Item 1. Business
A full discussion of the general development of our business and information about our legal predecessor is included in the section entitled “Business” in our Annual Report on Form 10-K for the year ended December 31, 2021 filed with the U.S. Securities and Exchange Commission (“SEC”) on April 18, 2022 (the “2021 Annual Report”). The following discussion provides an update to the general development of our business and includes material developments that have occurred since the date the 2021 Annual Report was filed and incorporates by reference the full discussion in the 2021 Annual Report, which is available here.
OUR BUSINESSES
Overview
The terms “we,” “our,” “us,” “its,” “UpHealth,” or the “Company” used in this Annual Report on Form 10-K (this “Annual Report”) refer to UpHealth, Inc. and its subsidiaries.
UpHealth is a healthcare technology and technology-enabled services company with a mission to enable high quality, affordable, and accessible healthcare for all. Our three distinct, yet complementary business platforms—Integrated Care Management, Virtual Care Infrastructure and Services—empower health systems, health plans, employers, and government agencies and ministries to improve patient and provider experience, quality, access, and population health, and to reduce the cost of healthcare and eliminate wasteful spending.
The ability to ingest complex healthcare data and apply health care expertise and insights allows us to serve people, care providers, payors, communities and governments with innovative digital technology products and services to help our customers solve many of the challenges facing healthcare today.
Integrated Care Management combines technology, data, and clinical expertise to empower payors and providers with the guidance and tools they need to improve population health through its SyntraNetTM platform. This platform improves overall health system performance by leveraging distinctive capabilities in data and analytics, health information exchanges, pharmacy care services, health care operations, and population health. Integrated Care Management serves the healthcare marketplace, including payors, providers, governments, and life sciences.
Virtual Care Management leverages digital health tools, technology, data, and analytics to provide telehealth solutions, which use electronic information and telecommunications technologies to support and promote long-distance clinical health care, patient and professional health-related education, public health and health administration, and virtual care infrastructure solutions to improve access to healthcare and to resolve health disparities across the care continuum. Virtual Care Management serves the healthcare marketplace, including providers, health systems, and government agencies.
Our Services platform provides behavioral health, mental health, and pharmacy services in the United States, which are critically important to managing whole person care and its associated costs. Our Services business serves the healthcare marketplace, including direct patient care, government agencies, and providers.
Completed Business Combinations
On June 9, 2021, UpHealth acquired (a) UpHealth Holdings, Inc. (“UpHealth Holdings”) and its subsidiaries, which became a wholly owned subsidiary, in an exchange of shares of UpHealth common stock for all the shares of UpHealth Holdings’ capital stock issued and outstanding immediately prior to the effective time of the acquisition, and (b) Cloudbreak Health, LLC (“Cloudbreak”), which became a wholly owned subsidiary, in an exchange of shares of UpHealth common stock for all of the Cloudbreak membership units issued and outstanding immediately prior to the effective time of the acquisition. In connection with the closing of the acquisition of UpHealth Holdings, certain promissory notes owed by UpHealth Holdings which became due at the closing of the acquisition of UpHealth Holdings were paid in cash, and the remaining promissory notes owed by UpHealth Holdings were assumed. In connection with the closing of the acquisition of Cloudbreak, certain promissory notes owed by Cloudbreak which were due at the closing of the acquisition of Cloudbreak were paid in cash.
Upon completion of the transactions, UpHealth structured its business across three segments: (a) Integrated Care Management—through its subsidiary Thrasys, Inc. (“Thrasys”); (b) Virtual Care Infrastructure—through its subsidiaries Glocal Healthcare Systems Private Limited (“Glocal”) and Cloudbreak; and (c) Services—through its subsidiaries Innovations Group, Inc. (“Innovations Group”), Behavioral Health Services, LLC (“BHS”) and TTC Healthcare, Inc. (“TTC”).
After undergoing a process launched in the second half of 2021 designed to help us determine how to tie the various components of the businesses brought together between November 2020 and June 2021 that we launched in the summer of 2021, in 2022, we turned to transforming our business strategy to create a company that can profitably fulfill our mission as an integrated whole. By considering our previous financial performance, we determined that it was necessary for us to pivot and to focus on fewer investments for growth. As a result, we sought to establish a company that will deliver high-quality, predictable revenue streams, conserve cash and readjust our operating expenses, and improve operational excellence. This led us to make the following decisions with regard to our reporting segments:
•As a result of the previously disclosed ongoing control issues and legal proceedings with Glocal, UpHealth deconsolidated Glocal in July 2022. These issues and disputes are described in our Current Reports on Form 8-K filed with the SEC on October 3, 2022 and November 14, 2022, and in our Quarterly Report on Form 10-Q for the fiscal quarter ended September 30, 2022 filed with the SEC on December 29, 2022, as well as in Part I, Item 3, Legal Proceedings, of this Annual Report. Accordingly, although Glocal is included in the Virtual Care Infrastructure segment operating results for the first six months of 2022, it is not included in the Virtual Care Infrastructure business discussion for the latter six months of 2022. As of March 31, 2023, the operations of Glocal remain deconsolidated from the rest of UpHealth as we continue to pursue all legal recourse against the founders of that business.
•On February 26, 2023, UpHealth Holdings agreed to sell 100% of the outstanding capital stock of Innovations Group to Belmar MidCo, Inc., a Delaware corporation (“Belmar”) and a wholly owned subsidiary of Belmar Holdings, Inc., a Delaware corporation, a portfolio company of Webster Capital IV, L.P., a Delaware limited partnership, pursuant to a stock purchase agreement dated February 26, 2023, by and among UpHealth, UpHealth Holdings, Innovations Group, and Belmar. The sale is expected to close in the second quarter of 2023, subject to the completion of required regulatory filings. Innovations Group’s financial results are included in the discussion of full year 2022 results for the Services business, as they are considered held-for-sale.
•At the start of 2023, we made the decision to integrate BHS into our legacy TTC operations and wind down our provider practice in Missouri. As such, BHS results for 2022 are included in the full year 2022 results for the Services business.
Following all of these changes, our reporting structure remains the same. We have three business segments: (a) Integrated Care Management, which has evolved from the legacy Thrasys business; (b) Virtual Care Infrastructure, which uses MarttiTM, a platform developed by the legacy Cloudbreak business; and (c) Services, which is focused on behavioral health services using a platform created by the legacy TTC business.
Going forward, UpHealth will offer patient-centric digital health technologies and technology-enabled services to manage health and behavioral health across our strategic business segments. We are focused on integrating the value streams represented across these three product and service lines, and focusing on building more data and analytics capabilities to complement our technology. Additionally, we are working on a partnership to incorporate artificial intelligence (“AI”) into our core product offerings. As of December 31, 2022, UpHealth, Inc. served:
•Approximately 9 million lives on its Integrated Care Management platform in California and other states;
•Approximately 3 million lives where we provided telehealth services at over 2,800 U.S. healthcare venues;
•Over 10,000 patients since opening were provided behavioral health services; and
•Over 300,000 lives, and 18,500 prescribers, for whom we filled over 10 million prescriptions at an average of 1,049 prescriptions per day.
Market Opportunity
In December 2022, the World Health Organization Global Report measured the global healthcare market at $9 trillion, including public and private spending and ranging across the spectrum of healthcare services. We believe that this market is broken, fragmented, and in great need of change. According to government data from the Centers for Medicare & Medicaid Services (“CMS”), national health expenditure in the United States alone was $4.3 trillion in 2021, representing 18.3% of Gross Domestic Product (“GDP”).
The long-standing macro factors that are driving the healthcare landscape today and straining current systems include an increasingly aging population, growing prevalence of chronic illnesses, unsustainable and escalating costs, and inequitable access to care. While these are not novel challenges, they are accelerating rapidly and exacerbating fundamental flaws in an inefficient healthcare system ill-equipped to provide the necessary services for all its constituents.
We believe there is a heightened demand for digital services that can improve the management of population health and care delivery, eventually leading to the “practice” of digital health. We believe these advancements are leading to a convergence of technology, data, analytics, information, and connectivity to improve health care and health outcomes.
We are building a sustainable, scalable business that provides digital health technology and technology enabled services that enhance the patient and the provider experience, improve population health, and reduce healthcare costs. We are creating solutions that improve access to high quality, affordable care by connecting stakeholders in the healthcare ecosystem with digital tools and workflows. Doing this will position UpHealth as an indispensable partner to payors, providers and patients as they evolve to the practice of digital health.
An additional area of focus for us going forward is data and analytics. The U.S. Healthcare Analytics market is projected to grow from $35 billion in 2022 to $167 billion in 2030. Market growth drivers will include:
•Tech-led, and tech-enabled services will create more value in an otherwise slow-adopting healthcare environment;
•Expansion of labor pool will increase the need for data and analytic tools to drive more efficient workflows;
•Continued move into risk bearing models, across primary care and specialty-focused models;
•Data-focused plays around a (partially) unified patient record will likely see an acceleration; and
•Increased relevance and opportunities in carve outs while near-term importance of proving business model stability and Return on Investment (“ROI”) become more critical.
We currently work with some of the largest payors in the California market where we have implemented Health Information Exchange systems and technology platforms to improve patient engagement in community-based care. The size of the data and analytics market in California alone is projected to grow over 20% per year for the next decade. We currently have over 3 billion unique data points across our 12 million covered lives. Our data includes claims and encounter data, clinical data, social determinants of health data, consumer data and medical care adherence data. We are working to use that data to help our clients make better decisions about their businesses and we intend to use this asset to supplement our technology products and services to create greater value for our clients.
Integrated Care Management
Integrated Care Management is our healthcare technology business that serves organizations that pay for healthcare, including health plans and state, federal and municipal agencies that ensure the people they sponsor receive high-quality care, administered and delivered efficiently and effectively, all while driving health equity so that every individual, family, and community has access to the care they need.
“Integrated care” is the collaboration among health professionals to provide complete treatment to patients and improve overall well-being. Our Integrated Care Management business is powered by the SyntraNetTM technology platform and applications. SyntraNetTM is a configurable integrated health management platform that enables clinical and community-based care teams to share information, coordinate care, manage utilization, and improve health outcomes and costs for individuals and populations—especially individuals with complex medical, behavioral health, and social needs.
SyntraNetTM creates virtual “care communities” – logical networks of organizations, care managers and service providers – that function as an integrated care team to deploy programs to improve health, quality, performance, efficiency, and costs.
Core features of the platform include the ability to:
• Create virtual, cross-sector care communities;
• Integrate and organize information from a wide range of health and social health data sources;
• Gain insight into health, risks, and opportunities with advanced analytics;
• Qualify and enroll groups into programs;
• Coordinate care teams across the continuum of care; and
• Analyze and report on various measures of success.
Our Integrated Care Management platform provides health plans and provider groups the ability to manage health with new value-based models of care. Our clients include the largest public health plan in the United States, entities that are part of the nation’s most comprehensive “whole person care” initiatives, and one of the fastest growing value-based pharmacy benefit managers.
Integrated Care sells its products primarily through its direct sales force, strategic collaborations and external producers in two key areas: payors including health plans and third-party administrators and public entities including state and local health care agencies. Revenue is derived from license fees, recurring subscription fees, and professional services for implementation.
Virtual Care Infrastructure
Virtual Care Infrastructure is a technology and technology-enabled services business that connects healthcare systems with platforms, analytics and services that make clinical and administrative processes simpler and more efficient. Hospital systems, physicians, and patients depend on UpHealth to help them improve performance, reduce costs and advance care quality through technology-enabled services built directly into clinical workflows.
Powered by Martti™, Virtual Care Infrastructure is a provider of unified telehealth solutions and digital health tools aimed at increasing access to healthcare and resolving health disparities across the care continuum. The Virtual Care Infrastructure business segment has one of the largest installed user bases in the nation, performing more than 300,000 encounters per month on over 40,000 video endpoints at over 2,800 healthcare venues in over 250 languages across the United States. Through its integrated telehealth and language access services, the platform serves as the digital front door to in-hospital care. The MarttiTM platform provides digital health infrastructure enabling its partners to implement unique, private-label telehealth strategies customized to their specific needs and markets, with language access built-in.
In 2022, MarttiTM expanded its operations by leveraging its existing platform to include other telemedicine use cases, such as telestroke, teleneurology, and telepsychiatry. We also launched a home health virtual visit platform enabling healthcare system partners to see their patients remotely on any device, at any time, anywhere the patient may be, and in any language they may speak.
Virtual Care Infrastructures products and services are sold primarily through a direct sales force. Virtual Care Infrastructure’s products are also supported and distributed through an array of alliances and business partnerships with other technology vendors, who integrate and interface our products with their applications. Our Virtual Care Infrastructure business offers an expanding suite of telehealth use cases, which are delivered under multi-year contracts that include fixed minimums with upside attributable to usage-based fees. Our client base includes hospitals and health systems, federally qualified healthcare clinics (“FQHCs”), urgent care centers, stand-alone clinics and medical practices.
Services
Our Services platform provides behavioral health and pharmacy services in the United States, which are critically important to managing whole person care and its associated costs. Our comprehensive behavioral health capabilities are powered by UpHealth BehavioralTM and provide evidence-based and tech-enabled behavioral health and substance abuse services via onsite care delivery and telehealth. Our Services platform is working to deliver an increasing volume of services, including telehealth services, to existing customers, as well as clients belonging to the Integrated Care Management and Virtual Care Infrastructure platforms.
UpHealth BehavioralTM provides comprehensive patient-centered care, addressing the physical, mental, and social well-being of our clients. We engage people in the most appropriate care settings, including clinical sites, out-patient and virtual. UpHealth BehavioralTM delivers behavioral health services; helps patients and providers navigate and address complex, chronic behavioral health needs; offers post-acute care planning services; and serves consumers and care providers through advanced, on-demand digital health technologies, such as telehealth. UpHealth BehavioralTM works directly with consumers, care delivery systems, providers, payors, and public-sector entities to provide high quality, accessible and equitable care with improved health outcomes and reduced total cost of care.
UpHealth BehavioralTM sells its products primarily through its direct sales force, and strategic collaborations in two key areas: payors including health plans, third-party administrators; and public entities including the U.S. Departments of Veterans Affairs and other federal, state, and local health care agencies.
Our pharmacy business, Innovations Group, is powered by MedQuest Pharmacy, a full-service retail and compounding pharmacy licensed in all 50 U.S. states and the District of Columbia that dispenses prescribed medications shipped directly to patients. It is capable of serving as a retail or national fulfillment center. Other services and products are also available, such as lab and testing services, nutritional supplements, and education and training for medical practitioners.
On February 26, 2023, UpHealth Holdings agreed to sell 100% of the outstanding capital stock of Innovations Group. We expect the sale to close in the second quarter of 2023, subject to the completion of required regulatory filings.
International
We continue to pursue legal actions against the founders of Glocal. We have an experienced leadership team hired and ready to assume leadership of that business should we choose to bring it back following the arbitration process. The international
leadership team is currently focused on building out global operations to support our cost containment efforts and they are also working to productize our telehealth offerings for the international market.
UpHealth Innovation Lab
In January 2023, UpHealth created an Innovation Lab tasked with innovating the most market forward solutions, technology and services, to address the needs of the healthcare market. Products that fall under this umbrella include:
•Data & analytics: UpHealth applies predictive and prescriptive analytics to more than 3.1 billion clinical and social health data points to enable us to provide enterprises with deep insights to support sophisticated targeting and intervention strategies. We are creating a state-of-the-art data fabric that simplifies data sharing and ensures data is discoverable across multiple systems. UpHealth’s data and analytics will enable organizations to implement advanced patient risk stratification and prescriptive next-best actions.
•Digital health: UpHealth’s AI-driven digital health solutions are intended to enhance revenue through hyper-personalized customer experiences and productivity through the automation of re-designed healthcare operations.
Key Performance Indicators
As a digital health technology and technology enabled services company, we measure several key performance indicators (“KPIs”) across our platform related to adoption and utilization by users. We believe that the following KPIs will impact our ability to improve the health of patients and help to inform how we manage operations:
•Number of lives: Our mission is to transform care delivery and support healthier individuals and communities. We believe that our digital health technology and tech-enabled services support this mission by empowering providers to deliver coordinated, personalized, affordable, and effective care globally to improve health outcomes. The number of lives served by us globally helps us to assess our performance managing that mission as well as our potential impact on the broader healthcare market. As of December 31, 2022, UpHealth, Inc. had approximately 9 million lives served in integrated care management in the United States.
•Number of care venues: We believe that the number of care venues using our platform globally is an indicator of future revenue growth because we derive meaningful revenue from consultation, diagnostic, and medication dispensing fees, as well as device utilization in the care venues we serve. These venues also provide a base footprint into which we can provide other products and services across our platform. A care venue represents a distinct physical location of a medical care site, hospital, or health system. As of December 31, 2022, UpHealth, Inc. had approximately 2,800 distinct care venues globally.
•Number of encounters: Because our service and utilization revenue will generally increase with the number of consultations, we believe the number of global (domestic and internationally) consultations provides us with useful information on period-to-period performance as evaluated by management, and comparison with our past financial performance. We define core consultations as encounters as patients and providers utilizing our core services, including digital encounter teleconsultations and onsite consultations. UpHealth BehavioralTM admitted and treated 1,000 patients during calendar year 2022 and MedQuest Pharmacy filled an average of approximately 1,049 prescriptions per day in 2022.
We believe our operational performance will drive our financial results, which will be evaluated at the corporate and segment level. The key financial metrics to which we manage our business include revenues, gross margin, and adjusted Earnings Before Interest, Taxes, Depreciation and Amortization (“EBITDA”), which consists of net income (loss) attributable to us, excluding depreciation and amortization; stock-based compensation; lease abandonment expenses; goodwill and intangible asset impairments; acquisition, integration, and transformation costs; other income (expense); income tax benefit (expense); income (loss) from equity investment; net income (loss) attributable to noncontrolling interests; and other non-recurring charges to GAAP net income (loss) attributable to us. Other non-recurring charges to GAAP net income (loss) attributable to us may include transaction expenses in connection with capital raising transactions (whether debt, equity or equity-linked) and acquisitions, whether or not consummated, purchase price adjustments, the cumulative effect of a change in accounting principles, or other expenses determined to be non-recurring.
As we expand our role as a partner for key stakeholders in the practice of digital health, we anticipate developing a set of shared performance indicators, such as impact on total cost of care, functional health of members and targeted populations, and satisfaction level of the care experience by providers, customers, and payors.
Business Strategy
UpHealth is a healthcare technology and technology enabled services company that enables high quality, affordable and accessible healthcare for all. UpHealth has proven solutions with significant revenue and customer momentum, as well as numerous opportunities to achieve synergistic growth. In 2022, we made the decision to transform our business, making hard decisions to focus on those businesses with strong products and customer relationships. We shut down many initiatives that were not producing results and we reduced the size of our workforce accordingly. Finally, we brought in several new leaders to help us drive the business forward.
In 2023, we will focus on executing our One UpHealth strategy and implementing our three-year plan. 2023 will be a year for us to recalibrate the baseline of our business. We will integrate our population health and telehealth technologies, build out our data and analytics services to complement our technology, incorporate AI into our telehealth offering through the creation of virtual agents, leverage our technology to create a tele-behavioral product and build out international operations to support our cost containment ambitions. We created the UpHealth Innovation Lab to accelerate our investments in data analytics and AI and to enhance the UpHealth brand in the marketplace. All of this will help us to make the transition from small, sub-scale businesses to a sustainable, scalable business that delivers value to our customers.
Keys to Our Growth Plan
We bring a set of attributes to the market that we believe will continue to differentiate us across our major stakeholders and end markets. While there have been a number of recent innovations across one-off point solutions aimed at solving specific pain points, we believe they tend to lack a comprehensive approach to addressing broad challenges across the care continuum, and thus fail to fully solve healthcare disparities for all stakeholders. What is required is a combination of innovative technologies and technology-enabled services that are integrated within the workflows and core operating systems of payors, providers, and patients. We believe that the digital health platforms that thrive long term will be those that enable a hybrid model of care delivery, enhancing onsite care settings with an integrated digital infrastructure that provides virtual care access and engagement while also coordinating and connecting both community and clinical care teams within defined populations.
An Integrated Global Digital Health Platform Addressing Critical Market Needs
We operate in the healthcare landscape across three large and high growth digital healthcare markets, providing a comprehensive care hub across multiple care settings. We aim to reshape healthcare delivery through integrated offerings that unite the healthcare ecosystem, enabling the “practice” of digital healthcare (i.e., the use of information and communications technologies in medicine and other health professions to manage illnesses and health risks and to promote wellness). Together, these advancements are leading to a convergence of people, information, technology, and connectivity that improve healthcare and health outcomes through a more coordinated, data-driven, and personalized care experience. We seek to deliver on our vision of providing a guided care experience for patients and providers that is frictionless, engaging, and easy to use.
Growth Levers
Below are the levers through which we believe UpHealth will accelerate growth of the platform:
•Win large, high value deals. Our Integrated Care Management business, which signs initial multi-year contract terms with recurring revenue, covered 9 million lives in 2022. Our Virtual Care Infrastructure business has signed multiple deals with large hospital systems that give us scale across their facilities. Our behavioral health business is developing a center of excellence model that can be expanded into other states. We must continue to win these large, high value deals to grow our business. We have set a goal of tripling our pipeline in 2023 which will set us up to build and scale our business for growth in 2024.
•Elevate our client engagement. We have identified thirty-six strategic accounts across our strategic businesses for which we intend to focus on implementing a more robust client engagement model. This will allow us to communicate more effectively the value we are creating for our clients and help us find other channels for growth within the relationships we already have. We are also in the process of expanding self-service analytics for many of our clients, as well as segmented client engagement models that align with client size. These enhancements will drive both client engagement as well as operational efficiencies.
•Expand within our existing strategic clients. UpHealth provides a suite of products across the continuum of care for any entity managing complex patient populations. This enables UpHealth to become a strategic partner for health systems, government entities, and plans, providing services from integrated care management to language translation and interpretation. We are positioned to offer the market a unique, multifaceted and integrated approach to technologies, processes, and services spanning the continuum of care, which creates numerous synergy opportunities across our businesses. As customers use UpHealth’s solutions, the platform will enable them to further utilize the
platform’s growing network and dataset to help them provide even better care to a greater population. For example, our operations now have the opportunity to leverage the 2,800+ U.S. healthcare venues that are currently utilizing our telehealth services. Additionally, UpHealth BehavioralTM has expanded into in-patient behavioral health. This is a growing market, growing at 7% annually, offering extensive growth potential in behavioral telehealth which now accounts for 35% of all behavioral health visits, up from low single digits pre-pandemic.
