affected by events beyond our control. Failure to comply with these covenants could result in an event of default, which, if not cured or waived, could accelerate our debt repayment obligations.
Litigation could materially adversely affect our business, financial condition, operating results, and cash flows and cause reputational damage from the view of current and potential customers and shareholders.
We may in the future become subject to lawsuits, claims, audits, and investigations related to our business, which may lead to unfavorable publicity for us and could materially adversely affect our business, financial condition, operating results, and cash flows in various ways, including subjecting us to significant liability, resulting in significant settlement payments, or having a disruptive effect upon the operation of our business and consuming the time and attention of our senior management. In addition, we may incur substantial expenses in connection with these litigation matters, including substantial fees for attorneys. Although we maintain insurance that may provide coverage for some or all of these expenses, our insurers have rights under the policies to deny coverage under various policy exclusions. There is risk that the insurers will rescind the policies, that some or all claims will not be covered by such policies, or that, even if covered, our ultimate liability will exceed the available insurance.
We are unable to predict the outcome of pending legal actions. The ultimate resolutions of our pending litigation could have a material adverse effect on our operating results, financial condition or liquidity, and on the trading price of our common stock.
Regulatory Risks
The healthcare industry is heavily regulated. Our failure to comply with regulatory requirements could create liability for us, result in adverse publicity, and adversely affect our business.
The healthcare industry is heavily regulated and is subject to changing political, legislative, regulatory, and other influences. Many healthcare laws are complex, and their application to specific services and relationships may be unclear. In particular, many existing healthcare laws and regulations, when enacted, did not anticipate the services we provide. There can be no assurance that our operations will not be challenged or adversely affected by enforcement initiatives. Our failure to anticipate the application of these laws and regulations to our business, or any other failure to comply with regulatory requirements, could create liability for us, result in adverse publicity, and adversely affect the attractiveness of our services to existing customers and our ability to market new services. We are unable to predict what changes to laws or regulations might be made in the future or how those changes could affect our business or our operating costs.
If we violate HIPAA, the HITECH Act or state or foreign health information privacy laws, we may incur significant liabilities, and any such violations could make it more difficult to retain existing customers or attract new customers, extend the time it takes to enter into service agreements with new customers, or result in a material adverse effect on our business, operating results, and financial condition.
As described in Item 1 above, HIPAA contains substantial restrictions and requirements with respect to the use and disclosure of individuals’ PHI. Since the passage of the HITECH Act in 2009, enforcement of HIPAA violations has increased, as reflected by the announcement of a number of significant settlement agreements and sanctions by federal authorities, the pursuit of HIPAA violations by state attorneys general, and the roll-out of a new federal audit program for covered entities and business associates. HHS may resolve HIPAA violations through informal means, such as allowing a covered entity to implement a corrective action plan, but HHS also has the discretion to move directly to impose monetary penalties and is required to impose penalties for violations resulting from willful neglect. In addition to enforcement by HHS, state attorneys general may bring civil actions in response to violations of HIPAA privacy and security regulations and/or state privacy and security laws that threaten the privacy of state residents.
We and our customers also are subject to any federal or state privacy-related laws that are more restrictive than the privacy regulations issued under HIPAA. These laws vary and could impose additional penalties and subject us to additional privacy and security restrictions. In addition, legislation has been proposed or implemented at various times at both the federal and the state levels that would limit, forbid or regulate the use or transmission of medical information pertaining to U.S. patients outside of the United States. In addition, various states recently have enacted, and other states are considering, new laws and regulations concerning the privacy and security of consumer and other personal information. To the extent we are subject to such requirements, these laws and regulations often have far-reaching effects, may require us to modify our data processing practices and policies, may require us to incur substantial costs and expenses to comply, and may render our international operations impracticable or make them substantially more expensive. These laws and regulations often provide for civil penalties for violations, as well as a private right of action for data breaches, which may increase the likelihood or impact of data .
Along with state and federal laws, international laws may impact our operations. The GDPR, for example, imposes obligations on us as well as our customers, depending on the operations at issue. The GDPR and related international laws also may restrict how we can store, transfer, and process personal information of our customers’ patients and other data subjects. These laws are constantly changing, and may impact how we may transfer or store information in the U.S. or abroad.
We have implemented and maintain commercially reasonable physical, technical, and administrative safeguards intended to protect all personal data and have processes in place to assist us in complying with applicable laws and regulations regarding the protection of this data and properly responding to any security incidents or breaches. Nonetheless, a knowing breach of HIPAA’s requirements could expose us to criminal liability, and a breach of our safeguards and processes that is not due to reasonable cause or involves willful neglect could expose us to significant civil penalties and the possibility of civil litigation under HIPAA and applicable state law.
