$ACCD Risk Factor changes from 00/04/27/23/2023 to 00/04/25/24/2024

Item 1A.

Our business, results of operations, financial condition, and prospects could also be harmed by risks and uncertainties that are not presently known to us or that we currently believe are not material. If any of the risks actually occur, our business, results of operations, financial condition, and prospects could be materially and adversely affected. Unless otherwise indicated, references in these risk factors to our business being harmed will include harm to our business, reputation, brand, financial condition, results of operations, and prospects. In such event, the market price of our common stock could decline.Risks Related to Our Business and IndustryWe have a history of net losses, we anticipate increasing expenses in the future, and we may not be able to achieve or maintain profitability.We have incurred net losses in most periods since our inception and continue to have an accumulated deficit. We expect our costs will increase substantially in the foreseeable future and our losses will continue as we expect to invest significant additional funds towards growing our business and as we continue to invest in increasing our customer base, expanding our operations, hiring additional employees, and developing future offerings. These efforts may prove more expensive than we currently anticipate, and we may not succeed in increasing our revenue sufficiently to offset these higher expenses. We are unable to accurately predict when, or if, we will be able to achieve profitability. Even if we achieve profitability in the future, we may not be able to sustain profitability in subsequent periods. To date, we have financed our operations principally from the sale of our equity, revenue from sales of our offerings, and the incurrence of indebtedness. Our cash flow from operations was negative for each of the last three fiscal years, and we may not generate positive cash flow from operations in any given period. If we are not able to achieve or maintain positive cash flow in the long term, we may require additional financing, which may not be available on favorable terms or at all and/or which may be dilutive to our stockholders. If we are unable to successfully address these risks and challenges as we encounter them, our business may be harmed. Our failure to achieve or maintain profitability or positive cash flow could negatively impact the value of our common stock.We derive a significant portion of our revenue from our largest customers. The loss of any of these customers, or renegotiation of any of our contracts with these customers, could negatively impact our results.Historically we have relied on a limited number of customers for a significant portion of our revenue. The loss of any of our largest customers or the renegotiation of any of our largest customer contracts has in the past, and could in the future, adversely affect our results of operations. We typically enter into three-year contracts with our customers and certain of these contracts, including existing contracts with some of our largest customers, are terminable for convenience by our customers after an initial period and a notice period has passed. In the ordinary course of business, including in connection with renewals or extensions of these agreements, we engage in active discussions and renegotiations with our customers in respect of the solutions we provide and the terms of our customer agreements, including our fees. In addition, as our customers' businesses respond to market dynamics and financial pressures, and as our customers make decisions with respect to the health and other benefits they provide to their employees, our customers may seek to renegotiate or terminate their agreements with us, or may stage competitive request for proposal processes, any of which could result in the loss or reduced profitability of such customers’ agreements with us. Macroeconomic factors including heightened inflation and geopolitical tension may affect our customers' desire to renew their contracts. If customers undergo layoffs or reductions in force then our membership numbers would result in a reduction in our base and variable fee per-member-per-month (PMPM) and reduce our revenues. Because we rely on a limited number of customers for a significant portion of our revenue, delayed payments by a few of our largest customers could result in a reduction in, and greater volatility of, our free cash flow and available cash. We also depend on the creditworthiness of these customers. If the financial condition of one or more of our largest customers declines, our credit risk could increase. Should one or more of our largest customers declare bankruptcy, it could adversely affect the collectability of our accounts receivable and affect our bad debt reserves, net income, free cash flow, and available cash.Our operating results have in the past and could in the future vary significantly from quarter-to-quarter and year-to-year and may fail to match our past performance, our projections or the expectations of securities analysts because of a variety of factors, many of which are outside of our control and, as a result, should not be relied upon as an indicator of future performance. As a result, we may not be able to accurately forecast our operating results and growth rate. Any of these events could cause the market price of our common stock to fluctuate. As such, we believe that quarter-to-quarter and year-to-year comparisons of our operating results may not be meaningful and should not be relied upon as an indication of future performance.Our sales cycle can be long and unpredictable and requires considerable time and expense. As a result, our sales, revenue, and cash flows are difficult to predict and may vary substantially from period to period, which may cause our results of operations to fluctuate significantly.The timing of our sales, revenue, and cash flows is difficult to predict because of the length and unpredictability of our sales cycle. The sales cycle for our solutions from initial contact to launch varies widely by potential customer. Some of our