•Grow and diversify our customer base. We have a very strong core of strategic accounts. We are focused on building out our commercial model to help us to grow and diversify our customer base. We will invest in additional resources for sales, marketing, and product development to enable us to communicate our integrated value proposition to payors, providers, and life sciences companies that purchase our solutions. In addition to direct sales, in 2023 we are expanding our presence with channel and strategic referral partners. Our behavioral health team is expanding contracts with payors to increase in-patient volume.
•Lead with innovative Digital Solutions. Our behavioral health platform plans to expand telepsychiatry services in conjunction with Integrated Care by leveraging Martti™ relationships with over 2,800 care venues. Innovative features of our telemedicine digital dispensary and AI-guided, evidence-based care solution will be reengineered to enable introduction into U.S. and other developed international markets. Integrated Virtual Care will continue to roll out specific teleconsultation applications beyond telepsychiatry. Each of these initiatives are expected to provide meaningful revenue opportunities.
•Scale Prioritized Sectors. We are focused on growing our telehealth, integrated care and behavioral and mental health products and services. Through our UpHealth Innovation Lab, we are adding Data & Analytics as a service through an Analytics cloud based platform to complement our technology products, as all of our prioritized sectors are seeking out these solutions. We will also investigate supplementing our organic growth strategy with select acquisitions to increase market share across our current capabilities, accelerate entry into new capabilities, and expand offerings into new end markets. We plan to leverage our existing capabilities within the three core segments. We will continue to selectively evaluate and, where strategically appropriate, pursue acquisition opportunities that are complementary.
Sales, Marketing and Client Management
We market our products and our services to our existing and prospective clients through our sales and client management teams, which are aligned by business segment and cross-industry domains such as payor, provider and life sciences. Our sales and client management teams operate from the United States and are supported by our business development teams.
Our sales, marketing and business development teams are responsible for new client acquisitions, public relations, relations with outsourcing advisory companies, lead generation, knowledge management, content development, campaign management, digital or web presence, brand awareness and participation in industry forums and conferences. Our professionals generally have significant experience in healthcare, technology, data and analytics, and digital technology within our focus markets.
Clients
UpHealth generated revenues from approximately 400 clients in 2022. Our top three, five and ten clients generated 19.1%, 24.7% and 33.9% of our revenues, respectively, during 2022. Our revenue concentration with our top clients has reduced year-over-year as we continue to develop relationships with new clients to diversify our client base. We believe that the loss of any of our ten largest clients could have a material adverse effect on our financial performance.
Competition
As a relatively young health care company, we operate in highly competitive markets across the full expanse of healthcare technology and technology enabled services. The markets in which we participate are highly competitive, with increasing competition from new entrants and expansion by existing competitors. We view our competitors as companies that currently, or in the future will, (i) develop and market digital health technology or (ii) provide telehealth and expert medical services, such as the delivery of on-demand access to healthcare. Competition for developing and marketing digital health technology and the provision of telehealth focuses on, among other factors, technology, breadth and depth of functionality, range of associated care delivery services, operational experience, customer support, size of customer base, and reputation. We compete fundamentally on the quality and value we provide to those we serve which can include elements such as product and service innovation; use of technology; consumer and provider engagement and satisfaction; and sales, marketing and pricing.
We expect to face intensifying competition from existing competitors in our particular capabilities, platforms looking to broaden their services offerings, and new entrants that introduce digital health services and software platforms or other technology. We currently face competition from a range of point solutions, including specialized software providers that are
continuing to more deeply integrate their technology with care delivery services. In addition, large, well-financed healthcare providers have in some cases developed their own telemedicine services and technologies and may provide these solutions to their patients at discounted prices.
We believe that we are uniquely positioned on the basis of these factors and that the offerings of competitors do not comprehensively address the needs of our key stakeholders across our key markets, or fail to do so at scale.
See Part I, Item 1A, “Risk Factors” for additional discussion of our risks related to competition.
GOVERNMENT REGULATIONS
Our businesses are subject to comprehensive U.S. federal and state and international laws and regulations. Our business, and our customers’ businesses, are regulated by agencies which generally have discretion to issue regulations and interpret and enforce laws and rules. U.S. federal and state and international governments continue to consider and enact various legislative and regulatory proposals which could materially impact certain aspects of the health care system. New laws, regulations and rules, or changes in the interpretation of existing laws, regulations and rules, including as a result of changes in the political environment, could adversely affect our businesses.
See Part I, Item 1A, “Risk Factors” for a discussion of the risks related to our compliance with U.S. federal and state and international laws and regulations.
U.S. Federal and State Laws and Regulations
Our existing and planned operations are subject to comprehensive U.S. federal, state and local and international regulation in the jurisdictions in which we do business. Our ability to operate profitably will depend in part upon our ability, and that of our affiliated providers, to maintain all necessary licenses and to operate in compliance with applicable laws and rules. Those laws and regulations continue to evolve, and we therefore devote significant resources to monitoring developments in healthcare, data privacy and security, and medical practice laws and regulations. As the applicable laws and rules change, we are likely to make conforming modifications in our business processes from time to time. In some jurisdictions where we operate, neither our current nor our anticipated business model has been the subject of formal judicial or administrative interpretation. We cannot be assured that a review of our business by courts or regulatory authorities will not result in determinations that could adversely affect our operations or that the healthcare regulatory environment will not change in a way that impacts our operations.
Our businesses are also subject to laws and regulations relating to consumer protection, anti-fraud and abuse, anti-kickbacks, false claims, prohibited referrals, inappropriate reduction or limitation of health care services, anti-money laundering, securities and antitrust compliance.
Privacy, Security and Data Standards Regulations
Certain of our operations are subject to regulation under the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”). Federal regulations related to HIPAA contain minimum standards for electronic transactions and code sets and for the privacy and security of protected health information. In the conduct of our business, depending on the circumstances, we may act as either a covered entity or a business associate. With our health system clients, and our health plan clients, including affiliated medical groups, which are all regulated as covered entities under HIPAA, we are a business associate. We are also a business associate of our covered entity clients when we are providing technology services to those clients via our telehealth platform. Where we provide behavioral health clinical services, we are the covered entity.
Some of our businesses must comply with the Health Information Technology for Economic and Clinical Health Act (HITECH) which regulates matters relating to privacy, security and data standards. HITECH imposes requirements on uses and disclosures of health information; includes contracting requirements for HIPAA business associate agreements; extends parts of HIPAA privacy and security provisions to business associates; adds federal data breach notification requirements for covered entities and business associates and reporting requirements to HHS and the Federal Trade Commission (“FTC”) and, in some cases, to the local media; strengthens enforcement and imposes higher financial penalties for HIPAA violations and, in certain cases, imposes criminal penalties for individuals, including employees.
Telehealth Provider Licensing, Medical Practice, Certification and Related Laws and Guidelines
The practice of medicine is subject to various federal, state, and local certification and licensing laws, regulations, approvals, and standards, relating to, among other things, the adequacy of medical care, the practice of medicine (including the provision
of remote care), equipment, personnel, mitigating potential conflicts of interests, operating policies and procedures, and the prerequisites for the prescription of medication and ordering of tests. The application of some of these laws to telehealth is unclear, evolving, and subject to differing interpretation. Many states have specific statutes and regulations addressing provision of medical care via telehealth modalities and requirements that must be met to do so. Generally, the services provided must fall within the scope of practice for the licensed professional per the particular state’s board licensing rules and regulations, the same standard of care needs to be met as required for in-person care, and physicians must obtain informed consent from patients to the care provided and the virtual setting.
Physicians who provide professional medical services to a patient via telehealth must, in most instances, hold a valid license to practice medicine in the state in which the patient is located. We have established systems for ensuring that our affiliated physicians are appropriately licensed under applicable state law and that their provision of telehealth to our clients occurs in each instance in compliance with applicable rules governing state licensing requirements. Failure to comply with these laws and regulations could result in licensure actions against the physicians, our services being found to be non-reimbursable by payors, or prior payments being subject to recoupments and can give rise to civil, criminal or administrative penalties.
Generally, physicians providing services through telehealth must also use HIPAA-compliant technology. Certain types of technology, such as audio-video synchronous technology, may be required for compliance with state laws and reimbursement depending on the type of service and the payor.
Pharmacy Laws and Regulations
For the period through the closing of the sale of IGI, we will remain subject to extensive federal, state, and local regulation applicable to pharmacy businesses. Pharmacies, pharmacists, and pharmacy technicians are subject to a variety of federal and state statutes and regulations governing various aspects of the pharmacy business, including the distribution of drugs; operation of mail order pharmacies; licensure of facilities and professionals, including pharmacists, technicians and other healthcare professionals; packaging, storing, distributing, shipping and tracking of pharmaceuticals; repackaging of drug products; labeling, medication guides, and other consumer disclosures; interactions with prescribing professionals; compounding of prescription medications; counseling of patients; prescription transfers; advertisement of prescription products and pharmacy services; security; controlled substance inventory control and recordkeeping; and reporting to the U.S. Food and Drug Administration (the “FDA”) , state boards of pharmacy, the U.S. Consumer Product Safety Commission and other state enforcement or regulatory agencies. Many states have laws and regulations requiring out-of-state mail-order pharmacies to register with that state’s board of pharmacy. In addition, the FDA inspects facilities in connection with procedures to effect recalls of prescription drugs. The Federal Trade Commission also has requirements for mail-order sellers of goods. The United States Postal Service (the “USPS”) has statutory authority to restrict the transmission of drugs and medicines through the mail to a degree that may have an adverse effect on our mail-order operations. The USPS historically has exercised this statutory authority only with respect to controlled substances. If the USPS restricts our ability to deliver drugs through the mail, alternative means of delivery are available to us. However, alternative means of delivery could be significantly more expensive. The Department of Transportation has regulatory authority to impose restrictions on drugs inserted into the stream of commerce. These regulations generally do not apply to the USPS and its operations.
Corporate Practice of Medicine Laws in the U.S.; Fee Splitting
The companies that are part of UpHealth contract with physicians or physician-owned professional associations and professional corporations to provide them and their patients with access to our platform. These contractual relationships are subject to various state laws that prohibit fee splitting or the practice of medicine by lay entities or persons and that are intended to prevent unlicensed persons from interfering with or influencing a physician’s professional judgment. Activities other than those directly related to the delivery of healthcare may be considered an element of the practice of medicine in many states. Under the corporate practice of medicine restrictions of certain states, decisions and activities that may be performed by unlicensed individuals or entities and perceived as impacting the clinical decision-making of licensed professionals such as scheduling, policy and procedure development, contracting, setting rates and the hiring and management of clinical personnel may implicate the restrictions on the corporate practice of medicine. Similarly, certain compensation arrangements between licensed professionals and unlicensed individuals and entities can implicate state fee-splitting prohibitions, which prohibit providers from sharing a portion of their professional fees collected with third parties.
State corporate practice of medicine and fee splitting laws and rules vary from state to state and are not always consistent across states. In addition, these requirements are subject to broad interpretation and enforcement by state regulators. Some of these requirements may apply to us even if we do not have a physical presence in the state, based solely on our engagement of a provider licensed in the state or the provision of telehealth to a resident of the state. Thus, regulatory authorities or other parties, including our providers, may assert that, despite these arrangements, we are engaged in the corporate practice of medicine or that our contractual arrangements with affiliated physician groups constitute unlawful fee splitting. In such event, failure to comply could lead to adverse judicial or administrative action against us and/or our affiliated providers, civil, criminal or
administrative penalties, receipt of cease and desist orders from state regulators, loss of provider licenses, the need to make changes to the terms of engagement of our providers that interfere with our business, and other materially adverse consequences.
U.S. Federal and State Fraud and Abuse Laws
Federal Stark Law
We are subject to the federal Physician Self-Referral Law, commonly known as the Stark Law. Where applicable, this law prohibits a physician from referring Medicare or Medicaid patients for “designated health services” such as laboratory and radiology services that are furnished at an entity if the physician or a member of such physician’s immediate family has a “financial relationship” (including an ownership interest or a compensation arrangement) with the entity, unless an exception applies. The Stark Law also prohibits the entity from billing Medicare or Medicaid for such designated health services. Sanctions for violating the Stark Law include denial of payment, civil monetary penalties per claim submitted and exclusion from the federal healthcare programs. Failure to refund amounts received as a result of a prohibited referral on a timely basis may constitute a false or fraudulent claim and may result in civil penalties and additional penalties under the federal False Claims Act (described below). The statute also provides for a penalty for a circumvention scheme. The Stark Law is a strict liability statute, which means proof of specific intent to violate the law is not required. In addition, the government and some courts have taken the position that claims presented in violation of various healthcare fraud and abuse statutes, including the Stark Law, can be considered a violation of the federal False Claims Act (described below) based on the contention that a provider impliedly certifies compliance with all applicable laws, regulations and other rules when submitting claims for reimbursement. A determination of liability under the Stark Law could have a material adverse effect on our business, financial condition and results of operations.
Federal Anti-Kickback Statute
We are also subject to the federal Anti-Kickback Statute. The Anti-Kickback Statute is a broadly worded, intent-based federal criminal statute that prohibits the knowing and willful offer, payment, provision, solicitation or receipt of any form of remuneration, directly or indirectly, in cash or in kind, in return for, or to induce, (i) the referral of a person for the furnishing or arranging for the furnishing of items or services reimbursable under Medicare, Medicaid or other federal health care programs or (ii) the purchasing, leasing or ordering or arranging or recommending purchasing, leasing or ordering of any item or service reimbursable under Medicare, Medicaid or other federal healthcare programs. Certain federal courts have held that the Anti-Kickback Statute can be violated if “one purpose” of a payment is to induce referrals. In addition, a person or entity does not need to have actual knowledge of this statute or specific intent to violate it to have committed a violation, making it easier for the government to prove that a defendant had the requisite state of mind or “scienter” required for a violation. Moreover, the government may assert that a claim including items or services resulting from a violation of the Anti-Kickback Statute constitutes a false or fraudulent claim for purposes of the False Claims Act, as discussed below. Violations of the federal Anti-Kickback Statute may result in civil monetary penalties for each violation, plus up to three times the remuneration involved. Civil penalties for such conduct can further be assessed under the federal False Claims Act. Violations of the Federal Anti-Kickback Statute can also result in criminal penalties, including criminal fines and imprisonment. Similarly, violations can result in exclusion from participation in the federal healthcare programs, including Medicare and Medicaid. Imposition of any of these remedies could have a material adverse effect on our business, financial condition and results of operations. Although there are a number of statutory exceptions and regulatory safe harbors to the federal Anti-Kickback Statute that protect certain common industry practices from prosecution, the exceptions and safe harbors are narrowly drawn, and arrangements may be subject to scrutiny or penalty if they do not fully satisfy all elements of an available exception or safe harbor. However, the failure of a financial relationship to meet all of the applicable safe harbor criteria does not necessarily mean that the particular arrangement violates the Anti-Kickback Statute.
Although we believe that our arrangements with physicians and other referral sources comply with current law and available interpretative guidance, as a practical matter, it is not always possible to structure our arrangements so as to fall squarely within an available safe harbor. Where that is the case, we cannot guarantee that applicable regulatory authorities will determine these financial arrangements do not violate the Anti-Kickback Statute or other applicable laws, including state anti-kickback laws.
Federal False Claims Act
Both federal and state government agencies have continued civil and criminal enforcement efforts as part of numerous ongoing investigations of healthcare companies and their executives and managers. Although there are a number of civil and criminal statutes that can be applied to healthcare providers, a significant number of these investigations involve the federal False Claims Act, which imposes civil penalties against individuals or entities for, among other things, knowingly presenting, or causing to be presented, false or fraudulent claims for payment to a federal health care program or knowingly making using or causing to be made or used a false statement or record material to payment of a false claim or avoiding, decreasing or concealing an
obligation to pay money to the federal government. Federal False Claims Act actions can be initiated not only by the government but also through civil whistleblower or qui tam lawsuits. Penalties for False Claims Act violations include fines for each false claim, plus up to three times the amount of damages sustained by the federal government. A False Claims Act violation may provide the basis for exclusion from federal healthcare programs. There is also the federal criminal False Claims Act, which is similar to the federal civil False Claims Act and imposes criminal liability on those that make or present a false, fictitious or fraudulent claim to the federal government.
Foreign and State Fraud and Abuse Laws
There are state and foreign law equivalents of the above federal laws, such as the federal Anti-Kickback Statute and the federal False Claims Act. The scope of these laws and the interpretations of them vary by jurisdiction and are enforced by local courts and regulatory authorities, each with broad discretion. Some state fraud and abuse laws apply to items or services reimbursed by any third party payor, including commercial insurers or to any payor, including to funds paid out of pocket by a patient. A determination of liability under such state fraud and abuse laws could result in fines and penalties and restrictions on our ability to operate in these jurisdictions.
Other Healthcare Laws
HIPAA established several separate criminal penalties for making false or fraudulent claims to insurance companies and other non-governmental payors of healthcare services. Under HIPAA, these two additional federal crimes are: “Healthcare Fraud” and “False Statements Relating to Healthcare Matters.” The Healthcare Fraud statute prohibits knowingly and willfully executing, or attempting to execute, a scheme or artifice to defraud any health care benefit program or to obtain, by means of false or fraudulent pretenses, representations, or promises, any of the money or property owned by, or under the custody or control of, any health care benefit program in connection with the delivery of or payment for healthcare benefits, items, or services. A violation of this statute is a felony and may result in fines, imprisonment, or exclusion from federal healthcare programs. The False Statements Relating to Healthcare Matters statute prohibits knowingly and willfully falsifying, concealing, or covering up a material fact by any trick, scheme or device or making any materially false, fictitious, or fraudulent statement or representations, or making or using any materially false writing or document knowing the same to contain any materially false, fictitious, or fraudulent statement or entry in connection with the delivery of or payment for healthcare benefits, items, or services. A violation of this statute is a felony and may result in fines or imprisonment. This statute could be used by the government to assert criminal liability if a healthcare provider knowingly fails to refund a known overpayment. These provisions are intended to punish some of the same conduct in the submission of claims to private payors as the federal False Claims Act covers in connection with federal healthcare programs.
In addition, the federal Civil Monetary Penalties Law imposes civil administrative sanctions for, among other violations, inappropriate billing of services to the federal healthcare programs and employing or contracting with individuals or entities who are excluded from participation in the federal healthcare programs. Moreover, a person who offers or transfers to a Medicare or Medicaid beneficiary any remuneration, including waivers of copayments and deductible amounts (or any part thereof), that the person knows or should know is likely to influence the beneficiary’s selection of a particular provider, practitioner or supplier of Medicare or Medicaid payable items or services may be liable for civil monetary penalties of up to $20,866 for each wrongful act. Moreover, in certain cases, providers who routinely waive copayments and deductibles for Medicare and Medicaid beneficiaries can also be held liable under the federal Anti-Kickback Statute and civil False Claims Act, which can impose additional penalties associated with the wrongful act. Although this prohibition applies only to federal health care program beneficiaries, the routine waivers of copayments and deductibles offered to patients covered by commercial payors may implicate applicable state laws related to, among other things, unlawful schemes to defraud, excessive fees for services, tortious interference with patient contracts, and statutory or common law fraud.
International Regulation
Our international operations are subject to different, and sometimes more stringent, legal and regulatory requirements, which vary widely by jurisdiction, including anti-corruption laws; economic sanctions laws; various privacy, insurance, tax, tariff and trade laws and regulations; corporate governance, privacy, data protection (including the EU’s General Data Protection Regulation which became effective in May 2018 across the EU, which would be applicable if we expand our operations into the EU), data mining, data transfer, labor and employment, intellectual property, consumer protection and investment laws and regulations; discriminatory licensing procedures; required localization of records and funds; and limitations on dividends and repatriation of capital. In addition, the expansion of our operations into foreign countries increases our exposure to the anti-bribery, anti-corruption and anti-money laundering provisions of U.S. law, including the FCPA, and corresponding foreign laws, including the UK Bribery Act.
The FCPA prohibits offering, promising or authorizing others to give anything of value to a foreign government official to obtain or retain business or otherwise secure a business advantage. We also are subject to applicable anti-corruption laws of the
jurisdictions in which we operate. Violations of the FCPA and other anti-corruption laws may result in severe criminal and civil sanctions as well as other penalties, and the SEC and the DOJ have increased their enforcement activities with respect to the FCPA. The UK Bribery Act is an anti-corruption law that is broader in scope than the FCPA and applies to all companies with a nexus to the United Kingdom. Disclosures of FCPA violations may be shared with the UK authorities, thus potentially exposing companies to liability and potential penalties in multiple jurisdictions. We have internal control policies and procedures and conduct training and compliance programs for our employees to deter prohibited practices. However, if our employees or agents fail to comply with applicable laws governing our international operations, we may face investigations, prosecutions and other legal proceedings and actions which could result in civil penalties, administrative remedies and criminal sanctions.
We also are subject to regulation by the Office of Foreign Assets Control (“OFAC”). OFAC administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals against targeted foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the United States. In addition, we may be subject to similar regulations in the non-U.S. jurisdictions in which we operate.
The healthcare industry in India is subject to laws, rules and regulations in the regions where we conduct our business or in which we intend to expand our operations. Given our digital health centers are situated at multiple locations, we are subject to various and extensive local law, rules and regulations relating, among other things, to the setting up and operation of private medical care establishments. Health and safety laws and regulations in India are becoming increasingly stringent in recent years, and it is possible that they will become significantly more stringent in the future. India is also in the process of and has certain legislation pending regarding increased data privacy.
INTELLECTUAL PROPERTY RIGHTS
We rely upon a combination of trademark, copyright, and trade secret laws, as well as license and access agreements and other contractual provisions, to protect our intellectual property and other proprietary rights.
We have obtained trademark registration for the UpHealth name and logo. We own registrations for certain of our other trademarks in the United States and abroad. Unless otherwise noted, trademarks appearing in this report are trademarks owned by us. We disclaim any proprietary interest in the marks and names of others.
We own and use trademarks and service marks on or in connection with our services, including both unregistered common law marks and issued trademark registrations in several jurisdictions. In addition, we rely on certain intellectual property rights that we license from third parties and on other forms of intellectual property rights and measures, including trade secrets, know-how and other unpatented proprietary processes and nondisclosure agreements, to maintain and protect proprietary aspects of our products and technologies. These licenses are standard licenses for common, easily replaceable commercial infrastructure. We require our employees, consultants and certain of our contractors to execute confidentiality agreements in connection with their employment or consulting relationships with us. We also require our employees and consultants to disclose and assign to us inventions conceived during the term of their employment or engagement while using our property or which relate to our business.