In addition, given the omnipresent threat of potential cybersecurity incidents or security breaches, we, or our customers, could be required to report such breaches to affected consumers or regulatory authorities, leading to disclosures that could damage our reputation or harm our business, financial position, and operating results. We have been the victim of theft of company property containing patient data in the past, and we may face similar incidents in the future. During the current COVID-19 pandemic, we have shifted many employees to work from home environments, which introduces additional risk surrounding theft of company property and access to PHI. Cybersecurity incidents or allegations of deficiencies regarding our data security practices could require us to change aspects of our business practices, make it more difficult to retain existing customers or attract new customers, extend the time it takes to enter into service agreements with new customers, or result in a material effect on our business, operating results, and financial condition.
Developments in the healthcare industry, including national healthcare reform, could adversely affect our business.
The healthcare industry has changed significantly in recent years and we expect this to continue. We are unable to predict each healthcare initiative that will be implemented at the federal or state level, or what the ultimate effect these initiatives may have on us. For example, changes to Medicare and Medicaid reimbursement are implemented periodically and may cause a reduction in the amounts received by our customers and may have an indirect adverse effect on our business.
In addition, healthcare reform is causing some payors to transition from volume to value-based reimbursement models, which can include risk-sharing, bundled payment, and other innovative approaches. While these models may provide us with opportunities to provide new or additional services (e.g., our value based reimbursement capabilities within our RCM service offering) and to participate in incentive-based payment arrangements, there can be no assurance that such new models and approaches will prove to be profitable to our customers or us. Further, new models and approaches may require investment by us to develop technology or expertise to offer necessary and appropriate services or support to our customers, and the amount of such investment and the timing for return of such investment are not fully known at this time. In addition, some of these new models are being offered as pilot programs and there is no assurance that they will continue or be renewed. Further, adoption of such new models and approaches may require compliance with a range of federal and state laws relating to fraud and abuse, insurance, reinsurance and managed care regulation, billing and collection, corporate practice of medicine, and licensing, among others. Many states in which these new value-based structures are being developed regulatory guidance or a well-developed body of law for these new models and approaches, or may not have updated their laws or enacted legislation yet to reflect the new healthcare reform models. As a result, although we have attempted to structure and conduct our operations in accordance with our interpretation of current laws and regulations, new and existing laws, regulations, or guidance could have a material effect on our current and future operations and could subject us to the risk of or our customer agreements and arrangements, as well as the risk of regulatory enforcement, , and sanctions if state enforcement agencies with our interpretation of state laws.
If we fail to comply with federal and state laws governing submission of false or fraudulent claims to government healthcare programs and financial relationships among healthcare providers, we may be subject to civil and criminal penalties or loss of eligibility to participate in government healthcare programs.
Healthcare is one of the largest industries in the country and one of the costliest line items in the federal budget. As a result, the health care industry continues to attract attention from legislators and regulators. As described in Item 1 above, a number of health care fraud and abuse laws, including but not limited to the AKS, FCA, Stark Law, and EMTALA, and their state counterparts, apply to hospitals, physicians, and others who (i) furnish health care services to patients and submit claims for reimbursement to government programs and/or commercial insurers, and (ii) refer patients to one another. Federal and state regulatory and law enforcement authorities continue to focus on enforcement activities with respect to Medicare and Medicaid fraud and abuse regulations and other healthcare reimbursement laws and rules in an effort to reduce overall healthcare spending.
These laws are complex, may change rapidly, and their application to our specific services and relationships may not be clear and may be applied to our business in ways we do not anticipate. New and evolving payment structures, for example, such as accountable care organizations and other arrangements involving combinations of healthcare providers who share savings, potentially implicate anti-kickback and other fraud and abuse laws. In addition, errors created by our proprietary applications or services that relate to entry, formatting, preparation, or transmission of claims, reporting of quality or other data pursuant to value-based purchasing initiatives, or cost report information may be alleged or determined to cause the submission of false claims or otherwise be in violation of these laws. Further, the continued growth of our coding and billing services provided from a global business services environment necessitates comprehensive monitoring and oversight of these services to promote quality control and regulatory compliance.
While we seek to structure our business relationships and activities to avoid any activity that could be construed to implicate federal and state fraud and abuse laws, we cannot assure you that our arrangements and activities will be deemed outside the scope of these laws or that increased enforcement activities will not directly or indirectly have a material adverse effect on our business, financial condition, or operating results. Any determination that we have violated any of these laws could, for example (i) subject us to civil or criminal penalties (ii) require us to change or terminate some portions of our operations or business (iii) disqualify us from providing services to healthcare providers doing business with government programs, (iv) give our customers the right to terminate our managed services agreements with them, and/or (v) require us to refund portions of our base fee revenues and incentive payment revenues, any of which could have a material effect on our business and operating results. Moreover, any by, and resulting or exclusions imposed upon, our customers could affect their financial condition and, in turn, have a material effect on our business and operating results. Finally, even absent an of the law by us, participants in the healthcare industry receive inquiries or to produce documents and provide testimony in connection with government . We could be required to expend significant time and resources to comply with these requests, and the attention of our management team could be by these efforts.