potential customers, especially in the case of our prospective strategic and enterprise customers, undertake a significant and prolonged evaluation process, including to determine whether our solutions meet the specific needs of their group health plan, employee benefits programs, corporate budgets, and other goals, which frequently involves evaluation of not only our solutions but also an evaluation of other available solutions. Such evaluations have in the past resulted in extended sales cycles that, due to changes in corporate objectives, leadership involved in the selection process, and other factors, may result in delayed or suspended decision-making in awarding the sale. During the sales cycle, we expend significant time and money on sales and marketing activities, which lowers our operating margins, particularly if no sale occurs. For example, there may be unexpected delays in a potential customer's internal procurement processes, which involve intensive financial, operational, and security reviews, and for which our solutions represent a significant purchase. In addition, the significance and timing of our offering enhancements, and the introduction of new products by our competitors, may also affect our potential customers' purchases. For all of these reasons, it is difficult to predict whether a sale will be completed, the particular period in which a sale will be completed, or the period in which revenue from a sale will be recognized.Certain of our operating results and financial metrics may be difficult to predict as a result of seasonality.We believe there are significant seasonal factors that may cause us to record higher revenue in some quarters compared with others. We believe this variability is largely due to our focus on the healthcare industry. For example, with respect to our customers, in particular our customers with contract years commencing at the beginning of a calendar year, we record a disproportionate amount of revenue from such customers during the fourth quarter of our fiscal year relative to the first three quarters of our fiscal year. This timing is caused, in part, by the measurement, achievement, and associated revenue recognition of performance metrics and healthcare costs savings components of certain of our customer contracts during the fourth quarter of each fiscal year. Our growth rate and the impact of acquisitions over the last several years may have made seasonal fluctuations more difficult to detect. If our rate of growth slows over time, seasonal or cyclical variations in our operations may become more pronounced, and our business may be harmed.The recognition of a portion of our revenue is subject to the achievement of performance metrics and healthcare cost savings and may not be representative of revenue for future periods.We price the majority of our services based upon a PMPM fee times the number of eligible members, typically with a portion of the PMPM fee fixed (base PMPM fee) and the remainder of the fee variable (variable PMPM fee). Revenue from variable PMPM fees can be earned through either, or a combination of, the achievement of certain performance metrics or the realization of healthcare savings resulting from the utilization of our services. Although we have typically achieved these performance metrics and realization in savings of healthcare spend, resulting in our earning over 90% of the aggregate maximum potential revenue under our customer contracts (measured on the corresponding calendar year basis in fiscal years 2024, 2023, and 2022), our revenue and financial results in the future may be variable based on whether we earn this performance-based revenue. In addition, since our customers typically pay the full PMPM fee in advance on a periodic basis, any required refund as a result of our failure to earn the performance-based revenue could have a negative impact on cash flows. Under U.S. generally accepted accounting principles (GAAP), we recognize revenue when control of the promised services is transferred to our customers in an amount that reflects the consideration to which we expect to be entitled in exchange for those services. The majority of the fees we earn are considered to be variable consideration under GAAP. We typically invoice our customers on a periodic basis for the base PMPM fees and variable PMPM fees in advance of performing the services, and these advances are classified as deferred revenue on our consolidated balance sheet until such time that the associated revenue can be recognized. Due to the need for us to satisfy performance metrics and healthcare savings requirements, deferred revenue at any particular date may not be representative of actual revenue for any current or future period.If we fail to effectively manage our growth and organizational change, our mission-driven culture could be impacted, and our business could be harmed.We have experienced, and may continue to experience, growth and organizational change, which has placed, and may continue to place, significant demands on our management, operational, and financial resources, including the need to hire new employees to support our growth. We believe that our mission-driven culture has been an important contributor to our success, which we believe fosters empathy, innovation, teamwork, and passion for providing high levels of customer satisfaction and member engagement. If we fail to successfully integrate, develop, and motivate new employees, it could harm our mission-driven culture. Any failure to preserve our culture could also negatively affect our ability to retain and recruit personnel, maintain our performance, or execute on our business strategy.In addition, from time to time, we implement organizational changes to pursue greater efficiency and realign our business and strategic priorities. For example, during the year ended February 28, 2023, we initiated several measures to accelerate the integration of recent acquisitions through strategic reductions in our workforce, including increasing hiring in lower cost regions to support our growth, scale, and profitability objectives. Additional risks associated with the continuing impact