No subsidiaries have any existing or planned patents. We may continue to submit patent applications for new inventions and ideas we develop as well as monitor competitors in an effort to protect our intellectual property.
From time to time, we may become involved in legal proceedings relating to intellectual property arising in the ordinary course of our business, including opposition to our applications for patents, trademarks or copyrights, challenges to the validity of our intellectual property rights, and claims of intellectual property infringement. We are not presently a party to any such legal proceedings that, in the opinion of our management, would individually or taken together have a material adverse effect on our business, financial condition, results of operations or cash flows.
Item 1A. Risk Factors
An investment in our securities involves a high degree of risk. The risk factors summarized below could materially harm the business, cash flows, financial condition and results of operations of the Company, impair our future prospects and/or cause the price of our common stock to decline. These risk factors are discussed more fully below in the section below. These risk factors
are not exhaustive. Material risks that may affect our business, operating results and financial condition include, but are not necessarily limited to, the following:
•Our business, results of operations and financial condition may fluctuate on a quarterly and annual basis, which may result in a decline in our stock price if such fluctuations result in a failure to meet any projections that we may provide or the expectations of securities analysts or investors;
•The high degree of uncertainty of the level of demand for and market utilization of our solutions;
•Our existing customers may choose not to continue or renew their contracts with us, renew at lower fee levels, or decline to purchase additional applications and services from us, which could have a material adverse effect on our business, financial condition and results of operations;
•Failure to successfully execute on the terms of our contracts could result in significant harm to our business;
•If our applications and services are not adopted by our customers, or if we fail to innovate and develop new applications and services that are adopted by our customers, our revenue and results of operations will be adversely affected;
•Our sales and implementation cycle can be long and unpredictable and requires considerable time and expense, which may cause our results of operations to fluctuate;
•The impact of natural or man-made disasters and other similar events, including earthquakes, power outages, fires, floods, nuclear disasters, health epidemics (including the COVID-19 pandemic), war (including the conflict in Ukraine), and acts of terrorism or other criminal activities, on our business, financial condition, growth and the actions we may take in response thereto;
•Unstable market and economic conditions may have serious adverse consequences on our business, financial condition and stock price;
•Our ability to generate the amount of cash needed to support our debt obligations depends on many factors beyond our control;
•Our debt agreements contain restrictions that may limit our flexibility in operating our business, and any default on our secured credit facility could result in foreclosure by our secured noteholders on our assets;
•Substantial regulation and the potential for unfavorable changes to, or failure by us to comply with, these regulations, which could substantially harm our business and operating results;
•Our dependency upon third-party service providers for certain technologies, including proper maintenance of our data;
•Increases in costs, disruption of supply or shortage of materials, which could harm our business;
•Developments and projections relating to our competitors and industry;
•Issues arising from or related to the use of AI in our offerings, which may result in reputational harm or liability;
•Limitations on our use of data related to current customer contracts and the impact of healthcare regulations, which may slow or limit the growth of our data and analytics offerings;
•Current or future litigation against us could be costly and time-consuming to defend, and we could experience losses or liability not covered by insurance;
•Concentration of ownership among our existing executive officers, directors and their respective affiliates, which may prevent new investors from influencing significant corporate decisions;
•The lack of assurance that we will be able to comply with the continued listing standards of the NYSE;
•If we do not meet the expectations of investors, stockholders or securities analysts, the market price of our securities may decline;
•The divestiture of our Innovations Group business and related assets presents risks and challenges that could negatively impact our business, financial condition and results of operations, and there is no assurance that we will realize any of the anticipated benefits of the divestiture consistent with our expectations;
•Our significant increased expenses and administrative burdens as a public company, which could have an adverse effect on our business, financial condition and results of operations;
•Our ability to generate the amount of cash needed to pay interest and principal on our indebtedness and our ability to refinance all or a portion of our indebtedness or obtain additional financing depends on many factors beyond our control;
•We may be required to take write-downs or write-offs, restructuring and impairment or other charges that could have a significant negative effect on our financial condition, results of operations and stock price, which could cause you to lose some or all of your investment;
•We are exposed to data and cybersecurity risks that could result in data breaches, service interruptions, ransomware and demands, harm to our reputation, protracted and costly litigation or significant liability; and
•If we fail to maintain properly the integrity or availability of our data or successfully consolidate, integrate, upgrade or expand our existing information systems, or if our technology products do not operate as intended, our business could be materially and adversely affected.
Risks Relating to UpHealth’s Business and Industry
Our business is susceptible to a multitude of risks, any of which could impact our revenues. These risk factors are discussed more fully below in the section below. These risk factors are not exhaustive. Material risks that may affect our business, operating results and financial condition include, but are not necessarily limited to, the following:
Our business, results of operations and financial condition may fluctuate on a quarterly and annual basis, which may result in a decline in our stock price if such fluctuations result in a failure to meet any projections that we may provide or the expectations of securities analysts or investors.
The operating results of our business segments have in the past varied, and our operating results in the future could vary, significantly from quarter-to-quarter and year-to-year. Furthermore, as a result of ongoing disputes with the board of our Indian subsidiary, Glocal as described above, as of July 1, 2022, we are not including the operating results of Glocal in our consolidated financial statements. We may fail to match past performance, our projections or the expectations of securities analysts because of a variety of factors, many of which are outside of our control. As a result, we may not be able to accurately forecast our operating results and growth rate. Any of these events could cause the market price of our common stock to fluctuate. Factors that may contribute to the variability of our operating results include:
•the addition or loss of large customers, including through acquisitions or consolidations of such customers;
•seasonal and other variations in the timing of our sales and implementation cycles, especially in the case of our large customers;
•travel restrictions, shelter in place orders and other social distancing measures implemented by public health officials, and the impact of such measures on economic, industry and market conditions, customer spending budgets and our ability to conduct business;
•the timing of recognition of revenue, including possible delays in the recognition of revenue due to unpredictable implementation timelines;
•the timing and success of introductions of new products and services by us or our competitors or any other change in the competitive dynamics of our industry, including consolidation among competitors, hospital and healthcare system customers or strategic partners;
•the amount of operating expenses and timing related to the maintenance and expansion of our business, operations and infrastructure;
•our ability to effectively manage the size and composition of our proprietary network of healthcare professionals relative to the level of demand for services from our customers;
•customer renewal rates and the timing and terms of such renewals;
•technical difficulties or interruptions in our services;
•breaches of information security or privacy;
•our ability to hire and retain qualified personnel;
•changes in the structure of healthcare provider and payment systems;
•changes in the legislative or regulatory environment, including with respect to healthcare, privacy or data protection, or enforcement by government regulators, including fines, orders or consent decrees;
•the cost and potential outcomes of ongoing or future regulatory investigations or examinations, or of future litigation;
•political, economic and social instability, including recessions, inflation, interest rates, fuel prices, international currency fluctuations, acts of war (such as the recent Russian invasion of Ukraine), terrorist activities and health epidemics (including the COVID-19 pandemic), and any disruption these events may cause to the global economy; and
•changes in business or macroeconomic conditions.
The impact of one or more of the foregoing and other factors may cause our operating results to vary significantly. As such, we believe that quarter-to-quarter and year-to-year comparisons of our operating results may not be meaningful and should not be relied upon as an indication of future performance.
The level of demand for and market utilization of our solutions are subject to a high degree of uncertainty.
With respect to our digital health services, the market for digital health services and related technology is in the early stages of development and characterized by rapid change and volatility. As digital health specialty consultation workflows and related business drivers continue to evolve, the level of demand for and market utilization of our digital health services and platform remain subject to a high degree of uncertainty. Our success will depend to a substantial extent on the willingness of our customers to use, and to increase the frequency and extent of their utilization of, our products and services and our ability to demonstrate the value of digital health to employers, health plans, government agencies and other purchasers of healthcare for beneficiaries in our key digital health markets. If healthcare provider and payor organizations and government agencies and health ministries do not recognize or acknowledge the benefits of our digital health services or software platform or if we are unable to reduce healthcare costs or generate positive health outcomes, then the market for our solutions might not further develop, or it might develop more slowly than we expect. Similarly, negative publicity regarding patient confidentiality and privacy in the context of technology-enabled healthcare or concerns about our solutions or the digital health market as a whole could limit market acceptance of our solutions. If our customers do not perceive the benefits of our solutions, then our market may not develop at all, or it may develop more slowly than we expect. Achieving and maintaining market acceptance of our solutions could be negatively affected by many factors, including:
•the popularity, pricing and timing of digital health consultation services being launched and distributed by us and our competitors;
•general economic conditions, particularly economic conditions adversely affecting discretionary and reimbursable healthcare spending;
•federal and state policy initiatives impacting the need for and pricing of digital health services;
•changes in customer needs and preferences;
•the development of specialty care practice standards or industry norms applicable to digital health consultation services;
•the availability of other forms of medical and digital health assistance;
•lack of additional evidence or peer-reviewed publication of clinical evidence supporting the safety, ease-of-use, cost-savings or other perceived benefits of our solutions over competitive products or other currently available methodologies;
•perceived risks associated with the use of our solutions or similar products or technologies generally; and
•critical reviews and public tastes and preferences, all of which change rapidly and cannot be predicted.
In addition, our solutions may be perceived by our customers or potential customers to be more complicated or less effective than traditional approaches, and they may be unwilling to change their current healthcare practices. Healthcare providers are often slow to change their medical treatment practices for a variety of reasons, including perceived liability risks arising from the use of new products and services and the uncertainty of third-party reimbursement. Accordingly, healthcare providers may not recommend our solutions until there is sufficient evidence to convince them to alter their current approach. Any of these factors could adversely affect the demand for and market utilization of our solutions, which would have a material adverse effect on our business, financial condition and results of operations.
If our existing customers do not continue or renew their contracts with us, renew at lower fee levels, or decline to purchase additional applications and services from us, it could have a material adverse effect on our business, financial condition and results of operations.
We expect to derive a significant portion of our revenues from the renewal of existing customer contracts and sales of additional applications and services to existing customers. As part of our growth strategy, we have focused on expanding the services we provide to current customers. As a result, selling additional applications and services is critical to our future business, revenue growth and results of operations.
Factors that may affect our ability to sell additional applications and services include, but are not limited to, the following:
•the price, performance and functionality of our solutions;
•the availability, price, performance and functionality of competing solutions;
•our ability to develop and sell complementary applications and services;
•the stability, performance and security of our products and solutions;
•changes in healthcare laws, regulations or trends; and
•the business environment of our customers.
We generally enter into subscription access contracts with our customers. Most of our customers have no obligation to renew their subscriptions for our solutions after the initial term expires. In addition, our customers may negotiate terms less advantageous to us upon renewal, which may reduce our revenue from these customers. If our customers fail to renew their contracts, renew their contracts upon less favorable terms or at lower fee levels, or fail to purchase new products and services from us, our revenue may decline, or our future revenue growth may be constrained.
Failure to successfully execute on the terms of our contracts could result in significant harm to our business.
A key aspect to our success is our ability to scale our capabilities to implement our solutions satisfactorily with respect to large customers, which currently constitute the substantial majority of our customer base within the Integrated Care Management business segment. Large customers often require specific features or functions unique to their membership base, which, at a time when we are implementing cost cutting measures and launching new products to achieve significant growth, may strain our implementation capacity and hinder our ability to successfully implement our solutions to our customers in a timely manner. We may also need to make further investments in our technology and automate portions of our solutions or services to decrease our costs. If we are unable to address the needs of our customers, or our customers are unsatisfied with the quality of our solutions or services, they may not renew their contracts, or may seek to cancel or terminate their relationship with us or renew on less favorable terms, any of which could negatively impact our revenues.
Additionally, we do not control our customers’ implementation schedules. As a result, if our customers do not allocate the internal resources necessary to meet their implementation responsibilities or if we face unanticipated implementation difficulties, the implementation may be delayed. If the customer implementation process is not executed successfully or if execution is delayed, we could incur significant costs, customers could become dissatisfied and decide not to increase utilization of our solution or not to implement our solution beyond an initial period prior to their term commitment or, in certain cases, revenue recognition could be delayed. In addition, competitors with more efficient operating models with lower implementation costs could jeopardize our customer relationships.
In addition, certain of our contracts are increasing in complexity, requiring integration of data, systems, people, programs and services, the execution of sophisticated business activities, and the delivery of a broad array of services to large numbers of people who may be geographically dispersed. The failure to successfully manage and execute the terms of these agreements could result in the loss of fees and/or contracts and could adversely affect our business and results of operations.
If our applications and services are not adopted by our customers, or if we fail to innovate and develop new applications and services that are adopted by our customers, our revenue and results of operations will be adversely affected.
Our longer-term results of operations and continued growth will depend in part on our ability to successfully develop and market new applications and services that our customers want and are willing to purchase. In addition, we have invested, and will continue to invest, significant resources in research and development and partnering with AI partner solutions to enhance our existing solutions and introduce new high-quality applications and services. If existing customers are not willing to make additional payments for such new applications, or if new customers do not value such new applications, it could have a material adverse effect on our business, financial condition, and results of operations. If we are unable to predict user preferences or if our industry changes, or if we are unable to modify our solutions and services on a timely basis, we may lose customers. Our results of operations will also suffer if our innovations are not responsive to the needs of our customers and members, appropriately timed with market opportunity, or effectively brought to market.
Rapid technological change in our industry and the interoperability with third-party technologies presents us with significant risks and challenges.
Our success will depend on our ability to enhance our solutions with next-generation technologies and to develop or to acquire and market new services to access new consumer populations. As our operations grow, we must continuously improve and upgrade our systems and infrastructure while maintaining or improving the reliability and integrity of our infrastructure as the cost of technology increases. Our future success also depends on our ability to adapt our systems and infrastructure to meet rapidly evolving consumer trends and demands while continuing to improve the performance, features, and reliability of our solutions in response to competitive services and offerings. There is no guarantee that we will possess the resources, either financial or personnel, for the research, design and development of new applications or services, or that we will be able to utilize these resources successfully and avoid technological or market obsolescence. Further, there can be no assurance that technological advances by one or more of our competitors or future competitors will not result in our present or future applications and services becoming uncompetitive or obsolete. If we are unable to enhance our offerings to keep pace with rapid technological and regulatory change, or if new technologies emerge that are able to deliver competitive offerings at lower
prices, more efficiently, more conveniently, or more securely than our offerings, our business, financial condition and results of operations could be adversely affected.
If we fail to manage our growth effectively, our expenses could increase more than expected, our revenues may not increase and we may be unable to successfully execute on our growth initiatives, business strategies or operating plans.
We are continually executing a number of growth initiatives, strategies and operating plans designed to enhance our business, including the introduction of new products and solutions, such as AI driven telehealth infrastructure and data analytics. The anticipated benefits from these efforts are based on several assumptions that may prove to be inaccurate. At the same time that we are initiating these growth plans, we have also implemented cost cutting measures to conserve cash reserves. There is a natural struggle between cutting costs and growth, which puts strain on our business, operations and employees. Moreover, we may not be able to successfully complete these growth initiatives, strategies and operating plans and realize all the benefits, including growth targets and cost savings, that we expect to achieve, or it may be more costly to do so than we anticipate. A variety of risks could cause us not to realize some or all the expected benefits. These risks include, among others, delays in the anticipated timing of activities related to such growth initiatives, strategies and operating plans, and increased difficulty and cost in implementing these efforts, including difficulties in complying with new regulatory requirements. Our strategic plans around the use of data and data analytics may suffer setbacks if existing and potential customers refuse to renegotiate contractual limitations on use of data. As a result, we cannot assure you that we will realize these benefits. If, for any reason, the benefits we realize are less than our estimates or the implementation of these growth initiatives, strategies and operating plans adversely affect our operations or cost more or take longer to effectuate than we expect, or if our assumptions prove inaccurate, our business, financial condition and results of operations may be materially adversely affected
While we anticipate that our operations will continue to expand, to manage our current and anticipated future growth effectively, we must continue to maintain and enhance our information technology infrastructure, financial and accounting systems and controls. We must also attract, train and retain a significant number of qualified sales and marketing personnel, customer support personnel, professional services personnel, software engineers, technical personnel, finance and accounting personnel and management personnel, and the availability of such personnel, in particular software engineers, may be constrained.
Failure to effectively manage our growth could also lead us to overinvest or underinvest in development and operations, result in weaknesses in our infrastructure, systems, or controls, give rise to operational mistakes, financial losses, loss of productivity or business opportunities and result in loss of employees and reduced productivity of remaining employees. Our growth is expected to require significant capital expenditures and may divert financial resources from other projects such as the development of new applications and services. If our management is unable to effectively manage our growth, our expenses may increase more than expected, our revenue may not increase or may grow more slowly than expected, and we may be unable to implement our business strategy. The quality of our services may also suffer, which could negatively affect our reputation and harm our ability to attract and retain customers.
Our sales and implementation cycle can be long and unpredictable and requires considerable time and expense, which may cause our results of operations to fluctuate.
The sales cycle for our solutions within the Integrated Care Management business segment from initial contact with a potential lead to contract execution and implementation varies widely by customer and solution, ranging from several days to approximately 24 months. Business interruptions caused by current economic conditions have and may continue to delay or lengthen some of our customers’ sales cycles. Some of our customers undertake a significant and prolonged evaluation process, including to determine whether our services meet their unique healthcare needs, which frequently involves evaluation of not only our solutions but also an evaluation of those of our competitors, which has in the past resulted in extended sales cycles. Our sales efforts involve educating our customers about the use, technical capabilities and potential benefits of our solutions. During the sales cycle, we expend significant time and money on sales and marketing activities, which lowers our operating margins, particularly if no sale occurs. It is possible that in the future we may experience even longer sales cycles, more complex customer needs higher upfront sales costs and less predictability in completing some of our sales as we continue to expand into new territories, and market additional applications and services. If our sales cycle lengthens or our substantial upfront sales and implementation investments do not result in sufficient sales to justify our investments, it could have a material adverse effect on our business, financial condition, and results of operations.
Natural or man-made disasters and other similar events may significantly disrupt our business and negatively impact our business, financial condition, and results of operations.
We may be harmed or rendered inoperable by natural or man-made disasters, including earthquakes, power outages, fires, floods, nuclear disasters, health epidemics (including the COVID-19 pandemic), war (including the conflict in Ukraine), and acts of terrorism or other criminal activities, which may render it difficult or impossible to operate our business for some period
of time. Acts of terrorism, including malicious internet-based activity, could cause disruptions to the internet or the economy as a whole. Even with our disaster recovery arrangements, access to our platform could be interrupted. If our systems were to fail or be negatively impacted as a result of a natural disaster or other event, our ability to deliver our platform and solution to our customers would be impaired or we could lose critical data. Although we maintain insurance to address such risks, such insurance may not be sufficient to compensate for losses that may occur. If we are unable to develop adequate plans to ensure that our business functions continue to operate during and after a disaster, and successfully execute on those plans in the event of a disaster or emergency, any such losses or damages could have a material adverse effect on our business, financial condition and results of operations and harm our reputation. In addition, our customers’ facilities may be harmed or rendered inoperable by such natural or man-made disasters, which may cause disruptions, difficulties or material adverse effects on our business.
We depend upon third-party service providers for important functions of our solutions. Software, network applications and data, as well as the core video and audio system integral to our business, are hosted on third-party sites. These facilities may be vulnerable to damage or interruption from earthquakes, hurricanes, floods, fires, cyber security attacks, terrorist attacks, power losses, telecommunications failures, COVID-19 pandemic-related business disruptions and similar events. The occurrence of a natural disaster or an act of terrorism, a decision to close the facilities without adequate notice or other unanticipated problems could result in lengthy interruptions in our ability to provide our services. The facilities also could be subject to break-ins, computer viruses, sabotage, intentional acts of vandalism and other misconduct. Redundancies and backup systems are in place to prevent operational disruptions and data loss, but if these technologies fail or are of poor quality, our business, reputation and results of operations could be materially adversely affected. Failures or disruption in the delivery of digital health services could result in customer dissatisfaction, disrupt our operations and materially adversely affect operating results. Additionally, we have significantly less control over the technologies third parties provide to us than if we maintained and operated them ourselves. In some cases, functions necessary to some of our solutions may be performed by these third-party technologies. If we need to find an alternative source for performing these functions, we may have to expend significant money, resources and time to develop the alternative, and if this development is not accomplished in a timely manner and without significant disruption to our business, we may be unable to fulfill our obligations to customers. Any errors, failures, interruptions or delays experienced in connection with these third-party technologies and information services or our own systems could negatively impact our relationships with customers and adversely affect our business and could expose us to third-party liabilities.
We are subject to risks associated with public health crises arising from large-scale medical emergencies, pandemics, natural disasters and other extreme events, which have and could have an adverse effect on our business, results of operations, financial condition and financial performance.
Large-scale medical emergencies, pandemics (such as COVID-19) and other extreme events could result in public health crises or otherwise have a material adverse effect on our business operations, cash flows, financial conditions and results of operations. For example, disruptions in public and private infrastructure resulting from such events could increase our operating costs and ability to provide services to our customers and customers. Additionally, as a result of these events, the premiums and fees we charge may not be sufficient to cover our medical and administrative costs, deferred medical care could be sought in future periods at potentially higher acuity levels, we could experience reduced demand for our services, our clinical and nonclinical workforce could be impacted resulting in reduced capacity to handle demand for care or otherwise impact our business operations. For example, COVID-19 has materially impacted our results of operations in previous periods. Public health crises arising from natural disasters, such as wildfires, hurricanes, and snowstorms, or effects of climate change could impact our business operations and result in increased medical care costs. Government enaction of emergency powers in response to public health crises could disrupt our business operations, including by restricting pharmaceuticals or other supplies, and could increase the risk of shortages of necessary items.
Unstable market and economic conditions may have serious adverse consequences on our business, financial condition and stock price.
As widely reported, global credit and financial markets have experienced extreme volatility and disruptions over the past several months, including declines in consumer confidence, concerns about declines in economic growth, increases in the rate of inflation, increases in borrowing rates and changes in liquidity and credit availability, and uncertainty about economic stability, including most recently in connection with actions undertaken by the U.S. Federal Reserve Board to address inflation, the failure of banks, the military conflict in Ukraine, the continuing effects of the COVID-19 pandemic and supply chain disruptions. There can be no assurance that further deterioration in credit and financial markets and confidence in economic conditions will not occur. Our general business strategy may be adversely affected by any such economic downturn, volatile business environment or continued unpredictable and unstable market conditions. Our business could also be impacted by volatility caused by geopolitical events, such as the conflict in Ukraine. A significant downturn in the economic activity attributable to any particular industry may cause organizations to react by reducing their capital and operating expenditures in general or by specifically reducing their spending on healthcare matters. In addition, our customers may delay or cancel healthcare projects or seek to lower their costs by renegotiating vendor contracts. Such delays or reductions in general healthcare spending may disproportionately affect our revenue. In addition, if the current equity and credit markets deteriorate,
or do not improve, it may make any necessary debt or equity financing more difficult, more costly, and more dilutive. Furthermore, our stock price may decline due in part to the volatility of the stock market and the general economic downturn.