Our failure to comply with debt collection and other consumer protection laws and regulations could subject us to fines and other liabilities, which could harm our reputation and business, and could make it more difficult to retain existing customers or attract new customers, extend the time it takes to enter into service agreements with new customers, or result in a material adverse effect on our business, operating results, and financial condition.
Our business practices involve collecting or assisting our customers in collecting non-defaulted amounts owed by patients for current and prior services activities, which may subject us to the FDCPA. The FDCPA and the TCPA restrict the methods that we may use to contact and seek payment from consumer debtors regarding past due accounts. Many states impose additional requirements on debt collection practices, and some of those requirements may be more stringent than the federal requirements. Moreover, regulations governing debt collection are subject to changing interpretations that may be inconsistent among different jurisdictions. We could incur costs or could be subject to fines or other penalties under the TCPA, the FDCPA and the FTC Act if we are determined to have violated the provisions of those authorities during the course of conducting our operations. Any perceived breach of the FDCPA could result in us being required to change aspects of our business practices, make it more difficult to retain existing customers or attract new customers, extend the time it takes to enter into service agreements with new customers, or result in a material effect on our business, operating results, and financial condition.
We cannot be certain that governmental officials responsible for enforcing EMTALA, or other parties, will not assert that our customers are in violation of EMTALA, and defending and settling allegations of EMTALA violations could have a material adverse effect on our business even if we are ultimately not found to have contributed to such violations.
Although EMTALA is not directly applicable to us because we are not a Medicare participating hospital, we cannot be certain that governmental officials responsible for enforcing EMTALA, or other parties, will not assert that our customers are in violation of EMTALA. If our customers are found to have violated EMTALA, they may assert claims that our management practices contributed to the violation. Defending and settling allegations of EMTALA violations could have a material adverse effect on our business even if we ultimately are not found guilty of a violation.
Risks Related to Intellectual Property
We may be unable to adequately protect our intellectual property.
Our success depends, in part, upon our ability to establish, protect and enforce our intellectual property and other proprietary rights. If we fail to establish or protect our intellectual property rights, we may lose an important advantage in the market in which we compete. We rely upon a combination of patent, trademark, copyright and trade secret law and contractual terms and conditions to protect our intellectual property rights, all of which provide only limited protection. We cannot assure you that our intellectual property rights are sufficient to protect our competitive advantages. We cannot assure you that any patents issued or that will be issued from current or future applications will provide us with the protection that we seek or that any current or future patents issued to us will not be challenged, invalidated or circumvented. Legal standards relating to the validity, enforceability and scope of protection of patents are uncertain. Also, we cannot you that any trademark registrations will be issued for pending or future applications or that any of our trademarks will be enforceable or provide adequate protection of our proprietary rights.
We also rely in some circumstances on trade secrets to protect our technology. Trade secrets may lose their value if not properly protected. We endeavor to enter into non-disclosure agreements with our employees, customers, contractors, and business partners to limit access to and disclosure of our proprietary information. The steps we have taken, however, may not prevent unauthorized use of our technology, and adequate remedies may not be available in the event of unauthorized use or disclosure of our trade secrets and proprietary technology. Moreover, others may reverse engineer or independently develop technologies that are competitive to ours or infringe our intellectual property.
Accordingly, despite our efforts, we may be unable to prevent third parties from infringing or misappropriating our intellectual property and using our technology for their competitive advantage. Any such infringement or misappropriation could have a material adverse effect on our business, operating results, and financial condition. Monitoring infringement of our intellectual property rights can be difficult and costly, and enforcement of our intellectual property rights may require us to bring legal actions against infringers. Infringement actions are inherently uncertain and therefore may not be successful, even when our rights have been infringed, and even if , may require a substantial amount of resources and our management’s attention.
Claims by others that we infringe their intellectual property could force us to incur significant costs or revise the way we conduct our business.
Our competitors protect their intellectual property rights by means such as patents, trade secrets, copyrights, and trademarks. We have not conducted an independent review of patents issued to third parties. Additionally, because patent applications in the United States and many other jurisdictions are kept confidential for 18 months before they are published, we may be unaware of pending patent applications that relate to our proprietary technology. Any party asserting that we infringe its proprietary rights would force us to defend ourselves, and possibly our customers, against the alleged infringement. These claims and any resulting lawsuit, if successful, could: subject us to significant liability for damages and invalidation of our proprietary rights; cause interruption or cessation of our operations; require us to enter into royalty or licensing agreements with third parties; and consume time which would otherwise be spent on our core business. Even if we prevail, the cost of such could our financial resources. Furthermore, during the course of , confidential information may be in the form of documents or testimony in connection with discovery requests, depositions, or trial testimony. The software and technology industries are characterized by the existence of a large number of patents, copyrights, trademarks and trade secrets and by frequent based on of or other of intellectual property rights. Moreover, the risk of such a lawsuit will likely increase as our size and scope of our services and technology platforms increase, as our geographic presence and market share expand and as the number of competitors in our market increases. Any of the foregoing could our business and have a material effect on our operating results and financial condition.