of the organizational changes include employee attrition beyond our intended reduction and adverse effects on employee morale, diversion of management attention, adverse effects to our reputation as an employer (which could make it more difficult for us to hire new employees in the future), and potential failure or delays to meet operational and growth targets due to the loss of qualified employees. If we do not realize the expected benefits of our organizational changes on a timely basis or at all, our business, results of operations, and financial condition could be adversely affected.To manage our current and anticipated future growth and organizational change effectively, we must also continue to maintain, and may need to enhance, our information technology infrastructure and financial and accounting systems and controls, as well as manage expanded operations in geographically distributed locations, which will place additional demands on our resources and operations. Failure to manage our growth and organizational change effectively could lead us to over-invest or under-invest in technology and operations; result in weaknesses in our infrastructure, systems, or controls; give rise to operational mistakes, losses, or loss of productivity or business opportunities; reduce customer or member satisfaction; limit our ability to respond to competitive pressures; and result in loss of team members and reduced productivity of remaining team members. Our growth and organization change could require significant capital expenditures and may divert financial resources and management attention from other projects, such as the development of new or enhanced solutions or the acquisition of suitable businesses or technologies. If our management is unable to effectively manage our growth and organizational change, our expenses may increase more than expected, our revenue could decline or may grow more slowly than expected, and we may be unable to implement our business strategy. We have from time to time in the past experienced, and may in the future experience, difficulty in hiring and retaining employees with appropriate qualifications. In addition, we may experience employee turnover as a result of our organizational changes. Qualified individuals in the regions where we have offices are in high demand, and we may incur significant costs to attract them. In addition, with a current shortage of certain qualified nurses in many areas of the United States, competition for the hiring of these professionals remains intense. Similarly, with the expansion of adoption of telehealth generally, and specifically virtual primary care, competition remains intense for qualified primary care physicians. We compete for qualified individuals with numerous other companies, many of whom have greater financial and other resources than we do. In addition, in the future, we may experiment with different staffing and scheduling models to help attract and retain qualified personnel, including hiring more individuals who work remotely, incorporating more flexible work schedules, or deploying a temporary workforce. If we fail to effectively manage our hiring needs or successfully integrate new hires, our employee morale and retention could suffer. Any of these events could also adversely affect our customer and member satisfaction and harm our business.Attracting, integrating, and retaining personnel will require us to invest in and commit significant financial, operational, and management resources to grow and change in these areas without undermining the mission-driven culture that has been critical to our growth so far. This new hire training process lasts approximately one month, including classroom sessions and supervised live call training. If we do not achieve the benefits anticipated from these investments, or if the realization of these benefits is delayed, our results of operations may be adversely affected and our reputation could suffer.We may also incur significant costs to attract and retain qualified personnel, including significant expenditures related to salaries and benefits and compensation expenses related to equity awards, and we may lose new employees to our competitors or other companies before we realize the benefit of our investment in recruiting and training them. Additionally, we have granted certain, but not all of, our employees equity-based awards under our equity incentive plans and expect to continue this practice. However, if we do not grant equity awards, or if we reduce the value of the equity awards we grant, we may not be able to attract and retain key personnel. Volatility in the price of our common stock underlying equity awards may adversely affect our ability to attract or retain key personnel. If we grant more equity awards to attract and retain key personnel, the expenses associated with such additional equity awards could affect our results of operations.Further, as of February 29, 2024, approximately 50% of our U.S.S. federal and state minimum wage requirements. These employees are classified as non-exempt and overtime eligible under U.S. federal and state law. If we fail to effectively manage these hourly employees, then we may face claims alleging violations of wage and hour employment laws, including claims of back wages, unpaid overtime pay, and missed meal and rest periods. Any such employee litigation could be attempted on a class or representative basis. Such litigation can be expensive and time-consuming regardless of whether the claims against us are valid or whether we are ultimately determined to be liable and could divert management's attention from our business. We also could be adversely affected by negative publicity, litigation costs resulting from the defense of these claims, and the diversion of time and resources from our operations.Our goodwill has been subject to impairment and may be subject to further impairment in the future.Annually, and upon the identification of a triggering event, management is required to perform an evaluation of the recoverability of goodwill. Triggering events potentially warranting an interim goodwill impairment test include, among