Failure to secure any necessary financing in a timely manner and on favorable terms could have a material adverse effect on our growth strategy, financial performance and stock price and could require us to delay or scale back on our growth plans. We cannot predict the timing, strength, or duration of any economic slowdown or any subsequent recovery generally, of any industry in particular. If the conditions in the general economy and the markets in which we operate worsen from present levels, our business, financial condition, and results of operations could be materially adversely affected.
In order to support the growth of our business, we may need to seek capital through new equity or debt financings, and such sources of additional capital may not be available to us on acceptable terms or at all.
We intend to continue to make significant investments to support our business growth, respond to business challenges or opportunities, develop new applications and services, enhance our existing solutions and services, enhance our operating infrastructure and potentially acquire complementary businesses and technologies. For the years ended December 31, 2022 and 2021, for all acquired or to be acquired subsidiaries, aggregate net cash used in operating activities was $22.4 million and $62.8 million, respectively.
Our future capital requirements may be significantly different from our current estimates and will depend on many factors, including our growth rate, both organically and through acquisitions, the timing and extent of spending to support development efforts, the expansion of sales and marketing activities, the introduction of new or enhanced services and the continuing market acceptance of digital health. Accordingly, we may need to engage in additional equity or debt financings or collaborative arrangements to secure additional funds. If we raise additional funds through further issuances of equity or convertible debt securities, our existing stockholders could suffer significant dilution, and any new equity securities we issue could have rights, preferences and privileges superior to those of holders of our common stock. Any debt financing secured by us in the future could involve additional restrictive covenants relating to our capital-raising activities and other financial and operational matters, which may make it more difficult for us to obtain additional capital and to pursue business opportunities, including potential acquisitions. In addition, during times of economic instability, it has been difficult for many companies to obtain financing in the public markets or to obtain debt financing, and we may not be able to obtain additional financing on commercially reasonable terms, if at all. If we are unable to obtain adequate financing on terms satisfactory to us, it could have a material adverse effect on our business, financial condition and results of operations.
We may enter into collaborations, joint ventures, strategic alliances or partnerships with third parties that may not result in the development of commercially viable solutions or the generation of significant future revenues.
In the ordinary course of our business, we may enter into collaborations, joint ventures, strategic alliances, partnerships or other arrangements to develop products and to pursue new markets. Proposing, negotiating and implementing collaborations, joint ventures, strategic alliances or partnerships may be a lengthy and complex process. Other companies, including those with substantially greater financial, marketing, sales, technology or other business resources, may compete with us for these opportunities or arrangements. We may not identify, secure, or complete any such transactions or arrangements in a timely manner, on a cost-effective basis, on acceptable terms or at all. We may not realize the anticipated benefits of any such transaction or arrangement. In particular, these collaborations may not result in the development of products that achieve commercial success or result in significant revenues and could be terminated prior to developing any products. Additionally, we may not own, or may jointly own with a third party, the intellectual property rights in products and other works developed under our collaborations, joint ventures, strategic alliances or partnerships.
Additionally, we may not be in a position to exercise sole decision-making authority regarding the transaction or arrangement, which could create the potential risk of creating impasses on decisions, and our future collaborators may have economic or business interests or goals that are, or that may become, inconsistent with our business interests or goals. It is possible that conflicts may arise with our collaborators, such as conflicts concerning the achievement of performance milestones, or the interpretation of significant terms under any agreement, such as those related to financial obligations or the ownership or control of intellectual property developed during the collaboration. If any conflicts arise with any future collaborators, they may act in their self-interest, which may be adverse to our best interest, and they may breach their obligations to us. In addition, we may have limited control over the amount and timing of resources that any future collaborators devote to our or their future products. Disputes between us and our collaborators may result in litigation or arbitration which would increase our expenses and divert the attention of our management. Further, these transactions and arrangements will be contractual in nature and will generally be terminable under the terms of the applicable agreements and, in such event, we may not continue to have rights to the products relating to such transaction or arrangement or may need to purchase such rights at a premium.
We operate in highly competitive markets and face competition from large, well-established healthcare providers with significant resources, and, as a result, we may not be able to compete effectively. If we are unable to compete effectively, we will not be able to establish our products and services in the marketplace, and as a result, our business may not be profitable.
The markets for digital and traditional healthcare are intensely competitive, subject to rapid change and significantly affected by new product and technological introductions and other market activities of industry participants. We compete directly not only with behavioral health facilities, integrated care management systems solutions, language access systems and telehealth technologies, but also companies providing electronic health record (“EHR”) / health information exchange (“HIE”) services, and data analytics and interoperability. The surge in interest in digital health, and in particular the relaxation of HIPAA privacy and security requirements, has also attracted new competition from providers who utilize consumer-grade video conferencing platforms. Many of our current and potential competitors may have greater name and brand recognition, longer operating histories and significantly greater resources than we do and may be able to offer products and services similar to those offered on our platform at more attractive prices than we can. We expect competition to intensify in the future as existing competitors and new entrants introduce new digital health services and software platforms or other technology to U.S. healthcare providers, particularly hospitals and healthcare systems. Further, our current or potential competitors may be acquired by third parties with greater available resources, which has recently occurred in our industry. As a result, our competitors may be able to respond more quickly and effectively than we can to new or changing opportunities, technologies, standards or customer requirements and may have the ability to initiate or withstand substantial price competition. In addition, our competitors have established, and may in the future establish, cooperative relationships with vendors of complementary products, technologies or services to increase the availability of their solutions in the marketplace.
New competitors or alliances may emerge that have greater market share, a larger customer base, more widely adopted proprietary technologies, greater marketing expertise and greater financial resources, which could put us at a competitive disadvantage. Our competitors could also be better positioned to serve certain segments of our current or future markets, which could create additional price pressure. In light of these factors, even if our offerings are more effective than those of our competitors, current or potential customers may accept competitive solutions in lieu of purchasing from us.
To the extent our solutions are perceived by customers and potential customers to be discretionary or otherwise non-essential, our revenues may be disproportionately affected by delays or reductions in general information technology and digital health spending. Moreover, competitors may respond to market conditions by lowering prices and attempting to lure away our customers and/or our customers may develop their own in-house solutions. In addition, the increased pace of consolidation in the healthcare industry may result in reduced overall spending on our solutions.
If we are unable to successfully compete with existing and potential new competitors, we will not be able to establish our products and services in the marketplace, and as a result, our business may not be profitable. Further, our business, financial condition and results of operations will be adversely affected.
We depend on our senior management team, and the loss of one or more of our executive officers or key employees could adversely affect our business.
Our success depends largely upon the continued services of our key executive officers. Currently these executive officers are at-will employees and therefore they may terminate employment with us at any time with no advance notice. We also rely on our leadership team in the areas of research and development, marketing, services and general and administrative functions. From time to time, there may be changes in our executive management team resulting from the hiring or departure of executives, which could disrupt our business. The replacement of one or more of our executive officers or other key employees would likely involve significant time and costs and may significantly delay or prevent the achievement of our business objectives, and our business would be adversely affected if we fail to adequately plan for succession of our executives and senior management. Further, our executive officers have negotiated severance clauses which if triggered could put strain on the Company’s cash and equity reserves. Our failure to retain and motivate our current personnel could have a material adverse effect on our business, financial condition and results of operations.
We are dependent on our ability to recruit, retain and develop a large, highly skilled and diverse workforce. We must evolve our culture in order to successfully grow our business.
To continue to execute our growth strategy, we must attract and retain highly skilled personnel. Competition is intense for qualified professionals. We may not be successful in continuing to attract and retain qualified personnel. Our subsidiary companies have from time to time in the past experienced, and we expect to continue to experience in the future, difficulty in hiring and retaining highly skilled personnel with appropriate qualifications. The pool of qualified personnel with experience working in the healthcare market is limited overall. In addition, many of the companies with which we compete for experienced personnel have greater resources than us.
In addition, in making employment decisions, particularly in high-technology industries, job candidates often consider the value of the stock options or other equity-based awards they are to receive in connection with their employment. Volatility in the price of our stock may, therefore, adversely affect our ability to attract or retain highly skilled personnel. Further, the requirement to expense stock options and other equity-based compensation may discourage us from granting the size or type of stock option or equity awards that job candidates require to join our company. Failure to attract new personnel could have a material adverse effect on our business, financial condition and results of operations.
If we fail to cost-effectively develop widespread brand awareness, our business may suffer.
We believe that developing and maintaining widespread awareness of our brand in a cost-effective manner is critical to achieving widespread adoption of our products and services and attracting new customers. Our brand promotion activities may not generate customer awareness or increase revenue, and even if they do, any increase in revenue may not offset the expenses we incur in building our brand. If we fail to successfully promote and maintain our brand, or incur substantial expenses in doing so, we may fail to attract or retain customers necessary to realize a sufficient return on our brand-building efforts or to achieve the widespread brand awareness that is critical for broad customer adoption.
Our ability to generate the amount of cash needed to support our debt obligations depends on many factors beyond our control.
Our ability to make scheduled payments on, or to refinance our obligations under, our indebtedness depends on our financial and operating performance, including our ability to grow revenue, and prevailing economic and competitive conditions. Certain of these financial and business factors, many of which may be beyond our control, are described above.
If our cash flows and capital resources are insufficient to fund our debt service obligations, we may be forced to reduce or delay capital expenditures, sell assets, raise additional equity capital, or restructure our debt. However, there is no assurance that such alternative measures may be successful or permitted under the agreements governing our indebtedness and, as a result, we may not be able to meet our scheduled debt service obligations. Even if successful, actions taken to improve short-term liquidity to meet our debt service and other obligations could harm our long-term business prospects, financial condition, and results of operations.
If we are unable to generate sufficient revenue to support our debt obligations, we cannot guarantee that we will be able to refinance our indebtedness or obtain additional financing on satisfactory terms or at all, including due to existing guarantees on our assets or our level of indebtedness and the debt incurrence restrictions imposed by the agreements governing our indebtedness. Further, the cost and availability of credit are subject to changes in the economic and business environment. If conditions in major credit markets deteriorate, our ability to refinance our indebtedness or obtain additional financing on satisfactory terms, or at all, may be negatively affected.
Our debt agreements contain restrictions that may limit our flexibility in operating our business, and any default on our secured credit facility could result in foreclosure by our secured noteholders on our assets.
Our Indenture governing our 2025 Notes, Security Agreement and related documents contain, and instruments governing any future indebtedness of ours would likely contain, a number of covenants that will impose significant operating and financial restrictions on us, including restrictions on our ability to, among other things:
•create liens on certain assets;
•incur additional debt or issue new equity;
•consolidate, merge, sell or otherwise dispose of all or substantially all of our assets; and
•sell certain assets.
Any of these restrictions could limit our ability to plan for or react to market conditions and could otherwise restrict corporate activities. Any failure to comply with these covenants could result in a default under our secured credit facility or instruments governing any future indebtedness of ours. Additionally, our credit facility for the 2025 Notes is secured by substantially all of our assets and those of our domestic subsidiaries. Upon a default, unless waived, the lenders under our secured credit facility could elect to terminate their commitments, cease making further loans, foreclose on our assets pledged to such lenders to secure our obligations under our Security Agreement and force us into bankruptcy or liquidation. In addition, a default under our secured credit facility could trigger a cross default under agreements governing any future indebtedness as well as the Indenture governing our 2026 Notes. Our results of operations may not be sufficient to service our indebtedness and to fund our other expenditures, and we may not be able to obtain financing to meet these requirements. If we experience a default under our secured credit facility, our unsecured credit facility or instruments governing our future indebtedness, our business, financial condition, and results of operations may be adversely impacted.
In addition, the 2025 Notes mature on December 15, 2025. There are no assurances that that we will have sufficient funds available to satisfy the 2025 Notes at maturity, or that the holders will elect to convert the 2025 Notes into shares of our common stock prior to or at the time of maturity.
As of December 31, 2022, we were in compliance with all covenants and restrictions associated with our debt agreements.
The divestiture of our Innovations Group business and related assets presents risks and challenges that could negatively impact our business, financial condition and results of operations. There is no assurance that we will realize any of the anticipated benefits of the divestiture consistent with our expectations.
In 2022, we transformed our business strategy to focus on fewer investments for growth, which led to the decision in 2023 to divest the Innovations Group business and related assets in a transaction pursuant to the Stock Purchase Agreement. The transactions contemplated under the Stock Purchase Agreement are expected to close in the second quarter of 2023, subject to the completion of required regulatory filings. The divestiture of the Innovations Group business presents ongoing risks and challenges that could negatively impact our business, financial condition and the results of operations. For example, the conditions to the consummation of the transactions contemplated under the Stock Purchase Agreement may fail to be satisfied, including the completion of required regulatory filings, in a timely manner, or at all. If this were to occur, we could be unable to consummate the pending transactions under the Stock Purchase Agreement pertaining to the Innovations Group assets remaining to be sold, or otherwise complete the divestiture in a manner consistent with our expectations. In addition, the divestiture of the Innovations Group business has and will continue to present risks relating to the availability and use of proceeds that we have and expect to realize as a result of the divestiture of the Innovations Group business, including as a result of the instruments governing our existing debt facilities, including our Indenture governing our 2025 Notes. We may also encounter challenges relating to the separation of operations, products, services or personnel, and as a result of any future liabilities we may retain after completing the divestiture of the Innovations Group business. Any difficulties that we face in connection with completing the divestiture of the Innovations Group business may result in management’s attention being diverted from our continuing business operations. The occurrence of any of the foregoing could result in significant harm to our business and financial conditions, and our results of operations could be materially adversely affected as a result.
We expect to incur significant costs as we continue to operate as a public company.
We expect the rules and regulations applicable to us as a public company to substantially increase our corporate budget, legal and financial compliance costs and to make some activities more time-consuming and costly. The increased costs will decrease our net income or increase our net loss, and may require us to reduce costs in other areas of our business, including our subsidiaries. For example, our status as a public company makes it more difficult and more expensive for us to obtain director and officer liability insurance and we may be required to incur substantial costs to maintain the level of coverage that we believe is appropriate for a public company. We cannot predict or estimate the amount or timing of additional costs we may incur to respond to these requirements. The impact of these requirements could also make it more difficult for us to attract and retain qualified persons to serve on our board of directors, our board committees or as executive officers.
Additionally, there continues to be public interest and increased legislative pressure related to environmental, social and governance, or ESG, activities of public companies. For example, there is a growing number of states requiring organizations to report their board composition as well or mandating gender diversity and representation from underrepresented communities, including New York and California. We risk negative stockholder reaction, including from proxy advisory services, as well as damage to our brand and reputation, if we do not act responsibly in a number of key areas, including diversity and inclusion, environmental stewardship, support for local communities, corporate governance and transparency and considering ESG and human capital factors in our operations.
Current or future litigation against us could be costly and time-consuming to defend, and we could experience losses or liability not covered by insurance.
Last year, we were subject to litigation pertaining to control of the Board of Directors and control of our Indian subsidiary, Glocal. Although the former was resolved favorably, the latter is continuing and challenging our ability to exercise control over Glocal as a supermajority shareholder and as contemplated by the Share Purchase Agreement signed with Glocal.
We may become subject to shareholder class action suits or other large legal proceedings and claims that arise in the ordinary course of business. Regardless of outcome, such proceedings may result in substantial costs and may divert management’s attention and resources or decrease market acceptance of our solutions, which may substantially harm our business, financial condition and results of operations.
We attempt to limit our liability to customers by contract; however, the limitations of liability set forth in the contracts may not be enforceable or may not otherwise protect us from liability for damages. Additionally, we may be subject to claims that are not explicitly covered by contract. Insurance may not cover claims against us, may not provide sufficient payments to cover all of the costs to resolve one or more such claims, and may not continue to be available on terms acceptable to us. In addition, the insurer might disclaim coverage as to any future claim. A successful claim not fully covered by our insurance could have a material adverse impact on our liquidity, financial condition and results of operations. A claim brought against us that is uninsured or underinsured could result in unanticipated costs, thereby reducing our earnings and leading analysts or potential investors to reduce their expectations of our performance, which could reduce the market price of our stock. In addition, any insurance coverage would not address the reputational damage that could result from any legal or regulatory proceedings or claims.
Where we provide clinical services, our business entails the risk of medical liability claims against both our providers and us and, while we carry professional liability insurance, this coverage may not be sufficient to cover all of the costs to resolve one or more such claims, depending on the nature of the claim. Any claims made against us that are not fully covered by insurance could be costly to defend against, result in substantial damage awards against us, and divert the attention of our management and our operations, which could have a material adverse effect on our business, financial condition, and results of operations. In addition, any claims may adversely affect our reputation.
We qualify as an emerging growth company as defined under the JOBS Act as well as a smaller reporting company within the meaning of the Securities Act, and if we take advantage of certain exemptions from disclosure requirements available to emerging growth companies or smaller reporting companies, this could make our securities less attractive to investors and may make it more difficult to compare our performance with other public companies.
We qualify as an “emerging growth company” within the meaning of the Securities Act, as modified by the Jumpstart Our Business Startups Act of 2012 (the “JOBS Act”), and may take advantage of certain exemptions from various reporting requirements that are applicable to other public companies that are not emerging growth companies for as long as we continue to be an emerging growth company, including, but not limited to, not being required to comply with the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act of 2002 (the “Sarbanes-Oxley Act”), reduced disclosure obligations regarding executive compensation in our periodic reports and proxy statements, and exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved. As a result, our stockholders may not have access to certain information they may deem important. We will remain an emerging growth company until the earliest of (i) the last day of the fiscal year in which the market value of our common stock that is held by non-affiliates exceeds $700.0 million as of the end of that year’s second fiscal quarter, (ii) the last day of the fiscal year in which we have total annual gross revenues of $1.07 billion or more during such fiscal year (as indexed for inflation), (iii) the date on which we have issued more than $1.0 billion in non-convertible debt in the prior three-year period or (iv) the last day of the fiscal year following the fifth anniversary of our initial public offering (“IPO”). We cannot predict whether investors will find our securities less attractive because we will rely on these exemptions. If some investors find our securities less attractive as a result of our reliance on these exemptions, the trading prices of our securities may be lower than they otherwise would be, there may be a less active trading market for our securities and the trading prices of our securities may be more volatile.
In addition, Section 107 of the JOBS Act also provides that an emerging growth company can take advantage of the exemption from complying with new or revised accounting standards provided in Section 7(a)(2)(B) of the Securities Act as long as we are an emerging growth company. An emerging growth company can therefore delay the adoption of certain accounting standards until those standards would otherwise apply to private companies. We have not elected to opt out of such extended transition period and, therefore, we may not be subject to the same new or revised accounting standards as other public companies that are not emerging growth companies. This may make comparison of our financial statements with another public company which is not an emerging growth company or is an emerging growth company that has opted out of using the extended transition period difficult or impossible because of the potential differences in accountant standards used.
Additionally, we qualify as a “smaller reporting company” as defined in Item 10(f)(1) of Regulation S-K. Smaller reporting companies may take advantage of certain reduced disclosure obligations, including, among other things, providing only two years of audited financial statements. We will remain a smaller reporting company until the last day of the fiscal year in which (i) the market value of our common stock held by non-affiliates exceeds $250.0 million as of the end of that year’s second fiscal quarter, or (ii) our annual revenues exceeded $100.0 million during such completed fiscal year and the market value of our common stock held by non-affiliates exceeds $700.0 million as of the end of that year’s second fiscal quarter. To the extent we take advantage of such reduced disclosure obligations, it may also make comparison of our financial statements with other public companies difficult or impossible.
If we fail to maintain an effective system of disclosure controls and internal control over financial reporting, our ability to produce timely and accurate financial statements or comply with applicable regulations could be impaired, and the price of our common stock may be adversely affected.
As a publicly traded company following the consummation of the Business Combinations, we are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act and the rules and regulations of the applicable listing standards of the New York Stock Exchange (“NYSE”). We expect that the requirements of these rules and regulations will continue to increase our legal, accounting and financial compliance costs, make some activities more difficult, time-consuming and costly and place significant strain on our personnel, systems and resources. The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. We are continuing to develop and refine our disclosure controls and other procedures that are designed to ensure that information required to be disclosed by us in the reports that we will file with the SEC is recorded, processed, summarized and reported within the time periods specified in SEC rules and forms and that information required to be disclosed in reports under the Exchange Act is accumulated and communicated to our principal executive and financial officers.
As previously disclosed in our Annual Report on Form 10‑K for year ended December 31, 2021, our disclosure controls and procedures and internal controls over financial reporting were not effective as of December 31, 2021 due to certain material weaknesses described in Part II, Item 9A, Controls and Procedures, of this Annual Report. To address these material weaknesses that we identified as of December 31, 2021, we implemented measures designed to improve our internal controls over financial reporting during the year ended December 31, 2022. These measures included enhancing our internal and external technical accounting resources and engaging third party consultants for the formalization of our internal procedures, and implementing a new enterprise resource planning (“ERP”) system. As of December 31, 2022, all of the U.S. entities are live on the ERP system. We completed documentation and tests of design and tests of operational effectiveness of our entity-level controls, certain areas of our ITGCs, and controls over our business processes, and we remediated control gaps identified and performed tests of operating effectiveness on remediated items.
As a result of our remediation efforts, our management, under the supervision and with the participation of our CEO and our CFO and oversight of the Board of Directors, conducted an evaluation of the effectiveness of our internal controls over financial reporting as of December 31, 2022, based on the criteria set forth in Internal Control-Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (2013 framework). Based on this evaluation, our management concluded that as of December 31, 2022, we no longer have the material weaknesses in internal controls over financial reporting described above for entity-level controls and business process controls, which we previously identified existed as of December 31, 2021; however, our management also concluded that the previously identified material weakness in our ITGCs in the areas of user access, segregation of duties, and change management related to certain information technology systems that support our financial reporting process were not remediated as of December 31, 2022, and that the material weakness remains for these ITGCs. Further remediation of the non-remediated portions of the material weakness in our ITGCs is ongoing and our objective is to complete such remediation efforts by June 2023.
In order to maintain and improve the effectiveness of our disclosure controls and procedures and internal control over financial reporting, we have expended, and anticipate that we will continue to expend, significant resources, including accounting-related costs and significant management oversight. If any of these new or improved controls and systems do not perform as expected, we may experience additional material weaknesses in our controls. Our current controls and any new controls that we develop may become inadequate because of changes in conditions in our business. Further, additional weaknesses in our disclosure controls and internal control over financial reporting may be discovered in the future.
Any failure to develop or maintain effective controls or any difficulties encountered in their implementation or improvement could harm our results of operations or cause us to fail to meet our reporting obligations and may result in a restatement of our financial statements for prior periods. Any failure to implement and maintain effective internal control over financial reporting also could adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports regarding the effectiveness of internal control over financial reporting that we will eventually be required to include in our periodic reports that will be filed with the SEC. Ineffective disclosure controls and procedures and internal control over financial reporting could also cause investors to lose confidence in our reported financial and other information, which would likely have a negative effect on the trading price of our common stock. In addition, if we are unable to continue to meet these requirements, we may not be able to remain listed on the NYSE.
Changes in financial accounting standards may adversely affect our reported results of operations.
A change in accounting standards or practices could adversely affect our operating results and may even affect our reporting of transactions completed before the change is effective. New accounting pronouncements and varying interpretations of accounting pronouncements have occurred and may occur in the future. For example, in February 2016, the Financial Accounting Standards Board (“FASB”) issued Accounting Standards Update (“ASU”) No. 2016-02, Leases (Topic 842), and
subsequently issued several supplemental/clarifying ASUs. Among other things, under this ASU, lessees will be required to recognize, at commencement date, a lease liability representing the lessee’s obligation to make lease payments arising from the lease and a right-of-use asset representing the lessee’s right to use or control the use of a specified asset for the lease term for leases greater than 12 months. Topic 842 will be effective for UpHealth for annual periods beginning after December 15, 2021, and interim reporting periods within annual reporting periods beginning after December 15, 2022. Accordingly, we adopted Topic 842 for our annual reporting period beginning January 1, 2022, and interim reporting periods within the annual reporting period beginning January 1, 2023. Due to the adoption of this guidance, we recognized operating right-of-use assets and operating lease liabilities of $7.2 million and $8.2 million, respectively, as of the date of adoption. The difference between the right-of-use assets and lease liabilities on the accompanying consolidated balance sheet is primarily due to the impact of accrual for lease payments as a result of straight-line lease expense. We did not have any impact to opening retained earnings as a result of the adoption of the guidance. The adoption of this new guidance did not have a material impact on our results of operations and comprehensive (loss) income, cash flows, liquidity or our covenant compliance under its existing credit agreements. See Note 18, Leases, in the Notes to Consolidated Financial Statements for further information. These and other changes to existing rules or the questioning of current practices may adversely affect our operating results. In addition, any difficulties in implementing this new revenue standard could cause us to fail to meet our financial reporting obligations, which could result in regulatory discipline and harm investors’ confidence in us.
The estimates and assumptions on which our financial projections are based may prove to be inaccurate, which may cause our actual results to materially differ from such projections, and which may adversely affect our future profitability, cash flows and market price of our common stock.
UpHealth’s financial projections are dependent on certain estimates and assumptions related to, among other things, growth assumptions that are inherently subject to significant uncertainties and contingencies, as well as, among other things, matters related specifically to the recent operational performance and anticipated development of our business, and are subject to significant economic, competitive, industry and other uncertainties, and may not be achieved in full, at all, or within projected timeframes. The financial projections also reflect numerous assumptions with respect to general business, economic, market, regulatory and financial conditions and various other factors, all of which are difficult to predict and many of which are beyond our control. Furthermore, the financial projections do not take into account any circumstances or event occurring after the date they were prepared. The financial projections were not prepared with a view to public disclosure or complying with published guidelines of the SEC or the guidelines established by the American Institute of Certified Public Accountants for the preparation and presentation of prospective financial information. UpHealth’s independent auditor has not audited, reviewed, examined, compiled nor applied agreed-upon procedures with respect to the financial projections and, accordingly, does not express an opinion or any other form of assurance with respect thereto. The financial projections were based on historical experience and on various other estimates and assumptions that our management believed to be reasonable under the circumstances and at the time they were made. There will be differences between actual and projected financial results, and actual results may be materially greater or materially less than those contained in the financial projections, especially in light of the increased difficulty in making such estimates and assumptions as a result of the COVID-19 pandemic. Any material variation between our financial projections and our actual results may adversely affect our future profitability, cash flows and market price of our common stock.
Our executive officers, directors, principal stockholders and their affiliates will have the ability to exercise significant influence over our company and all matters submitted to stockholders for approval.
Our executive officers, directors and principal stockholders, together with their affiliates and related persons, beneficially own shares of common stock representing a significant percentage of our capital stock. As a result, if these stockholders were to choose to act together, they would be able to influence our management and affairs and the outcome of matters submitted to our stockholders for approval, including the election of directors and any sale, merger, consolidation, or sale of all or substantially all of our assets. This concentration of voting power could delay or prevent an acquisition of our company on terms that other stockholders may desire. In addition, this concentration of ownership might adversely affect the market price of our common stock by:
•delaying, deferring or preventing a change of control of us;
•impeding a merger, consolidation, takeover or other business combination involving us; or
•discouraging a potential acquirer from making a tender offer or otherwise attempting to obtain control of us.
Because we do not anticipate paying any cash dividends on our capital stock in the foreseeable future, capital appreciation, if any, will be the sole source of gain for our stockholders.
We have never declared or paid cash dividends on our capital stock. We currently intend to retain all of our future earnings, if any, to finance the growth and development of our business. In addition, the terms of any future debt agreements may continue
to preclude us from paying dividends. As a result, capital appreciation, if any, of our common stock will be the sole source of gain for our stockholders for the foreseeable future.
Risks Related to Government Regulation
Evolving government regulations may require increased costs or adversely affect our results of operations.
In a regulatory climate that is uncertain, our operations may be subject to scrutiny or reinterpretation under various laws and regulations. Healthcare is a highly regulated industry and subject to laws and regulations at the federal, state, and local level as well as evolving industry standards. Telehealth and other remote care delivery models, in particular, have experienced and will continue to experience frequently changing regulations that may differ substantially from jurisdiction to jurisdiction, including state by state. Compliance with current and future laws and regulations will likely require significant initial monetary and recurring expenses and could potentially require us to change our practices upon short notice, adding to the potential costs of compliance. These additional monetary expenditures may increase future overhead, which could have a material adverse effect on our results of operations.
We have identified what we believe are the areas of government regulation that, if changed, would be costly to us. These include: licensure standards for doctors, pharmacists and behavioral health professionals; laws limiting the corporate practice of medicine; fee-splitting, healthcare fraud and abuse laws; third party payor coverage and reimbursement rules; cybersecurity and privacy laws; laws and rules relating to the distinction between independent contractors and employees; prescribing of controlled substances via a remote encounter; fraud and abuse laws addressing financial relationships between healthcare entities and physicians or other referral sources; commercial and governmental payor billing; anti-kickback laws; provisions of free healthcare by the government; and tax and other laws. There could be laws and regulations applicable to our business that we have not identified or that, if changed, may be costly to us, and we cannot predict all the ways in which implementation of such laws and regulations may affect us.
In the jurisdictions in which we operate, we believe we are in compliance with all applicable laws, but these laws and regulations are extremely complex and, in many cases, still evolving. If our operations are found to violate any of the foreign, federal, state or local laws and regulations which govern our activities, we may be subject to litigation, government enforcement actions, and applicable penalties associated with the violation, potentially including civil and criminal penalties, damages, fines, exclusion from participation in certain payor programs or curtailment of our operations. Compliance obligations under these various laws are oftentimes detailed and onerous, further contributing to the risk that we could be found to be out of compliance with particular requirements. The risk of being found in violation of these laws and regulations is further increased by the fact that in many cases, these laws have not been fully interpreted by the regulatory authorities or the courts, particularly with respect to new and emerging technologies and remote delivery of services, and may therefore be open to a variety of interpretations. In the event that we must remedy any compliance violations, we may be required to modify our services and products in a manner that undermines our solution’s attractiveness to our customers or providers or experts, we may become subject to fines or other penalties or, if we determine that the requirements to operate in compliance in such jurisdictions are overly burdensome, we may elect to terminate our operations in such places. In each case, our revenue may decline, and our business, financial condition and results of operations could be materially adversely affected.
Other legal, regulatory and commercial policy influences are subjecting our industry to significant changes, and we cannot predict whether new regulations or policies will emerge from U.S. federal or state governments, foreign governments, or third-party payors. Government and commercial payors may, in the future, consider healthcare policies and proposals intended to curb rising healthcare costs, including those that could significantly affect reimbursement for healthcare services. Future significant changes in the healthcare systems in the United States or elsewhere could also have a negative impact on the demand for our current and future services.
Additionally, the introduction of new services may require us to comply with additional, yet undetermined, laws and regulations. Compliance may require obtaining appropriate licenses or certificates, increasing our security measures and expending additional resources to monitor developments in applicable rules to ensure compliance. The failure to adequately comply with these future laws and regulations may delay or possibly prevent some of our products or services from being offered to customers, which could have a material adverse effect on our business, financial condition and results of operations.
Many existing healthcare laws and regulations, when enacted, did not anticipate the services that we provide. However, these laws and regulations may nonetheless be applied to our business. Our failure to accurately anticipate the application of these laws and regulations, or other failure to comply, could create liability for us, result in adverse publicity and materially affect our business, financial condition and results of operations.
We conduct business in a heavily regulated industry and if we fail to comply with these laws and government regulations, we could incur substantial penalties or be required to make significant changes to our operations or experience
enforcement actions or adverse publicity, which could have a material adverse effect on our business, financial condition and results of operations.
The U.S. healthcare industry is heavily regulated and closely scrutinized by federal, state and local governments. Comprehensive statutes and regulations govern the manner in which we provide and bill for services and collect reimbursement from governmental programs and private payors, our contractual relationships with our providers, vendors and customers, our marketing activities and other aspects of our operations. Of particular importance are:
•the federal physician self-referral law, commonly referred to as the Stark Law, that, subject to limited exceptions, prohibits physicians from referring Medicare patients to an entity for the provision of certain “designated health services” if the physician or a member of such physician’s immediate family has a direct or indirect financial relationship (including an ownership interest or a compensation arrangement) with the entity, and prohibits the entity from billing Medicare for such designated health services;
•the federal Anti-Kickback Statute, which is an intent-based federal criminal statute that prohibits the knowing and willful offer, payment, provision, solicitation or receipt of any remuneration, directly or indirectly, in cash or in kind, for referring an individual, in return for ordering, leasing, purchasing or recommending or arranging for or to induce the referral of an individual or the ordering, purchasing or leasing of items or services covered, in whole or in part, by any federal healthcare program, such as Medicare and Medicaid. A person or entity does not need to have actual knowledge of the statute or specific intent to violate it to have committed a violation. In addition, the government may assert that a claim including items or services resulting from a violation of the federal Anti-Kickback Statute constitutes a false or fraudulent claim for purposes of the federal False Claims Act;
•the criminal healthcare fraud provisions of the federal Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act, or HITECH, and their implementing regulations, which we collectively refer to as HIPAA, and related rules that prohibit knowingly and willfully executing or attempting to execute a scheme or artifice to defraud any healthcare benefit program or to obtain by means of false, or fraudulent pretenses, representations, or promises, any of the money or property owned by, or under the custody or control of, any healthcare benefit program in connection with the delivery of or payment for healthcare benefits, items or services. Similar to the federal Anti-Kickback Statute, a person or entity does not need to have actual knowledge of the statute or specific intent to violate it to have committed a violation;
•the federal False Claims Act that imposes civil liability, including through qui tam and civil whistleblower actions, against individuals or entities that knowingly present, or cause to be presented, false or fraudulent claims for payment to the federal government or knowingly making, or causing to be made, a false statement or record material to the payment of a false claim or avoiding, decreasing or concealing an obligation to pay money to the federal government;
•the federal criminal statute on false statements relating to health care matters, which prohibits knowingly and willfully falsifying, concealing or covering up a material fact or making any materially false, fictitious, or fraudulent statements or representations in connection with the delivery of or payment for health care benefits, items or services;
•The Civil Monetary Penalties Law authorizes the imposition of civil monetary penalties, assessments and exclusion against an individual or entity based on a variety of prohibited conduct, including, but not limited to:
•presenting, or causing to be presented, claims for payment to Medicare, Medicaid or other third-party payors that the individual or entity knows or should know are for an item or service that was not provided as claimed or is false or fraudulent;
•offering remuneration to a Medicare or Medicaid beneficiary that the individual or entity knows or should know is likely to influence the beneficiary to order or receive health care items or services from a particular provider or supplier;
•employing or contracting with an entity or individual excluded from participation in the federal health care programs;
•violating the federal Anti-Kickback Statute;
•making, using or causing to be made or used a false record or statement material to a false or fraudulent claim for payment for items and services furnished under a federal health care program;
•making, using or causing to be made any false statement, omission or misrepresentation of a material fact in any application, bid or contract to participate or enroll as a provider of services or a supplier under a federal health care program;
•failing to timely report and return an overpayment owed to the federal government;
•substantial civil monetary penalties may be imposed under the federal Civil Monetary Penalties Law and may vary depending on the underlying violation. In addition, an assessment of not more than three times the total amount claimed for each item or service may also apply and a violator may be subject to exclusion from federal and state health care programs;
•the federal Eliminating Kickbacks in Recovery Act of 2018 (“EKRA”), included as part of the Substance Use-Disorder Prevention that Promotes Opioid Recovery and Treatment (“SUPPORT”) for Patients and Communities Act (the “SUPPORT Act”), was signed into law on October 24, 2018. The EKRA provisions, similar to the federal Anti-Kickback Statute, make it a felony for certain entities (including substance abuse treatment centers, clinical treatment facilities and clinical laboratories) to engage in remunerative arrangements that induce or reward individuals or entities
for the referral of patients to such facilities, unless an exception applies. EKRA applies regardless of payor source, including for services reimbursed exclusively through commercial insurance or self-paying patients. Violations of EKRA can lead to fines of not more than $200,000 and imprisonment of not more than 10 years, or both, for each occurrence pursuant to 18 U.S.C. 220(a);
•reassignment of payment rules that prohibit certain types of billing and collection practices in connection with claims payable by the Medicare or Medicaid programs;
•similar state law provisions pertaining to anti-kickback, self-referral, fee-splitting, patient inducement and false claims issues, some of which may apply to items or services reimbursed by any payor, including patients and commercial insurers;
•state laws that prohibit general business corporations, such as us, from practicing medicine, controlling physicians’ medical decisions or engaging in some practices such as splitting fees with physicians;
•laws that regulate debt collection practices as applied to our debt collection practices;
•a provision of the Social Security Act that imposes criminal penalties on healthcare providers who fail to disclose or refund known overpayments;
•federal and state laws that prohibit providers from billing and receiving payment from Medicare and Medicaid for services unless the services are medically necessary, adequately and accurately documented and billed using codes that accurately reflect the type and level of services rendered;
•federal and state laws and policies related to healthcare providers, licensure, certification, accreditation and related to the Medicare and Medicaid programs enrollment; and
•federal and state laws and policies related to the practice of pharmacy, pharmacy licensure, and the prescribing and dispensing of pharmaceuticals and controlled substances.
In addition, the healthcare industry is required to comply with additional extensive and complex laws and regulations at the federal, state and local government levels relating to, among other things:
•licensure of health providers, certification of organizations and enrollment with government reimbursement programs;
•necessity and adequacy of medical care;
•relationships with physicians and other referral sources and referral recipients;
•billing and coding for services;
•properly handling overpayments;
•quality of medical equipment and services;
•qualifications of medical and support personnel;
•confidentiality, maintenance, data breach, identity theft and security issues associated with health-related and personal information and medical records; and
•communications with patients and consumers.
Because of the breadth of these laws and the narrowness of certain statutory and regulatory exceptions and safe harbors that may be available, it is possible that some of our business activities could be subject to challenge under one or more of such laws. Complying with these laws may prove costly. Failure to comply with these laws and other laws can result in civil and criminal penalties such as fines, damages, overpayment, recoupment, imprisonment, loss of enrollment status and exclusion from participation in federal healthcare programs, including Medicare and Medicaid. The risk of us being found in violation of these laws and regulations is increased by the fact that many of them have not been fully interpreted by the regulatory authorities or the courts, and their provisions are sometimes open to a variety of interpretations. Our failure to accurately anticipate the application of these laws and regulations to our business or any other failure to comply with regulatory requirements could create liability for us and negatively affect our business. Any action against us for violation of these laws or regulations, even if we successfully defend against it, could cause us to incur significant legal expenses, divert our management’s attention from the operation of our business and result in adverse publicity.
To enforce compliance with the federal laws, the U.S. Department of Justice and the U.S. Department of Health and Human Services Office of Inspector General (“OIG”), have recently increased their scrutiny of healthcare providers, which has led to a number of investigations, prosecutions, convictions and settlements in the healthcare industry. Telemedicine providers, in particular, have been subject to increased scrutiny by federal and state regulators and have resulted in significant enforcement actions. Dealing with investigations can be time- and resource-intensive and can divert management’s attention from the business. Any such investigation or settlement could increase our costs or otherwise have an adverse effect on our business. In addition, because of the potential for large monetary exposure under the federal False Claims Act, which provides for treble damages and penalties of $11,665 to $23,331 per false claim or statement for penalties assessed after June 19, 2020, and with respect to violations occurring after November 2, 2015, healthcare providers often resolve allegations without admissions of liability for significant and material amounts to avoid the uncertainty of treble damages that may be awarded in litigation proceedings. Such settlements often contain additional compliance and reporting requirements as part of a consent decree, settlement agreement or corporate integrity agreement. Notably, the government has been using its newly created authority under EKRA to pursue criminal enforcement actions against substance abuse treatment facilities for certain financial
arrangements that were not subject to the federal Anti-Kickback Statute due to the absence of federal healthcare program reimbursement for services rendered by such facilities. EKRA’s statutory exceptions do not strictly mirror the safe harbors available under the federal Anti-Kickback Statute and in many instances, relationships that would otherwise comply with the federal Anti-Kickback Statute would nevertheless violate EKRA. EKRA grants authority to the U.S. Attorney General to promulgate additional exceptions, in consultation with the Secretary of HHS; however, the Attorney General has not yet done so. Notably, the OIG (the agency with authority to promulgate regulatory safe harbors under the federal Anti-Kickback Statute) does not have any authority over EKRA and the Attorney General does not have any particular expertise with healthcare fraud and abuse laws. Given this inexperience, there may be a substantial delay before any additional exceptions to EKRA are implemented. In the meantime, the U.S. Department of Justice is actively pursuing enforcement actions under EKRA. There is much uncertainty in how EKRA will be interpreted and applied and also, whether additional exceptions will be adopted in the future.
While we make every effort to comply with all applicable laws, we cannot rule out the possibility that the government or other third parties could interpret these laws differently and challenge our practices under one or more of these laws. The likelihood of allegations of non-compliance is increased by the fact that under certain federal and state laws applicable to our business, individuals, known as relators, may bring an action on behalf of the government alleging violations of such laws, and potentially be awarded a share of any damages or penalties ultimately awarded to the applicable government body.
The laws, regulations and standards governing the provision of healthcare services across the world including India and the U.S. may change significantly in the future. We cannot assure you that any new or changed healthcare laws, regulations or standards will not materially adversely affect our business. Further, we cannot assure you that a review of our business by judicial, law enforcement, regulatory or accreditation authorities will not result in a determination that could adversely affect our operations.
Patient safety concerns relating to our substance use disorder treatment business could result in increased regulatory burdens, governmental investigations, and negative publicity.
Because some of the patients we treat can suffer from severe mental health and chemical dependency disorders, patient incidents, including deaths, assaults and elopements, occur from time to time. If one or more of our substance abuse treatment programs or facilities experiences an adverse patient incident or is otherwise found to have failed to comply with laws and regulations applicable to patient safety or provide appropriate patient care, an admissions hold, loss of accreditation, license revocation or other adverse regulatory action could be taken against the health care providers and programs or facilities involved. Any such patient incident or adverse regulatory action could result in governmental investigations, judgments or fines and have a material adverse effect on a particular program or facility’s continued operation, financial condition and results of operations. In addition, we could become the subject of negative publicity, whether warranted or unwarranted, that could have a significant, adverse effect on our reputation of our behavioral health and substance abuse programs and how they are viewed by referral sources and payors.
Our international operations pose certain risks to our business that may be different from risks associated with our domestic operations.
We are forming a subsidiary in India to provide shared support services to our U.S. operations and to introduce U.S. offerings to India-based customers. Our international business is subject to risks resulting from differing legal and regulatory requirements, political, social and economic conditions and unforeseeable developments in India. Our international operations are subject to particular risks in addition to those faced by our domestic operations, including:
•uncertain legal and regulatory requirements applicable to digital health, technology services and solutions and prescription medication;
•multiple, conflicting and changing laws and regulations such as tax laws, privacy and data protection laws and regulations, export and import restrictions, employment laws, regulatory requirements and other governmental approvals, permits and licenses;
•our inability to replicate our domestic business structure consistently outside of the United States, especially as it relates to our contractual arrangement with affiliated professional entities;
•the need to localize and adapt our solutions for specific countries, including translation into foreign languages and associated expenses;
•potential loss of proprietary information due to misappropriation or laws that may be less protective of our intellectual property rights than U.S. laws or that may not be adequately enforced;
•requirements of foreign laws and other governmental controls, including compliance challenges related to the complexity of multiple, conflicting and changing governmental laws and regulations, including employment, healthcare, tax, privacy and data protection laws and regulations;
•data privacy laws that require that customer data be stored and processed in a designated territory;
•new and different sources of competition and laws and business practices favoring local competitors;
•local business and cultural factors that differ from our normal standards and practices, including business practices that we are prohibited from engaging in by the U.S. Foreign Corrupt Practices Act of 1977 (the “FCPA”) and other anti-corruption laws and regulations;
•changes to economic sanctions laws and regulations;
•central bank and other restrictions on our ability to repatriate cash from international subsidiaries;
•adverse tax consequences;
•fluctuations in currency exchange rates, economic instability and inflationary conditions, which could make our solutions more expensive or increase our costs of doing business in certain countries;
•limitations on future growth or inability to maintain current levels of revenues from international sales if we do not invest sufficiently in our international operations;
•different pricing environments, longer sales cycles and longer accounts receivable payment cycles and collections issues;
•difficulties in staffing, managing and operating our international operations, including difficulties related to administering our stock plans in some foreign countries and increased financial accounting and reporting burdens and complexities;
•difficulties in coordinating the activities of our geographically dispersed and culturally diverse operations;
•natural disasters, political and economic instability, including wars, terrorism, social or political unrest, including civil unrest, protests, and other public demonstrations, outbreaks of disease, pandemics or epidemics, boycotts, curtailment of trade, and other market restrictions; and
•regulatory and compliance risks that relate to maintaining accurate information and control over activities subject to regulation under the FCPA, and comparable laws and regulations in other countries.