other factors, declines in historical or projected revenue, operating income, or cash flows, and sustained declines in our stock price or market capitalization, considered both in absolute terms and relative to peers. As a result of sustained decreases in our stock price and market capitalization, we conducted an impairment test of our goodwill and intangible assets as of May 31, 2022. As a result of this testing, we recorded a non-cash goodwill impairment charge of $299.7 million during the first quarter of fiscal 2023. No impairments were recorded to goodwill or intangible assets during the year ended February 29, 2024. We cannot predict if or when additional future goodwill impairments may occur. Additional goodwill impairments could have material adverse effects on our operating income, net assets, or our cost of, or access to, capital, which could harm our business. See Note 4 to our consolidated financial statements for more details.The market for our offerings is underpenetrated, competitive, and characterized by rapidly evolving technology standards, customer and member needs, and the frequent introduction of new products and services. Our competitors range from smaller niche companies to large, well-financed health plans. As costs fall and technology improves, increased market saturation may change the competitive landscape in favor of competitors with greater scale than we currently possess. We compete on the basis of several factors, including level of member engagement, ability to influence members to improve health and financial incomes, customer and member satisfaction, and price. Some of our competitors have greater name recognition, longer operating histories, and significantly greater resources than we do. As a result, our competitors may be able to respond more quickly and effectively than we can to new or changing opportunities, technologies, standards, or customer requirements.In addition to new niche vendors who offer stand-alone products and services, we also face competition from health plans, which may have existing systems in place with customers in our target market. These competitors may now or in the future, offer or promise products or services similar to ours and offer ease of integration with existing systems which may leverage existing customer and vendor relationships.In addition, current and potential competitors have established, and may in the future establish, cooperative relationships with vendors of complementary products, our Trusted Partner Ecosystem, or other third parties, technologies, or services to increase the availability of their products to the marketplace. For example, our current competitors may persuade our Trusted Partner Ecosystem suppliers to terminate their relationship with us and engage exclusively with our competitors. Accordingly, new competitors or alliances may emerge that have greater market share, larger customer bases, more widely adopted proprietary technologies, greater marketing expertise, greater financial resources, and larger sales forces than we have, which could put us at a competitive disadvantage. Further, in light of these advantages, even if our offerings are more effective than the product or service offerings of our competitors, current or potential customers might accept competitive products and services in lieu of purchasing our solutions.Our partners, including our suppliers in our Trusted Partner Ecosystem, could become our competitors by offering similar services. Some of our partners may begin to offer services in the same or similar manner as we do. For example, a supplier included in our Trusted Partner Ecosystem may expand their business model from a point solution into an engagement model similar to ours. Although there are many potential opportunities for, and applications of, these services, our partners may seek opportunities or target new customers in areas that may overlap with those that we have chosen to pursue. In such cases, we may potentially compete against our partners. Competition from our partners may adversely affect our business and results from operations. In addition, some of the terms of our partner relationships may include exclusivity or other restrictive clauses.We also compete on the basis of price. We may be subject to pricing pressures as a result of, among other things, competition within the industry, practices of managed care organizations, government action, and financial stress experienced by our customers. Many customers stage regular request for proposal processes as a matter of procurement policy, which enables competitors to bid aggressively to try to capture such customers’ business, and such competitors may submit bids incorporating pricing or other terms that we are unable or unwilling to match. If our pricing experiences significant downward pressure, our business will be less profitable, and our results of operations will be adversely affected. We cannot be certain that we will be able to retain our current customers or expand our customer base in this competitive environment. If we do not retain current customers or expand our customer base, or if we have to renegotiate existing contracts, our business will be harmed.Moreover, we expect that competition will continue to increase as a result of consolidation in both the healthcare information technology and healthcare industries. If one or more of our competitors or potential competitors were to merge or partner with another of our competitors or one of the suppliers in our Trusted Partner Ecosystem, the change in the competitive landscape could also adversely affect our ability to compete effectively and could harm our business. In addition, as the healthcare industry consolidates, competition to provide services to this segment will become more intense. These healthcare industry participants may try to use their market power to negotiate price reductions for our existing and future offerings. If we reduce our prices because of consolidation in the healthcare industry, our revenue would decrease, which could harm our business.We enter into agreements with our customers under which our fees are generally dependent