Our overall success in international markets depends, in part, on our ability to anticipate and effectively manage these risks and there can be no assurance that we will be able to do so without incurring unexpected costs. If we are not able to manage the risks related to our international operations, our business, financial condition and results of operations may be materially adversely affected.
Developments affecting spending by the healthcare industry could adversely affect our business.
The U.S. healthcare industry has changed significantly in recent years, and we expect that significant changes will continue to occur. General reductions in expenditures by healthcare industry participants could result from, among other things:
•government regulations or private initiatives that affect the manner in which healthcare providers interact with patients, payors or other healthcare industry participants, including changes in pricing or means of delivery of healthcare products and services;
•consolidation of healthcare industry participants;
•federal amendments to, lack of enforcement or development of applicable regulations for, or repeal of the Patient Protection and Affordable Care Act, as amended by the Health Care and Education Reconciliation Act of 2010 (as amended, the “ACA”);
•reductions in government funding for healthcare; and
•adverse changes in business or economic conditions affecting healthcare payors, providers or other healthcare industry participants.
Any of these changes in healthcare spending could adversely affect our revenues. Even if general expenditures by industry participants remain the same or increase, developments in the healthcare industry may result in reduced spending in some or all of the specific market segments that we serve now or in the future. However, the timing and impact of developments in the healthcare industry are difficult to predict. We cannot assure you that the demand for our products and services will continue to exist at current levels or that we will have adequate technical, financial and marketing resources to react to changes in the healthcare industry.
Our failure to comply with the anti-corruption, trade compliance and economic sanctions laws and regulations of the United States and applicable international jurisdictions could materially adversely affect our reputation and results of operations.
We must comply with anti-corruption laws and regulations imposed by governments around the world with jurisdiction over our operations, which may include the FCPA and the U.K. Bribery Act 2010 (the “Bribery Act”), as well as the laws of the countries where we do business. These laws and regulations apply to companies, individual directors, officers, employees and agents, and may restrict our operations, trade practices, investment decisions and partnering activities. Where they apply, the FCPA and the Bribery Act prohibit us and our officers, directors, employees and business partners acting on our behalf, including joint venture partners and agents, from corruptly offering, promising, authorizing or providing anything of value to
public officials for the purposes of influencing official decisions or obtaining or retaining business or otherwise obtaining favorable treatment. The Bribery Act also prohibits non-governmental “commercial” bribery and accepting bribes. As part of our business, we may deal with governments and state-owned business enterprises, the employees and representatives of which may be considered public officials for purposes of the FCPA and the Bribery Act.
We also are subject to the jurisdiction of various governments and regulatory agencies around the world, which may bring our personnel and agents into contact with public officials responsible for issuing or renewing permits, licenses or approvals or for enforcing other governmental regulations. In addition, some of the international locations in which we will operate lack a developed legal system and have elevated levels of corruption. Our business also must be conducted in compliance with applicable export controls and trade and economic sanctions laws and regulations, including those of the U.S. government, the governments of other countries in which we will operate or conduct business and various multilateral organizations. Such laws and regulations include, without limitation, those administered and enforced by the U.S. Department of the Treasury’s Office of Foreign Assets Control, the U.S. Department of State, the U.S. Department of Commerce, the United Nations Security Council and other relevant sanctions authorities. Our provision of services to persons located outside the United States may be subject to certain regulatory prohibitions, restrictions or other requirements, including certain licensing or reporting requirements. Our provision of services outside of the United States also exposes us to the risk of violating, or being accused of violating, anti-corruption, exports controls and trade compliance and economic sanctions laws and regulations. Our failure to successfully comply with these laws and regulations may expose us to reputational harm as well as significant sanctions, including criminal fines, imprisonment, civil penalties, disgorgement of profits, injunctions and suspension or debarment from government contracts, as well as other remedial measures. Investigations of alleged violations can be expensive and disruptive. Though we have implemented formal training and monitoring programs, we cannot assure compliance by our employees or representatives for which we may be held responsible, and any such violation could materially adversely affect our reputation, business, financial condition and results of operations.
Our business is subject to changes in medication pricing and is significantly impacted by pricing structures negotiated by industry participants.
Our platform aggregates and analyzes pricing data from a number of different sources. The discounted prices that we present through our platform are based in large part upon pricing structures negotiated by industry participants. We do not control the pricing strategies of pharmaceutical manufacturers, wholesalers, and pharmacy benefit managers (“PBMs”), each of which is motivated by independent considerations and drivers that are outside our control and has the ability to set or significantly impact market prices for different prescription medications. While we have contractual and non-contractual relationships with certain industry participants, such as PBMs and pharmaceutical manufacturers, these and other industry participants often negotiate complex and multi-party pricing structures, and we have no control over these participants and the policies and strategies that they implement in negotiating these pricing structures.
Pharmaceutical manufacturers generally direct medication pricing by setting medication list prices and offering rebates and discounts for their medications. List prices are impacted by, among other things, market considerations such as the number of competitor medications and availability of alternative treatment options. Wholesalers can impact medication pricing by purchasing medications in bulk from pharmaceutical manufacturers and then reselling such medications to pharmacies. PBMs generally impact medication pricing through their bargaining power, negotiated rebates with pharmaceutical manufacturers and contracts with different pharmacy providers and health insurance companies. PBMs work with pharmacies to determine the negotiated rate that will be paid at the pharmacy by consumers. Medication pricing is also impacted by health insurance companies and the extent to which a health insurance plan provides for, among other things, covered medications, preferred tiers for different medications and high or low deductibles.
Changes in the fee and pricing structures among industry participants, whether due to regulatory requirements, competitive pressures or otherwise, that reduce or adversely impact fees generated by PBMs would have an adverse effect on our ability to generate revenue and business. Due in part to existing pricing structures, we generate a small portion of our revenue through contracts with pharmaceutical manufacturers and other intermediaries. Changes in the roles of industry participants and in general pricing structures, as well as price competition among industry participants, could have an adverse impact on our business. For example, integration of PBMs and pharmacy providers could result in pricing structures whereby such entities would have greater pricing power and flexibility or industry players could implement direct-to-consumer initiatives that could significantly alter existing pricing structures, either of which would have an adverse impact on our ability to present competitive and low prices to consumers and, as a result, the value of our platform for consumers and our results of operations.
If reimbursement rates paid by third-party payors are reduced, if third-party payors otherwise restrain our ability to obtain or provide services to patients, or if governments introduce free healthcare provisions or create the provision of significantly different paradigms of delivery service, our business could be negatively impacted.
Private third-party payors pay for the services that we provide through our behavioral digital health consult and on-site division. If any commercial third-party payors reduce their reimbursement rates or elect not to cover some or all of our services, our business may be harmed. Third-party payors are also entering into sole source contracts with some healthcare providers, which could effectively limit our pool of potential customers.
Private third-party payors often use plan structures, such as narrow networks or tiered networks, to encourage or require customers to use in-network providers. In-network providers typically provide services through private third-party payors for a negotiated lower rate or other less favorable terms. Private third-party payors generally attempt to limit use of out-of-network providers by requiring customers to pay higher copayment and/or deductible amounts for out-of-network care. Additionally, private third-party payors have become increasingly aggressive in attempting to minimize the use of out-of-network providers by disregarding the assignment of payment from customers to out-of-network providers (i.e., sending payments directly to customers instead of to out-of-network providers), capping out-of-network benefits payable to customers, waiving out-of-pocket payment amounts and initiating litigation against out-of-network providers for interference with contractual relationships, insurance fraud and violation of state licensing and consumer protection laws. If we become out of network for insurers, our behavioral health business could be harmed and our behavioral health patient service revenue could be reduced because customers could stop using our services. Additionally, our behavioral health services business is heavily dependent on a contract with the Veterans Administration Agency. If that contract should be canceled, terminated or reduced, it will materially impact our behavioral health services business.
If reimbursement rates paid by federal or state healthcare programs are reduced or if government payors otherwise restrain our ability to obtain or provide services to customers, our business, financial condition and results of operation could be harmed.
A portion of our revenue comes from government healthcare programs, principally Medicare and Tricare. Payments from federal and state government programs are subject to statutory and regulatory changes, administrative rulings, interpretations and determinations, requirements for utilization review and federal and state funding restrictions, each of which could increase or decrease program payments, as well as affect the cost of providing service to patients. We are unable to predict the effect of recent and future policy changes on our operations. In addition, the uncertainty and fiscal pressures placed upon federal and state governments as a result of, among other things, deterioration in general economic conditions and the funding requirements from the federal healthcare reform legislation, may affect the availability of taxpayer funds for Medicare and Medicaid programs. Changes in government healthcare programs may reduce the reimbursement we receive and could adversely impact our business and results of operations.
As federal healthcare expenditures continue to increase, and state governments continue to face budgetary shortfalls, federal and state governments have made, and continue to make, significant changes in the Medicare and Medicaid programs. These changes include reductions in reimbursement levels and new or modified requirements related to Medicaid waivers. Some of these changes have decreased, or could decrease, the amount of money we receive for our services relating to these programs. In some cases, private third-party payors rely on all or portions of Medicare payment systems to determine payment rates. Changes to government healthcare programs that reduce payments under these programs may negatively impact payments from private third-party payors.
Our pharmacy operations within the behavioral health business subjects us to additional regulations; if we fail to comply, we could suffer penalties or be required to make significant changes to our operations.
Our behavioral health business utilizes various levels of pharmacy operation that is subject to extensive federal, state and local regulation. Pharmacies, pharmacists and pharmacy technicians are subject to a variety of federal and state statutes and regulations governing various aspects of operation, including the distribution of drugs; licensure of facilities and professionals, including pharmacists, technicians and other healthcare professionals; packaging, storing, distributing, and tracking of pharmaceuticals; repackaging of drug products; medication guides, and other consumer disclosures; interactions with prescribing professionals; counseling of patients; prescription transfers; security; controlled substance inventory control and recordkeeping; and reporting to the U.S. Drug Enforcement Agency, the FDA, state boards of pharmacy, the U.S. Consumer Product Safety Commission and other state enforcement or regulatory agencies. Any failure or perceived failure by us to comply with any applicable federal, state and local laws and regulations could have a material adverse effect on our business, financial condition and results of operations and may expose us to civil and criminal penalties.
If we fail to comply with federal and state laws and policies governing claim submissions to government healthcare programs or commercial insurance programs, we may be subject to civil and criminal penalties or loss of eligibility to participate in government healthcare programs and contractual claims by commercial insurers.
We prepare and submit claims for professional services and certain of these claims are governed by federal and state laws with potential civil and criminal penalties for non-compliance. The HIPAA security, privacy and transaction standards also have a
potentially significant effect on our integrated care management services, because such services must be structured and provided in a way that supports our customers’ HIPAA compliance obligations. Errors by us or our systems with respect to entry, formatting, preparation or transmission of claim information may be determined or alleged to be in violation of these laws and regulations. If our integrated care management services fail to comply with these laws and regulations, we may be subjected to federal or state government investigations and possible penalties may be imposed upon us, false claims actions may have to be defended, private payors may file claims against us and we may be excluded from Medicare, Medicaid or other government-funded healthcare programs. Further, our customers may seek contractual remedies and indemnification. Any investigation or proceeding related to these topics, even if unwarranted or without merit, could adversely affect demand for our services, could force us to expend significant capital, research and development and other resources to address the failure, and may have a material adverse effect on our business, results of operations and financial condition.
If we fail to comply with Medicare and Medicaid regulatory, guidance or policy requirements, we may be subjected to reduced reimbursement, overpayment demands or loss of eligibility to participate in these programs.
The Medicare and Medicaid programs are highly regulated, and unique requirements governing the reimbursement of professional services delivered using digital health are evolving and complicated. In addition, changes in government healthcare programs may reduce the reimbursement we receive and could adversely affect our business and results of operations. In particular, there is uncertainty regarding whether temporary waivers of certain Medicare conditions of participation and payment for many virtual care services and temporary expansions of the types of Medicare-covered services that can be provided remotely will continue or be made permanent. If we fail to comply with applicable reimbursement laws and regulations, reimbursement under these programs and participation in these programs could be adversely affected. Federal or state governments may also impose other sanctions on us for failure to comply with the applicable reimbursement regulations, including but not limited to recovering an overpayment. Failure to comply with these or future laws and regulations could limit our ability to provide digital health services to our customers.
Recent and frequent state legislative and regulatory changes specific to digital health consults may present us with additional requirements and state compliance costs, with potential operational impacts in certain jurisdictions.
In recent years, various government agencies, both domestic and international, have adopted an abundance of new legislation and regulations specific to digital health. In some cases, this legislation and regulation, typically targeting “direct-to-consumer” digital health consult and pharmacy service offerings rather than specialty consultative services, such as our acute digital health solutions, incorporates informed consent, modality, medical record and other requirements. Thus, where new legislation and regulations apply to our digital health solutions, we may incur costs to monitor, evaluate and modify operational processes for compliance. All such activities increase our costs and could, in certain circumstances, impact our ability to make available digital health services in a particular state.
Risks Related to Innovation Lab Offerings
Issues arising from or related to the use of AI in our offerings may result in reputational harm or liability.
At UpHealth Innovation Lab, we are building AI-driven digital health solutions that are intended to enhance revenue through hyper-personalized customer experiences and productivity through the automation of re-designed healthcare operations. As with many disruptive innovations, AI presents risks and challenges that could affect its adoption, and therefore our business. AI algorithms may be flawed. Datasets may be insufficient or contain biased information. Inappropriate or controversial data practices by us or others could impair the acceptance of AI solutions. These deficiencies could undermine the decisions, predictions, or analysis AI applications produce, subjecting us to competitive harm, legal liability, and brand or reputational harm. Some AI scenarios present ethical issues. If we enable or offer AI solutions that are controversial because of their impact on human rights, privacy, employment, or other social issues, we may experience brand or reputational harm.
Limitations on our use of data related to current customer contracts and the impact of healthcare regulations may slow or limit the growth of our data and analytics offerings.
We are creating a state-of-the-art data fabric that simplifies data sharing and ensures data is discoverable across multiple systems. UpHealth’s data and analytics enables organizations to implement advanced patient risk stratification and prescriptive next-best actions. However, we may face headwinds with limitations on the use of data in current customer contracts. We are currently evaluating those limitations and may need to renegotiate current contracts and negotiate future contracts to allow broader use of data to launch this initiative. Also, healthcare regulations concerning personal health information, including but not limited to HIPAA, HITECH, 42 CFR Part II, and their State law equivalents such as the California Consumer Privacy Act (the “CCPA”), as recently amended and expanded by the California Privacy Rights Act (“CPRA”), could have a significant effect on the manner in which we must handle healthcare related data, and the costs of complying with such standards could be significant.
Risks Related to Privacy, Cybersecurity, Technology and Intellectual Property
Our proprietary software may not operate properly, which could damage our reputation, give rise to claims against us or divert application of our resources from other purposes, any of which could harm our business.
We are currently implementing software with respect to a number of new applications and services. If our solutions do not function reliably or fail to achieve member, partner or customer expectations in terms of performance, we may lose or fail to grow customer usage, partners and customers could assert liability claims against us, and partners and customers may attempt to cancel their contracts with us. This could damage our reputation and impair our ability to attract or maintain health network partners and enterprise customers.
Our business is subject to complex and evolving foreign laws and regulations regarding privacy, data protection and other matters relating to information collection.
There are numerous foreign laws, regulations and directives regarding privacy and the collection, storage, transmission, use, processing, disclosure and protection of personally identifiable information (“PII”) and other personal or customer data, the scope of which is continually evolving and subject to differing interpretations, including, for example, the General Data Protection Regulation, the India Information Technology Act, 2000 and the India Digital Personal Data Protection Act, 2022, among others. Compliance with these laws can be onerous and expensive but failure to comply may expose us to liability and adversely affect our business, financial condition, results of operations and prospects.
Our use and disclosure of personally identifiable information, including health information, is subject to federal and state privacy and security regulations, and our failure to comply with those regulations or to adequately secure the information we hold could result in significant liability or reputational harm and, in turn, a material adverse effect on our customer base and revenue.
Numerous state and federal laws and regulations govern the collection, dissemination, use, privacy, confidentiality, security, availability and integrity of PII, including protected health information (“PHI”). These laws and regulations include HIPAA. HIPAA establishes a set of basic national privacy and security standards for the protection of PHI, by health plans, healthcare clearinghouses and certain healthcare providers, referred to as covered entities, and the business associates with whom such covered entities contract for services, which includes us.
HIPAA requires healthcare providers like us to develop and maintain policies and procedures with respect to PHI that is used or disclosed, including the adoption of administrative, physical and technical safeguards to protect such information. HIPAA also implemented the use of standard transaction code sets and standard identifiers that covered entities must use when submitting or receiving certain electronic healthcare transactions, including activities associated with the billing and collection of healthcare claims.
HIPAA imposes mandatory penalties for certain violations. Penalties for violations of HIPAA and its implementing regulations start at $119 per violation and are not to exceed $59,522 per violation, subject to a cap of $178,000,000 for violations of the same standard in a single calendar year. However, a single breach incident can result in violations of multiple standards. HIPAA also authorizes state attorneys general to file suit on behalf of their residents. Courts are able to award damages, costs and attorneys’ fees related to violations of HIPAA in such cases. While HIPAA does not create a private right of action allowing individuals to sue us in civil court for violations of HIPAA, its standards have been used as the basis for duty of care in state civil suits such as those for negligence or recklessness in the misuse or breach of PHI.
In addition, HIPAA mandates that the Secretary of HHS conduct periodic compliance audits of HIPAA covered entities or business associates for compliance with the HIPAA Privacy and Security Standards. It also tasks HHS with establishing a methodology whereby harmed individuals who were the victims of breaches of unsecured PHI may receive a percentage of the Civil Monetary Penalty fine paid by the violator.
HIPAA further requires that patients be notified of any unauthorized acquisition, access, use or disclosure of their unsecured PHI that compromises the privacy or security of such information, with certain exceptions related to unintentional or inadvertent use or disclosure by employees or authorized individuals. HIPAA specifies that such notifications must be made “without unreasonable delay and in no case later than 60 calendar days after discovery of the breach.” If a breach affects 500 patients or more, it must be reported to HHS without unreasonable delay, and HHS will post the name of the breaching entity on its public web site. Breaches affecting 500 patients or more in the same state or jurisdiction must also be reported to the local media. If a breach involves fewer than 500 people, the covered entity must record it in a log and notify HHS at least annually.
New health information standards, whether implemented pursuant to HIPAA, congressional action or otherwise, could have a significant effect on the manner in which we must handle healthcare related data, and the cost of complying with standards could be significant. If we do not comply with existing or new laws and regulations related to PHI, we could be subject to criminal or civil sanctions.
In addition to HIPAA, certain of our operations may be subject to the regulations governing the protection patient records created by federally assisted programs for the treatment of substance use disorder (“SUD”) under 42 CFR Part 2 (the “Part 2 Rule”), implemented by the Substance Abuse and Mental Health Services Administration (“SAMHSA”). The Part 2 Rule requires additional confidentiality obligations related to SUD treatment records and generally speaking, restricts the disclosure of SUD treatment records without patient consent, other than as statutorily authorized in the context of a bona fide medical emergency, or for the purpose of scientific research, audit, or program evaluation, or based on an appropriate court order. On July 15, 2020, SAMHSA issued a final rule on the protection of SUD treatment records under the Part 2 Rule that aims to reduce delays and burdens in care coordination by more closely aligning Part 2 with the HIPAA Privacy Rule, while maintaining certain privacy protections specific to Part 2. This final rule was effective August 14, 2020. Nevertheless, we must ensure that SUD treatment records covered under Part 2 are afforded the additional legal protections mandated by Part 2.
Numerous other federal and state laws protect the confidentiality, privacy, availability, integrity and security of PII, including PHI. These laws in many cases are more restrictive than, and may not be preempted by, the HIPAA rules and may be subject to varying interpretations by courts and government agencies, creating complex compliance issues for us and our customers and potentially exposing us to additional expense, adverse publicity and liability. For example, the Federal Trade Commission uses its consumer protection authority to initiate enforcement actions in response to alleged privacy and data security violations and certain states have adopted privacy and security standards that a more restrictive than HIPAA and that apply to PII in addition to PHI. For instance, the California Consumer Privacy Act (the “CCPA”), which came into effect January 1, 2020, was recently amended and expanded by the California Privacy Rights Act (“CPRA”) passed on November 3, 2020. Most of the CPRA’s substantive provisions will not take effect until January 1, 2023, however, the CPRA’s expansion of the “Right to Know” impacts personal information collected on or after January 1, 2022. Companies must still comply with the CCPA during the ramp up period before CPRA goes into effect. The CCPA and CPRA, among other things, create new data privacy obligations for covered companies and provide new privacy rights to California residents, including the right to opt out of certain disclosures of their information. The CCPA also created a private right of action with statutory damages for certain data breaches, thereby potentially increasing risks associated with a data breach. It remains unclear what, if any, additional modifications will be made to the CPRA by the California legislature or how it will be interpreted.
In addition to the laws discussed above, we may see more stringent state and federal privacy legislation in 2021 and beyond, as the increased cyber-attacks during the pandemic have once again put a spotlight on data privacy and security in the U.S. and other jurisdictions. The Strengthening American Cybersecurity Act of 2022 (the “SACA”) was signed into law in March 2022. One of the primary goals of the SACA is the protection of critical domestic infrastructure. Among other provisions, the SACA requires entities in critical infrastructure sectors to follow specified timelines and reporting procedures with respect to cybersecurity incidents and ransom payment demands. We would need to review our internal policies and infrastructure and invest in it to comply with the new requirements.
We cannot predict where new legislation might arise, the scope of such legislation, or the potential impact to our business and operations. This myriad of data privacy and security laws and regulations and the evolving regulatory landscape create complex compliance issues for us and our customers and potentially expose us to additional expense, adverse publicity and liability.