upon the number of their employees enrolled in in-scope health plans and those employees' enrolled dependents each month. If the number of members covered by one or more of our customers' health and other benefits programs were to decline, such decrease would lead to a decrease in our revenue. Any reductions in headcount for our customers may result in a decrease in our revenue. Some of our fees are also subject to credits if certain performance criteria are not met, which in some cases depend on the behavior of our members, such as their continued engagement with our existing and future offerings, and other factors outside of our control. The recognition of a portion of our revenue is subject to achievement of performance metrics and healthcare cost savings and may not be representative of revenue for future periods.We may be unable to successfully execute on our growth initiatives, business strategies, or operating plans.We are continually executing on growth initiatives, strategies, and operating plans designed to enhance our business and extend our existing and future offerings to address evolving needs. For example, we developed add-on offerings that target specific challenges faced by our customers, including the Trusted Partner Ecosystem. The anticipated benefits from these efforts are based on several assumptions that may prove to be inaccurate. Moreover, we may not be able to successfully complete these growth initiatives, strategies, and operating plans and realize all of the benefits, including growth targets and cost savings, that we expect to achieve, or it may be more costly to do so than we anticipate. A variety of risks could cause us not to realize some or all of the expected benefits. These risks include, among others, delays in the anticipated timing of activities related to such growth initiatives, strategies, and operating plans, increased difficulty and cost in implementing these efforts, including difficulties in complying with new regulatory requirements, the incurrence of other unexpected costs associated with operating our business, and lack of acceptance by our customers. Moreover, our continued implementation of these programs may disrupt our operations and performance. As a result, we cannot guarantee that we will realize these benefits. If, for any reason, the benefits we realize are less than our estimates or the implementation of these growth initiatives, strategies, and operating plans adversely affect our operations or cost more or take longer to effectuate than we expect, or if our assumptions prove inaccurate, our business may be harmed.We have and may again in the future seek to acquire or invest in businesses, applications, services, or technologies that we believe could complement or expand our existing and future offerings, enhance our technical capabilities, or otherwise offer growth opportunities. The pursuit of potential acquisitions may divert the attention of management and cause us to incur various expenses in identifying, investigating, and pursuing suitable acquisitions, whether or not they are consummated. In addition, we have limited experience in acquiring other businesses and may have difficulty integrating acquired businesses. If we acquire additional businesses, we may not be able to integrate the acquired operations and technologies successfully, or effectively manage the combined business following the acquisition. Integration may prove to be difficult due to the necessity of integrating personnel with disparate business backgrounds and who are accustomed to different corporate cultures.We may issue equity securities or incur indebtedness to pay for any such acquisition or investment, which could adversely affect our business, results of operations, or financial condition. Any such issuances of additional capital stock may cause stockholders to experience significant dilution of their ownership interests and the per-share value of our common stock to decline. In addition, a significant portion of the purchase price of any companies we acquire may be allocated to acquired goodwill and other intangible assets, which must be assessed for impairment annually and upon the identification of a triggering event, such as sustained declines in our stock price or market capitalization. In the future, if our acquisitions do not yield expected returns, we may be required to incur charges to our results of operations based on this impairment assessment process, which could adversely affect our results of operations.Our success depends on our ability to keep pace with technological developments, satisfy increasingly sophisticated customer and member requirements, and achieve and maintain market acceptance on our existing and future offerings in the rapidly evolving market for healthcare and benefits in the United States. In addition, market acceptance and adoption of our existing and future offerings depend on the acceptance by employers, payors, health plans, and government entities as to the distinct features, cost savings, and other perceived benefits of our existing and future offerings as compared to competitive solutions. Our competitors are constantly developing products and services that may become more efficient or appealing to our customers or members. As a result, we must continue to invest significant resources in research and development in order to enhance our existing offerings and introduce new offerings that customers and members will want, while offering our existing and future offerings at competitive prices. If we are unable to predict customer and member preferences or industry changes, or if we are unable to modify our existing and future offerings on a timely or cost-effective basis, we may lose customers. If we are not successful in demonstrating to existing and potential customers the benefits of our existing and future offerings, or if we are not able to achieve the support of employers, healthcare providers, and insurance carriers for our existing and future offerings, our revenue may decline or we may fail to increase our revenue in line with our forecasts. Our results of operations also would suffer if our innovations