Because of the extreme sensitivity of the PII we store and transmit, the security features of our technology platform are very important. If our security measures, some of which are managed by third parties, are breached or fail, unauthorized persons may be able to obtain access to sensitive customer and customer data, including HIPAA-regulated PHI. As a result, our reputation could be severely damaged, adversely affecting customer and member confidence. Customers may curtail their use of, or stop using, our services or our customer base could decrease, which would cause our business to suffer. In addition, we could face litigation, damages for contract breach, penalties and regulatory actions for violation of HIPAA and other applicable laws or regulations and significant costs for remediation, notification to individuals and for measures to prevent future occurrences. Any potential security breach could also result in increased costs associated with liability for stolen assets or information, repairing system damage that may have been caused by such breaches, incentives offered to customers or other business partners in an effort to maintain our business relationships after a breach and implementing measures to prevent future occurrences, including organizational changes, deploying additional personnel and protection technologies, training employees and engaging third-party experts and consultants. While we maintain insurance covering certain security and privacy damages and claim expenses, we may not carry insurance or maintain coverage sufficient to compensate for all liability and in any event, insurance coverage would not address the reputational damage that could result from a security incident.
We outsource important aspects of the storage and transmission of customer and patient information, and thus rely on third parties to manage functions that have material cybersecurity risks. We attempt to address these risks by requiring outsourcing
subcontractors who handle customer and customer information to sign business associate agreements contractually requiring those subcontractors to adequately safeguard PHI and PII to the same extent that applies to us and in some cases by requiring such outsourcing subcontractors to undergo third-party security assessments. In addition, we periodically hire third-party security experts to assess and test our security posture. However, we cannot assure you that these contractual measures and other safeguards will adequately protect us from the risks associated with the storage and transmission of customers’ proprietary and protected health information.
We also publish statements to our customers that describe how we handle and protect PHI and PII. If federal or state regulatory authorities or private litigants consider any portion of these statements to be untrue, we may be subject to claims of deceptive practices, which could lead to significant liabilities and consequences, including, without limitation, costs of responding to investigations, defending against litigation, settling claims and complying with regulatory or court orders.
We also send short message service (“SMS”), text messages to potential end users who are eligible to use our service through certain customers and partners. While we obtain consent from or on behalf of these individuals to send text messages, federal or state regulatory authorities or private litigants may claim that the notices and disclosures we provide, or form of consents we obtain or our SMS texting practices, are not adequate. These SMS texting campaigns are potential sources of risk for class action lawsuits and liability for our company. Numerous class-action suits under federal and state laws have been filed in the past year against companies who conduct SMS texting programs, with many resulting in multi-million-dollar settlements to the plaintiffs. Any future such litigation against us could be costly and time-consuming to defend.
If we fail to maintain properly the integrity or availability of our data or successfully consolidate, integrate, upgrade or expand our existing information systems, or if our technology products do not operate as intended, our business could be materially and adversely affected.
Our business depends on the integrity and timeliness of the data we use to serve our members, customers and health care professionals and to operate our business. If the data we rely upon to run our businesses is found to be inaccurate or unreliable or if we fail to maintain or protect our information systems and data integrity effectively, we could experience failures in our health, wellness and information technology products; lose existing customers; have difficulty attracting new customers; experience problems in determining medical cost estimates and establishing appropriate pricing; have difficulty preventing, detecting and controlling fraud; have disputes with customers, physicians and other health care professionals; become subject to regulatory sanctions, penalties, investigations or audits; incur increases in operating expenses; or suffer other adverse consequences. The volume of health care data generated, and the uses of data, including electronic health records, are rapidly expanding. Our ability to implement new and innovative services, automate and deploy new technologies to simplify administrative processes and clinical decision making, price our products and services adequately, provide effective service to our customers and consumers in an efficient and uninterrupted fashion, provide timely payments to care providers, and report accurately our results of operations depends on the integrity of the data in our information systems. In addition, connectivity among technologies is becoming increasingly important and recent trends toward greater consumer engagement in health care require new and enhanced technologies, including more sophisticated applications for mobile devices. Our information systems require an ongoing commitment of significant resources to maintain, protect and enhance existing systems and develop new systems to keep pace with continuing changes in information processing technology, evolving systems and regulatory standards and changing customer preferences. We periodically consolidate, integrate, upgrade and expand our information systems’ capabilities as a result of technology initiatives, recently enacted regulations, changes in our system platforms and integration of new business acquisitions. Our process of consolidating the number of systems we operate, upgrading and expanding our information systems’ capabilities, enhancing our systems and developing new systems to keep pace with continuing changes in information processing technology may not be successful. Failure to protect, consolidate and integrate our systems successfully could result in higher than expected costs and diversion of management’s time and energy, which could materially and adversely affect our results of operations, financial position and cash flows. Certain of our businesses sell and install software products which may contain unexpected design defects or may encounter unexpected complications during installation or when used with other technologies utilized by the customer. A failure of our technology products to operate as intended and in a seamless fashion with other products could materially and adversely affect our results of operations, financial position and cash flows. Uncertain and rapidly evolving U.S. federal and state, non-U.S. and international laws and regulations related to health data and the health information technology market may alter the competitive landscape or present compliance challenges and could materially and adversely affect the configuration of our information systems and platforms, and our ability to compete in this market.
We rely on data center providers, Internet infrastructure, bandwidth providers, third-party computer hardware and software, other third parties and our own systems for providing services to our customers, and any failure or interruption in the services provided by these third parties or our own systems could expose us to litigation and negatively impact our relationships with customers, adversely affecting our brand and our business.
We serve all of our customers leveraging a multi-cloud architecture using four vendors: Armor Defense; AWS, Microsoft Azure, and Google. This architecture provides redundancy, cost savings, and reduces our reliance on one single vendor. The actual instances are geographically diverse to insulate our applications from local failures, and have an additional layer of redundancy provided by company managed data centers. While we control and have access to our servers, we do not control the operation of these facilities. The cloud vendors and the owners of our data center facilities have no obligation to renew their agreements with us on commercially reasonable terms, or at all. If we are unable to renew these agreements on commercially reasonable terms, or if one of our cloud vendors or data center operators is acquired, we may be required to transfer our servers and other infrastructure to a new vendor or a new data center facility, and we may incur significant costs and possible service interruption in connection with doing so. Problems faced by our cloud vendors or third-party data center locations with the telecommunications network providers with whom we or they contract or with the systems by which our telecommunications providers allocate capacity among their customers, including us, could adversely affect the experience of our customers. Our cloud vendors or third-party data center operators could decide to close their facilities without adequate notice. In addition, any financial difficulties, such as bankruptcy faced by our cloud vendors or third-party data centers operators or any of the service providers with whom we or they contract may have negative effects on our business, the nature and extent of which are difficult to predict.
Additionally, if our cloud vendors or data centers are unable to keep up with our growing needs for capacity, this could have an adverse effect on our business. For example, a rapid expansion of our business could affect the service levels at our cloud vendors or data centers or cause such cloud systems or data centers and systems to fail. Any changes in third-party service levels at our cloud vendors or data centers or any disruptions or other performance problems with our products and services could adversely affect our reputation and may damage our customers’ stored files or result in lengthy interruptions in our services. Interruptions in our services may reduce our revenue, cause us to issue refunds to customers for prepaid and unused subscriptions, subject us to potential liability or adversely affect customer renewal rates.
We also rely on computer hardware purchased or leased, and software, storage and computers licensed from third parties in order to offer our solutions, including services from Google, Microsoft, Amazon, Apple, Audiocodes, Atlassian, Perforce and Redhat. These licenses are generally commercially available on varying terms. However, it is possible that this hardware and software may not continue to be available on commercially reasonable terms, or at all. Any loss of the right to use any of this hardware or software could result in delays in the provisioning of our services until equivalent technology is either developed by us, or, if available, is identified, obtained and integrated. These licenses are generally commercially available on varying terms. However, it is possible that this hardware and software may not continue to be available on commercially reasonable terms, or at all. Any loss of the right to use any of this hardware or software could result in delays in the provisioning of our services until equivalent technology is either developed by us, or, if available, is identified, obtained and integrated.
Our ability to deliver our internet-based and mobile-application based services depends on the development and maintenance of the infrastructure of the internet by third parties. This includes maintenance of a reliable network backbone with the necessary speed, data capacity, bandwidth capacity and security. Our services are designed to operate without interruption. However, we may experience future interruptions and delays in services and availability from time to time. In the event of a catastrophic event with respect to one or more of our systems or those of our service providers, we may experience an extended period of system unavailability, which could negatively impact our relationship with customers, providers, partners, and suppliers.
We exercise limited control over third-party vendors, which increases our vulnerability to problems with technology and information services they provide. Interruptions in our network access and services may in connection with third-party technology and information services reduce our revenue, cause us to issue refunds to customers for prepaid and unused subscription services, subject us to potential liability or adversely affect customer renewal rates. Although we maintain a security and privacy damages insurance policy, the coverage under our policies may not be adequate to compensate us for all losses that may occur related to the services provided by our third-party vendors. In addition, we may not be able to continue to obtain adequate insurance coverage at an acceptable cost, if at all.
If our security measures fail or are breached and unauthorized access to a customer’s data is obtained, our services may be perceived as insecure, we may incur significant liabilities, our reputation may be harmed and we could lose sales and customers.
Our services involve the storage and transmission of customers’ proprietary information, sensitive or confidential data, including valuable intellectual property and personal information of employees, customers and others, as well as the protected health information, or PHI, of our customers. Because of the extreme sensitivity of the information we store and transmit, the security features of our computer, network and communications systems infrastructure are critical to the success of our business. A breach or failure of our security measures, or the security of our data storage vendors, could result from a variety of circumstances and events, including third-party action, employee negligence or error, malfeasance, computer viruses, malicious code (including ransomware), cyber-attacks by computer hackers, failures during the process of upgrading or replacing software and databases, power outages, hardware failures, telecommunication failures, user errors or catastrophic events.
Information security risks have generally increased in recent years because of the proliferation of new technologies and the increased sophistication and activities of perpetrators of cyber-attacks. As cyber threats continue to evolve, we may be required to expend additional resources to further enhance our information security measures and/or to investigate and remediate any information security vulnerabilities. If our or our vendors’ security measures fail or are breached, it could result in unauthorized persons accessing sensitive customer data (including PHI), a loss of or damage to our data or an inability to access data sources or process data or provide our services to our customers. There have also been several highly publicized cases in which hackers have requested “ransom” payments in exchange for not disclosing customer or other confidential information or for not disabling the target company’s computer or other systems, and we have not been immune to this risk. Such failures or breaches of our security measures, or our inability to effectively resolve such failures or breaches in a timely manner, could severely damage our reputation, adversely affect customer or investor confidence in us, and reduce the demand for our services from existing and potential customers. In addition, we could face litigation, damages for contract breach, monetary penalties or regulatory actions for violation of applicable laws or regulations and incur significant costs for remedial measures to prevent future occurrences and mitigate past violations. Although we maintain insurance covering certain security and privacy damages and claim expenses, we may not carry insurance or maintain coverage sufficient to compensate for all liability and in any event, insurance coverage would not address the reputational damage that could result from a security incident.
We may experience cybersecurity and other breach incidents that remain undetected for an extended period. Because techniques used to obtain unauthorized access or to sabotage systems change frequently and generally are not recognized until launched, we may be unable to anticipate these techniques or to implement adequate preventive measures. If an actual or perceived breach of our security occurs, or if we are unable to effectively resolve such breaches in a timely manner, the market perception of the effectiveness of our security measures could be harmed and we could lose sales, customers, which could have a material adverse effect on our business, operations, and financial results.
We are exposed to data and cybersecurity risks that could result in data breaches, service interruptions, ransomware and demands, harm to our reputation, protracted and costly litigation or significant liability.
In connection with the products and services that we provide, we collect, use, store, transmit and otherwise process certain confidential, proprietary and sensitive information, including PII and PHI of customers, employees and others. We rely on the efficient, uninterrupted and secure operation of complex information technology systems and networks to operate our business and securely store, transmit and otherwise process such information. In the normal course of business, we also share information with our service providers and other third parties. A failure to safeguard the integrity, confidentiality, availability and authenticity of personal information, customer data and our proprietary data from cyber-attacks, unauthorized access, fraudulent activity (e.g., check “kiting” or fraud, wire fraud or other dishonest acts), data breaches, ransomware and other security incidents that we, our third-party service providers or our customers may experience may lead to modification, destruction, loss of availability or theft of critical and sensitive data pertaining to us, our customers or other third parties. While we have taken extensive precautions to protect such confidential, proprietary and sensitive information, including personal information, these risks were heightened due to our remote workforce due to the COVID-19 pandemic, and there can be no assurance that such actions will be sufficient to prevent cyber-attacks or security breaches or mitigate all potential risks to our systems, networks and data, particularly with the recent proliferation of ransomware attacks around the world. All such protective measures, as well as additional measures that may be required to comply with rapidly evolving data privacy and security standards and protocols imposed by law, regulation, industry standards or contractual obligations, have and will continue to cause us to incur substantial expenses. Failure to timely upgrade or maintain computer systems, software and networks as necessary could also make us or our third-party service providers susceptible to breaches and unauthorized access and misuse. We may be required to expend significant additional resources to modify, investigate or remediate vulnerabilities or other exposures arising from data and cybersecurity risks.
Improper access to our or our third-party service providers’ systems or databases could result in the theft, publication, deletion or modification of confidential, proprietary or sensitive information, including personal information. An actual or perceived breach of our security systems or those of our third-party service providers may require notification under applicable data privacy regulations or contractual obligations. The accidental or unauthorized access to or disclosure, loss, destruction, disablement, corruption or encryption of, use or misuse of or modification of our, our customers’ or other third parties’ confidential, proprietary or sensitive information, including personal information, by us or our third-party service providers could result in significant fines, penalties, orders, sanctions and proceedings or actions against us by governmental bodies and other regulatory authorities, customers or third parties, which could materially and adversely affect our business, financial condition and results of operations. Any such proceeding or action, and any related indemnification obligations, could damage our reputation, force us to incur significant expenses in defense of such proceeding or action, distract our management, increase our costs of doing business or result in the imposition of financial liability.
Despite our efforts to ensure the integrity, confidentiality, availability, and authenticity of our proprietary systems and information, it is possible that we may not be able to anticipate or to implement effective preventive measures against all cyber threats. No security solution, strategy, or measures can address all possible security threats or block all methods of penetrating a
network or otherwise perpetrating a security incident. The risk of unauthorized circumvention of our security measures or those of our third-party providers, customers and partners has been heightened by advances in computer and software capabilities and the increasing sophistication of hackers, including those operating on behalf of nation-state actors, who employ complex techniques involving the theft or misuse of personal and financial information, counterfeiting, “phishing” or social engineering incidents, account takeover attacks, denial or degradation of service attacks, malware, fraudulent payment and identity theft. Because the techniques used by hackers change frequently and are increasingly complex and sophisticated, and new technologies may not be identified until they are launched against a target, we and our third-party service providers may be unable to anticipate these techniques or detect an incident, assess its severity or impact, react or appropriately respond in a timely manner or implement adequate preventative measures. Our systems are also subject to compromise from internal threats, such as theft, misuse, unauthorized access or other improper actions by employees, service provides and other third parties with otherwise legitimate access to our systems or databases. The latency of a compromise is often measured in months, but could be years, and we may not be able to detect a compromise in a timely manner.
Due to applicable laws and regulations or contractual obligations, we may also be held responsible for any failure or cybersecurity breaches attributed to our third-party service providers as they relate to the information that we share with them. Although we generally have agreements relating to data privacy and security in place with our third-party service providers, they are limited in nature and we cannot guarantee that such agreements will prevent the accidental or unauthorized access to or disclosure, loss, destruction, disablement, corruption or encryption of, use or misuse of or modification of confidential, proprietary or sensitive information, including personal information, or enable us to obtain reimbursement from third-party service providers in the event we should suffer incidents resulting in accidental or unauthorized access to or disclosure, loss, destruction, disablement or encryption of, use or misuse of or modification of confidential, proprietary or sensitive information, including personal information. In addition, because we do not control our third-party service providers and our ability to monitor their data security is limited, we cannot ensure the security measures they take will be sufficient to protect confidential, proprietary or sensitive information (including personal information).
Regardless of whether a security incident or act of fraud involving our solutions is attributable to us or our third-party service providers, such an incident could, among other things, result in improper disclosure of information, harm our reputation and brand, reduce the demand for our products and services, lead to loss of customer business or confidence in the effectiveness of our security measures, disrupt normal business operations or result in our systems or products and services being unavailable. In addition, such incidents may require us to spend material resources to investigate or correct the incident and to prevent future security incidents, expose us to uninsured liability, increase our risk of regulatory scrutiny, expose us to protracted and costly litigation, trigger indemnity obligations, result in damages for contract breach, divert the attention of management from the operation of our business and otherwise cause us to incur significant costs or liabilities, any of which could affect our financial condition, results of operations and reputation. Moreover, there could be public announcements regarding any such incidents and any steps we take to respond to or remediate such incidents, and if securities analysts or investors perceive these announcements to be negative, it could, among other things, have a substantial adverse effect on the price of our common stock. In addition, our remediation efforts may not be successful. Further, any adverse findings in security audits or examinations could result in reputational damage to us, which could reduce the use and acceptance of our solutions, cause our customers to cease doing business with us or have a significant adverse impact on our revenue and future growth prospects. Furthermore, even if not directed at us specifically, attacks on other financial institutions could disrupt the overall functioning of the financial system or lead to additional regulation and oversight by federal and state agencies, which could impose new and costly compliance obligations.
If we or third parties on which we rely sustain cyber-attacks or other privacy or data security incidents resulting in security breaches disrupting our operations or resulting in the unintended dissemination of protected personal information or proprietary or confidential information, we could suffer a loss of revenue and increased costs, exposure to significant liability, reputational harm and other serious negative consequences.
We routinely process, store and transmit large amounts of data in our operations, including protected personal information subject to privacy, security or data breach notification laws, as well as proprietary or confidential information relating to our business or third parties. Some of the data we process, store and transmit may be outside of the United States due to our information technology systems and international business operations. We are regularly the target of attempted cyber-attacks and other security threats and may be subject to breaches of the information technology systems we use. We have programs in place to detect, contain and respond to data security incidents and provide employee awareness training regarding phishing, malware and other cyber risks to protect against cyber risks and security breaches. However, because the techniques used to obtain unauthorized access, disable or degrade service, or sabotage systems change frequently and are increasing in sophistication, we may be unable to anticipate these techniques, detect breaches for long periods of time or implement adequate preventive measures. Experienced computer programmers and hackers may be able to penetrate our security controls and access, misappropriate or otherwise compromise protected personal information or proprietary or confidential information or that of third parties, create system disruptions or cause system shutdowns, negatively affecting our operations. They also may be able to develop and deploy viruses, worms and other malicious software programs attacking our systems or otherwise exploit
any security vulnerabilities. Hardware, software, or applications we develop or procure from third parties may contain defects in design or manufacture or other problems which could unexpectedly compromise information security. Our facilities and services may also be vulnerable to security incidents or security attacks; acts of vandalism or theft; coordinated attacks by activist entities; financial fraud schemes; misplaced or lost data; human error; malicious social engineering; or other events which could negatively affect our systems, our customers’ data, proprietary or confidential information relating to our business or third parties, or our operations. Moreover, there has been an increase in new financial fraud schemes and ransomware attacks on large companies, whereby cybercriminals install malicious software preventing users or the enterprise from accessing computer files, systems or networks and demand payment of a ransom for return of access. In addition, there may be a heightened vulnerability due to the lack of physical supervision and on-site infrastructure for remote workforce operations. In certain circumstances we may rely on third-party vendors to process, store and transmit large amounts of data for our business whose operations are subject to similar risks. The costs to eliminate or address the foregoing security threats and vulnerabilities before or after a cyber-incident could be material. We have business continuation and resiliency plans which are maintained, updated and tested regularly in an effort to ensure successful containment and remediation of potential disruptions or cyber events. In the event that our remediation efforts may not be successful, it could result in interruptions, delays, or cessation of service and loss of existing or potential customers. In addition, breaches of our security measures and the unauthorized dissemination of sensitive personal information, proprietary information or confidential information about us or our customers or other third parties, could expose our customers’ private information and our customers to the risk of financial or medical identity theft, or expose us or other third parties to a risk of loss or misuse of this information, result in litigation and/or liability, including regulatory penalties, for us, damage our brand and reputation, or otherwise harm our business.
We could incur substantial costs as a result of any claim of infringement of another party’s intellectual property rights.
In recent years, there has been significant litigation in the United States involving patents and other intellectual property rights. Companies in the Internet and technology industries are increasingly bringing and becoming subject to suits alleging infringement of proprietary rights, particularly patent rights, and our competitors and other third parties may hold patents or have pending patent applications, which could be related to our business.
These risks have been amplified by the increase in third parties, which we refer to as non-practicing entities, whose sole primary business is to assert such claims. Regardless of the merits of any intellectual property litigation, we may be required to expend significant management time and financial resources on the defense of such claims, and any adverse outcome of any such claim or the above referenced review could have a material adverse effect on our business, financial condition or results of operations. We expect that we may receive in the future notices that claim we or our customers using our products have misappropriated or misused other parties’ intellectual property rights, particularly as the number of competitors in our market grows and the functionality of applications amongst competitors overlaps. Any future litigation, whether or not successful, could be extremely costly to defend, divert our management’s time, attention and resources, damage our reputation and brand and substantially harm our business.
In addition, in most instances, we have agreed to indemnify our customers against certain third-party claims, which may include claims that our products infringe the intellectual property rights of such third parties. Our business could be adversely affected by any significant disputes between us and our customers as to the applicability or scope of our indemnification obligations to them. The results of any intellectual property litigation to which we may become a party, or for which we are required to provide indemnification, may require us to do one or more of the following:
•cease offering or using technologies that incorporate the challenged intellectual property;
•make substantial payments for legal fees, settlement payments or other costs or damages;
•obtain a license, which may not be available on reasonable terms, to sell or use the relevant technology; or
•redesign technology to avoid infringement.
If we are required to make substantial payments or undertake any of the other actions noted above as a result of any intellectual property infringement claims against us or any obligation to indemnify our customers for such claims, such payments or costs could have a material adverse effect on our business, financial condition and results of operations.
We are currently party to, and may enter into future, in-bound intellectual property license agreements. We may not be able to fully protect the intellectual property rights licensed to us or maintain those licenses. Our licensors may retain the right to prosecute and defend the intellectual property rights licensed to us, in which case we would depend on the ability of our licensors to obtain, maintain and enforce intellectual property protection for the licensed intellectual property. These licensors may determine not to pursue litigation against other companies or may pursue such litigation less aggressively than we would. In addition, such licenses may only provide us with non-exclusive rights, which could allow other third parties, including our competitors, to utilize the licensed intellectual property rights. Further, our in-bound license agreements may impose various diligence, commercialization, royalty or other obligations on us. Our licensors may allege that we have breached our license
agreement with them, and accordingly seek to terminate our license, which could adversely affect our competitive business position and harm our business prospects.
Any failure to protect our intellectual property rights could impair our ability to protect our technology and our brand.
Our success depends in part on our ability to enforce our intellectual property and other proprietary rights. We rely upon a combination of patent, trademark, copyright, and trade secret laws, as well as license and access agreements and other contractual provisions, to protect our intellectual property and other proprietary rights. In addition, we attempt to protect our intellectual property and proprietary information by requiring our employees, consultants and certain of our contractors to execute confidentiality and assignment of inventions agreements. These laws, procedures and restrictions provide only limited protection and any of our intellectual property rights may be challenged, invalidated, circumvented, infringed or misappropriated. To the extent that our intellectual property and other proprietary rights are not adequately protected, third parties may gain access to our proprietary information, develop and market solutions similar to ours or use trademarks similar to ours, each of which could materially harm our business. Unauthorized parties may also attempt to copy or obtain and use our technology to develop applications with the same functionality as our products, and policing unauthorized use of our technology and intellectual property rights is difficult and may not be effective. The failure to adequately protect our intellectual property and other proprietary rights could have a material adverse effect on our business, financial condition and results of operations.
Risks Related to Tax
Certain U.S. state tax authorities may assert that we have a state nexus and seek to impose state and local income taxes, which could adversely affect our results of operations.
We currently operate in several states. There is a risk that certain state tax authorities where we do not currently file a state income tax return could assert that we are liable for state and local income taxes based upon income or gross receipts allocable to such states. States are becoming increasingly aggressive in asserting a nexus for state income tax purposes. We could be subject to state and local taxation, including penalties and interest attributable to prior periods, if a state tax authority successfully asserts that our activities give rise to a nexus. Such tax assessments, penalties and interest may adversely affect our results of operations.
Taxing authorities may successfully assert that we should have collected or in the future should collect sales and use or similar taxes for digital health services, which could adversely affect our results of operations.
We do not collect sales and use and similar taxes in any states for digital health services based on our belief that our services are not subject to such taxes in any state. Sales and use and similar tax laws and rates vary greatly from state to state. Additionally, we do not collect value-added tax or similar taxes in certain foreign jurisdictions based on our belief that our services are not subject to such taxes. Certain states or foreign jurisdictions in which we do not collect such taxes may assert that such taxes are applicable, which could result in tax assessments, penalties and interest with respect to past services, and we may be required to collect such taxes for services in the future. Such tax assessments, penalties and interest or future requirements may adversely affect our results of operations.
Unanticipated changes in effective tax rates or adverse outcomes resulting from examination of our income or other tax returns could adversely affect our financial condition and results of operations.
We are subject to income taxes in the United States and other jurisdictions, and our tax liabilities will be subject to the allocation of expenses in differing jurisdictions. Our future effective tax rates could be subject to volatility or adversely affected by a number of factors, including:
•changes in the valuation of our deferred tax assets and liabilities;
•expected timing and amount of the release of any tax valuation allowances;
•tax effects of stock-based compensation;
•tax effects of transaction costs;
•costs related to intercompany restructurings;
•costs related to impairment of goodwill and intangible assets;
•changes in tax laws, regulations or interpretations thereof; or
•lower than anticipated future earnings in jurisdictions where we have lower statutory tax rates and higher than anticipated future earnings in jurisdictions where we have higher statutory tax rates.
In addition, we may be subject to audits of our income, sales and other transaction taxes by taxing authorities. Outcomes from these audits could have an adverse effect on our financial condition and results of operations.
General Risks Related to the Company
Because we have no current plans to pay cash dividends on shares of common stock for the foreseeable future, you may not receive any return on investment unless you sell your shares of common stock for a price greater than that which you paid for it.
We may retain future earnings, if any, for future operations, expansion and debt repayment and have no current plans to pay any cash dividends for the foreseeable future. Any decision to declare and pay dividends as a public company in the future will be made at the discretion of the Company’s Board of Directors and will depend on, among other things, our results of operations, financial condition, cash requirements, contractual restrictions and other factors that the Board of Directors may deem relevant. In addition, our ability to pay dividends may be limited by covenants of any existing and future outstanding indebtedness we or our subsidiaries incur. As a result, you may not receive any return on an investment in the common stock unless you sell your common stock for a price greater than that which you paid for it.
There can be no assurance that UpHealth will be able to comply with the continued listing standards of the NYSE.
UpHealth’s common stock and warrants are listed on the NYSE under the symbol “UPH” and “UPH.WS,” respectively. If the NYSE delists UpHealth’s shares from trading on its exchange for failure to meet the listing standards, UpHealth and its stockholders could face significant material adverse consequences including:
•a limited availability of market quotations for UpHealth’s securities;
•a determination that UpHealth common stock is a “penny stock” which will require brokers trading in UpHealth common stock to adhere to more stringent rules, possibly resulting in a reduced level of trading activity in the secondary trading market for shares of UpHealth common stock;
•a limited amount of analyst coverage; and
•a decreased ability to issue additional securities or obtain additional financing in the future.
On December 5, 2022 our stockholders approved an amendment to our Second Amended and Restated Certificate of Incorporation to effect a reverse split of the outstanding shares of our common stock, par value $0.0001 per share, at a specific ratio within a range of 4:1 to 10:1, with the specific ratio to be fixed within this range by our board of directors in its sole discretion without further stockholder approval (the “Reverse Stock Split”). Our board of directors fixed the Reverse Stock Split ratio at 10:1, such that each ten shares of common stock were combined and reconstituted into one share of common stock effective December 8, 2022. Although the Reverse Stock Split enabled us to regain compliance with the continued listing standards of the NYSE by raising the price of our common stock above the $1.00 continued listing criterion, if, in the future, our stock price again falls below the continued listing criterion of a minimum share price of $1.00 over a 30-trading day period, our common stock will be subject to immediate review by the NYSE. In such an event, the NYSE could determine that we do not satisfy its continued listing standards, and we may be subject to delisting if we are unable to cure any such noncompliance.
The Company may be required to take write-downs or write-offs, restructuring and impairment or other charges that could have a significant negative effect on its financial condition, results of operations and stock price, which could cause you to lose some or all of your investment.
As a result of events which occurred during the three months ended September 30, 2022, as discussed under the heading “Dispute and Litigation Regarding Control of Glocal Board of Directors” in Item 3, Legal Proceedings, of Part I of this Annual Report, we determined that a reconsideration event occurred in July 2022, which required us to reassess whether Glocal Healthcare Systems Private Limited (“Glocal”) was a variable interest entity (“VIE”) and whether we continued to have a controlling financial interest in Glocal. Based on this assessment, we concluded that Glocal was a VIE, and furthermore, that we no longer have the ability to direct any activities of Glocal and no longer have a controlling financial interest. As a result, effective July 2022, we deconsolidated Glocal and recorded a $37.7 million loss on deconsolidation of equity investment in our consolidated statements of operations, measured as the difference between the probability-weighted fair value of Glocal of $21.2 million and the carrying amount of Glocal’s assets and liabilities as of June 30, 2022. The probability-weighted fair value of Glocal is included in equity investment in our consolidated balance sheets. Further, we assessed the prospective accounting for our equity investment in Glocal. Since we no longer had the ability to exercise significant influence over operating and financial policies of Glocal, we concluded the investment should be accounted for utilizing the ASC 621 measurement alternative, whereby the investment was measured at cost and will continue to be evaluated for any indicators of impairment. In addition, we derecognized $14.3 million of noncontrolling interests related to Glocal. If through the legal processes discussed under the heading “Dispute and Litigation Regarding Control of Glocal Board of Directors” in Item 3, Legal Proceedings, of Part I of this Annual Report, we are able to obtain the ability to direct the activities of Glocal, and it is our intent to exercise all
legal rights and remedies to achieve such a result, then we will further reassess the appropriate accounting treatment of our investment in Glocal.
The Company may be forced to write-down or write-off assets in the future, restructure its operations, or incur impairment or other charges that could result in losses. Even though these charges may be non-cash items and may not have an immediate impact on the Company’s liquidity, the fact that the Company reports charges of this nature could contribute to negative market perceptions about it or its securities. Furthermore, as a result of indicators of impairment identified during the three months ended September 30, 2022, we performed a goodwill impairment assessment as of September 30, 2022, which included both qualitative and quantitative assessments. Our assessment included a comparison of carrying value to an estimated fair value using a market approach based on our market capitalization. Based on this assessment, we concluded the fair value of two segments was below the carrying value primarily due to the recent change in our market valuation and financial performance and recorded a goodwill impairment in the amount of $89.1 million and an intangible asset impairment in the amount of $16.9 million. We also recorded a $1.8 million charge on the remeasurement of the disposal group held for sale in the three months ended December 31, 2022, in connection with the pending sale of Innovations Group. Additionally, we recorded a $5.5 million measurement period adjustment at Glocal that was immediately impaired, and a $0.7 million trade name intangible asset impairment at TTC during the three months ended March 31, 2022. In addition, charges of this nature may cause the Company to be unable to obtain future financing on favorable terms or at all.
UpHealth incurs significant increased expenses and administrative burdens as a public company, which may have an adverse effect on its business, financial condition and results of operations.
UpHealth faces increased legal, accounting, administrative and other costs and expenses as a public company that UpHealth Holdings and Cloudbreak did not incur as private companies. The Sarbanes-Oxley Act, including the requirements of Section 404, as well as rules and regulations subsequently implemented by the SEC, the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 and the rules and regulations promulgated and to be promulgated thereunder, Public Company Accounting Oversight Board (the “PCAOB”) and the securities exchanges, impose additional reporting and other obligations on public companies. Compliance with public company requirements increase costs and make certain activities more time-consuming. A number of those requirements require UpHealth to carry out activities that neither UpHealth Holdings nor Cloudbreak did previously. For example, UpHealth has created new board committees and adopted new internal controls and disclosure controls and procedures. In addition, expenses associated with SEC reporting requirements have been, and will continue to be, incurred. Furthermore, if any issues in complying with those requirements are identified (for example, if the auditors or the Company identifies a material weakness or significant deficiency in the internal control over financial reporting), UpHealth could incur additional costs rectifying those issues, and the existence of those issues could adversely affect UpHealth’s reputation or investor perceptions of it. It may also be more expensive to obtain director and officer liability insurance. Risks associated with UpHealth’s status as a public company may make it more difficult to attract and retain qualified persons to serve on the UpHealth Board or as executive officers. The additional reporting and other obligations imposed by these rules and regulations will increase legal and financial compliance costs and the costs of related legal, accounting and administrative activities. These increased costs have required, and will continue to require, UpHealth to divert a significant amount of money that could otherwise be used to expand the business and achieve strategic objectives. Advocacy efforts by stockholders and third parties may also prompt additional changes in governance and reporting requirements, which could further increase costs.
Certain of our warrants are being accounted for as a warrant liability and are being recorded at fair value upon issuance with changes in fair value each period reported in earnings, which may have an adverse effect on the market price of our common stock.
In the private placement of units that occurred concurrently with our IPO, our Founders acquired 56,750 private warrants (as adjusted for the Reverse Stock Split). The private warrants are exercisable for cash or on a cashless basis, at the holder’s option, and are non-redeemable so long as they are held by the initial purchasers or their permitted transferees. If the private warrants are held by someone other than the initial purchasers or their permitted transferees, the private warrants will be redeemable by the Company and exercisable by such holders on the same basis as the warrants included in the units sold in the IPO, in which case the 56,750 private warrants could be redeemed by the Company for $5,675. Under GAAP, we are required to evaluate contingent exercise provisions of these warrants and then their settlement provisions to determine whether they should be accounted for as a warrant liability or as equity. Any settlement amount not equal to the difference between the fair value of a fixed number of our equity shares and a fixed monetary amount precludes these warrants from being considered indexed to our own stock, and therefore, from being accounted for as equity. As a result of the provision that the private warrants, when held by someone other than the initial purchasers or their permitted transferees, will be redeemable by the Company, the requirements for accounting for these warrants as equity are not satisfied. Therefore, as described in our financial statements included in this Annual Report, we are accounting for these private warrants as a warrant liability and are recording that liability at fair value upon issuance and are recording any subsequent changes in fair value as of the end of each period for which
earnings are reported, as we determine based upon a valuation report obtained from our independent third party valuation firm. The impact of changes in fair value on earnings may have an adverse effect on the market price of our common stock.
The Company’s ability to be successful is totally dependent upon the efforts of its key personnel.
The Company’s ability to be successful is dependent upon the efforts of the Company. Furthermore, while the Company intends to closely scrutinize any individuals it hires in the future, it cannot assure you that its assessment of these individuals will prove to be correct. These individuals may be unfamiliar with the requirements of operating a public company which could cause the Company to have to expend time and resources helping them become familiar with such requirements. This could be expensive and time-consuming and could lead to various regulatory issues which may adversely affect its operations.
A market for the Company’s securities may not continue, which would adversely affect the liquidity and price of its securities, and the failure to maintain the Company’s common stock as listed on a national exchange would constitute a Fundamental Change under the Company’s indentures.
The price of the Company’s securities may fluctuate significantly due to the market’s reaction to the Company’s financial performance and general market and economic conditions. An active trading market for the Company’s securities may never develop or, if developed, it may not be sustained. In addition, the price of the Company’s securities can vary due to general economic conditions and forecasts, the Company’s general business condition and the release of the Company’s financial reports. Additionally, if the Company’s securities become delisted from the NYSE for any reason, and are quoted on the OTC Bulletin Board (an inter-dealer automated quotation system for equity securities that is not a national securities exchange), the liquidity and price of the Company’s securities may be more limited than if the Company’s securities were quoted or listed on the NYSE or another national securities exchange. You may be unable to sell your securities unless a market can be established or sustained.
In addition, the failure to maintain the Company’s common stock as listed on a national exchange will constitute a “Fundamental Change” under the Company’s indentures governing its convertible notes. As such, if the common stock were to become delisted prior to the respective maturity dates of the convertible notes, a holder may elect to surrender its convertible notes for conversion upon the effectiveness of the delisting and the conversion rate applicable to such notes will be increased by a number of additional shares of common stock determined in accordance with the terms of the indentures.
If the Company does not meet the expectations of investors, stockholders or financial analysts, the market price of the Company’s securities may decline.
If the Company does not meet the expectations of investors or securities analysts, the market price of the Company’s securities may decline.
In addition, fluctuations in the price of the Company’s securities could contribute to the loss of all or part of your investment. Any of the factors listed below could have a material adverse effect on your investment in the Company’s securities and the Company’s securities may trade at prices significantly below the price you paid for them. In such circumstances, the trading price of the Company’s securities may not recover and may experience a further decline.
Factors affecting the trading price of the Company’s securities may include:
•actual or anticipated fluctuations in the Company’s quarterly financial results or the quarterly financial results of companies perceived to be similar to the Company;
•changes in the market’s expectations about the Company’s operating results;
•success of competitors;
•the Company’s operating results failing to meet the expectation of securities analysts or investors in a particular period;
•changes in financial estimates and recommendations by securities analysts concerning the Company or the market in general;
•operating and stock price performance of other companies that investors deem comparable to the Company’s;
•the Company’s ability to market new and enhanced services and products on a timely basis;
•changes in laws and regulations affecting the Company’s business;
•commencement of, or involvement in, litigation involving the Company;
•changes in the Company’s capital structure, such as future issuances of securities or the incurrence of additional debt;
•the volume of shares of the Company’s securities available for public sale;
•any major change in the board or management;
•sales of substantial amounts of common stock by the Company’s directors, executive officers or significant stockholders or the perception that such sales could occur; and
•general economic and political conditions such as recessions, interest rates, fuel prices, international currency fluctuations and acts of war or terrorism.
Broad market and industry factors may materially harm the market price of the Company’s securities irrespective of its operating performance. The stock market in general and the NYSE have experienced price and volume fluctuations that have often been unrelated or disproportionate to the operating performance of the particular companies affected. The trading prices and valuations of these stocks, and of the Company’s securities, may not be predictable. A loss of investor confidence in the market for retail stocks or the stocks of other companies which investors perceive to be similar to the Company could depress the Company’s stock price regardless of the Company’s business, prospects, financial condition or results of operations. A decline in the market price of the Company’s securities also could adversely affect the Company’s ability to issue additional securities and the Company’s ability to obtain additional financing in the future.
If securities or industry analysts do not publish or cease publishing research or reports about the Company, its business, or its market, or if they change their recommendations regarding the Company’s securities adversely, the price and trading volume of the Company’s securities could decline.
The trading market for the Company’s securities will be influenced by the research and reports that industry or securities analysts may publish about the Company, its business, its market, or its competitors. Securities and industry analysts do not currently, and may never, publish research on the Company. If no securities or industry analysts commence coverage of the Company, the Company’s stock price and trading volume would likely be negatively impacted. If any of the analysts who may cover the Company, change their recommendation regarding the Company’s stock adversely, or provide more favorable relative recommendations about the Company’s competitors, the price of the Company’s securities would likely decline. If any analyst who may cover the Company were to cease coverage of the Company or fail to regularly publish reports on it, the Company could lose visibility in the financial markets, which could cause its stock price or trading volume to decline.
The future sales of shares by existing stockholders may adversely affect the market price of the Company’s common stock.
Sales of a substantial number of shares of the Company’s common stock in the public market could occur at any time. If the Company’s stockholders sell, or the market perceives that the Company’s stockholders intend to sell, substantial amounts of the Company’s common stock in the public market, the market price of the Company’s common stock could decline.
Resales of our shares of common stock could depress the market price of our common stock.
We have approximately 16,784,476 shares of common stock outstanding as of March 30, 2023. The shares held by the Company’s public stockholders are freely tradable. In addition, the Company registered shares of common stock issued as merger consideration (none of which remain subject to a contractual lockup period), and will be registering shares for resales by its officers, directors and other affiliates, as well as shares underlying the warrants and convertible notes issued by the Company, which shares will become available for resale following the exercise or conversion of the warrants or convertible notes, respectively. Rule 144 also became available for the resale of shares of our common stock on June 14, 2021. Such sales of shares of common stock or the perception of such sales may depress the market price of our common stock.
We are required to comply with certain provisions of Section 404 of the Sarbanes-Oxley Act, and if we fail to continue to comply, our business could be harmed and our stock price could decline.
Rules adopted by the SEC pursuant to Section 404 of the Sarbanes-Oxley Act require an annual assessment of internal control over financial reporting, and for certain issuers an attestation of this assessment by the issuer’s independent registered public accounting firm. The standards that must be met for management to assess the internal control over financial reporting as effective are evolving and complex, and require significant documentation, testing, and possible remediation to meet the detailed standards. We expect to incur significant expenses and to devote resources to Section 404 compliance on an ongoing basis. It is difficult for us to predict how long it will take or costly it will be to complete the assessment of the effectiveness of our internal control over financial reporting for each year and to remediate any deficiencies in our internal control over financial reporting. As a result, we may not be able to complete the assessment and remediation process on a timely basis. In addition, although the auditor attestation requirements are not presently applicable, to us we could become subject to these requirements in the future and we may encounter problems or delays in completing the implementation of any resulting changes to internal control over financial reporting. In the event that our Chief Executive Officer or Chief Financial Officer determine that our internal control over financial reporting is not effective as defined under Section 404, we cannot predict how regulators will react or how the market prices of our shares will be affected; however, we believe that there is a risk that investor confidence and share value may be negatively affected.
Our internal control over financial reporting may not be effective and our independent registered public accounting firm may not be able to certify as to their effectiveness, which could have a significant and adverse effect on our business and reputation.
As a public company, we are required to comply with the SEC’s rules implementing Sections 302 and 404 of the Sarbanes‑Oxley Act, which require management to certify financial and other information in our quarterly and annual reports and provide an annual management report on the effectiveness of internal control over financial reporting. To comply with the requirements of being a public company, the Company is required to provide management’s assessment on internal controls commencing with this Annual Report for the fiscal year ended December 31, 2022. The standards required for a public company under Section 404 of the Sarbanes-Oxley Act are significantly more stringent than those that were required of UpHealth Holdings and Cloudbreak as privately-held companies. Further, as an emerging growth company, our independent registered public accounting firm is not required to formally attest to the effectiveness of our internal control over financial reporting pursuant to Section 404 until the date we are no longer an emerging growth company. At such time, our independent registered public accounting firm may issue a report that is adverse in the event that it is not satisfied with the level at which the controls of the Company are documented, designed or operating.
Testing and maintaining these controls can divert our management’s attention from other matters that are important to the operation of our business. If we identify additional material weaknesses in the internal control over financial reporting of the Company or are unable to comply with the requirements of Section 404 or assert that our internal control over financial reporting is effective, or if our independent registered public accounting firm is unable to express an opinion as to the effectiveness of our internal control over financial reporting when we no longer qualify as an emerging growth company, investors may lose confidence in the accuracy and completeness of our financial reports and the market price of our common stock could be negatively affected, and we could become subject to investigations by the SEC or other regulatory authorities, which could require additional financial and management resources.
Changes in laws or regulations, or a failure to comply with any laws and regulations, may adversely affect the Company’s business, investments and results of operations.
The Company is subject to laws, regulations and rules enacted by national, regional and local governments. In particular, the Company is required to comply with certain SEC, NYSE and other legal or regulatory requirements, including the NYSE upon the transfer of its listing. Compliance with, and monitoring of, applicable laws, regulations and rules may be difficult, time consuming and costly. Those laws, regulations and rules and their interpretation and application may also change from time to time and those changes could have a material adverse effect on the Company’s business, investments and results of operations. In addition, a failure to comply with applicable laws, regulations and rules, as interpreted and applied, could have a material adverse effect on the Company’s business and results of operations.
The future exercise of registration rights may adversely affect the market price of our common stock.
Certain of our stockholders have registration rights for restricted securities. We are obligated to register certain securities, including (i) the shares of common stock held by a single institutional investor, and the shares of common stock issuable to such investor upon the exercise of warrants, pursuant to a securities purchase agreement, dated March 9, 2023, between us and such investor, (ii) all of the shares of common stock acquired in private placements prior to or in conjunction with our initial public offering, and (iii) certain shares of common stock held by former securities holders of UpHealth Holdings and Cloudbreak. We are obligated to file resale “shelf” registration statements to register such securities and use reasonable best efforts to cause such registration statements to be declared effective by the SEC as soon as reasonably practicable after the filing. Sales of a substantial number of shares of common stock pursuant to a resale registration statement in the public market could occur at any time such registration statement remains effective. In addition, certain registration rights holders can request underwritten offerings to sell their securities. These sales, or the perception in the market that the holders of a large number of shares intend to sell shares, could reduce the market price of our common stock.