are not responsive to the needs of our customers and members, are not timed to match the corresponding market opportunity, or are not effectively brought to market, including as the result of delayed releases or releases that are ineffective or have errors or defects.The growth of our business and future success relies in part on our partnerships and other relationships with third parties and our business could be harmed if we fail to maintain or expand these relationships.We selectively form partnerships and engage with numerous third parties, including brokers, agents, benefits consultants, carriers, third-party administrators, suppliers in our Trusted Partner Ecosystem, and co-marketing and co-selling partners to grow our customer base and adoption of our offerings. We may fail to retain and expand these partnerships and other third-party relationships for various reasons, and any such failure could harm our relationship with our customers, our reputation and brand, our prospects, and our business.In order to grow our business, we anticipate that we will continue to depend on our relationships with our partners. As we seek to form additional partnerships and other third-party relationships, it is uncertain whether these efforts will be successful, or that these relationships will result in increased customer or member use of our solutions or increased revenue. In the event that we are unable to effectively utilize, maintain, and expand these partnerships and other third-party relationships, our revenue growth could slow. Additionally, our partnerships and other third-party relationships may demand, or demand greater, referral fees or commissions.Our success depends, in part, on the skills, working relationships and continued services of Rajeev Singh (Chief Executive Officer), other senior management team members and other key personnel. We do not currently maintain key-person insurance on the lives of any of our key personnel. The replacement of one or more of our executive officers or other key employees would likely involve significant time and costs and may significantly delay or prevent the achievement of our business objectives.While we have entered into offer letters or employment agreements with certain of our executive officers, all of our employees are “at-will” employees, and their employment can be terminated by us or them at any time, for any reason and without notice, subject, in certain cases, to severance payment rights. In order to retain valuable employees, in addition to salary and cash incentives, we may provide equity awards that vest over time or based on performance. The value to employees of equity awards that vest over time or based on performance will be significantly affected by movements in our stock price that are beyond our control and may at any time be insufficient to counteract offers from other organizations. The departure of key personnel could adversely affect the conduct of our business. In such event, we would be required to hire other personnel to manage and operate our business, and there can be no assurance that we would be able to employ a suitable replacement for the departing individual, or that a replacement could be hired on terms that are favorable to us. In addition, volatility or lack of performance in our stock price may affect our ability to attract and retain replacements should key personnel depart. If we are not able to retain our key personnel, our business could be harmed.If we are not able to maintain and enhance our reputation and brand recognition, our business and results of operations will be harmed.We believe that maintaining and enhancing our reputation and brand recognition is critical to our relationships with our existing customers and partners, including suppliers in our Trusted Partner Ecosystem, and to our ability to attract new customers and partners. The promotion of our brand may require us to make substantial investments and we anticipate that, as our market becomes increasingly competitive, these marketing initiatives may become increasingly difficult and expensive. Brand promotion and marketing activities may not be successful or yield increased revenue, and to the extent that these activities yield increased revenue, the increased revenue may not offset the expenses we incur and our results of operations could be harmed. In addition, any factor that diminishes our reputation or that of our management, including failing to meet the expectations of customers, members, and partners, and failure to maintain high-quality support, could harm our reputation and brand and make it substantially more difficult for us to attract new customers and Trusted Partner Ecosystem suppliers or form new partnerships. Additionally, the performance of third parties with whom we have a relationship, including suppliers in our Trusted Partner Ecosystem, may also affect our brand and reputation, particularly if our customers and members do not have a positive experience with suppliers in our Trusted Partner Ecosystem or other third parties. In addition, our sales process is highly dependent on the reputation of our offerings and business and on positive recommendations from our existing customers. If we do not successfully maintain and enhance our reputation and brand recognition, our business may not grow and we could lose our relationships with existing and prospective customers, which would harm our business.Any failure to offer high-quality customer and member support services could adversely affect our relationships with our customers and partners and our operating results.Our customers and members depend on our support to assist members with their healthcare and other benefits needs. We may be unable to accurately predict our members' demand for services or respond quickly enough to accommodate short-term increases in customer or member demand for services. Increased customer or member demand for services, without a corresponding increase in productivity or revenue, could increase costs and adversely affect our operating results. Any failure to maintain high-quality support, or a market perception that we do not maintain high-quality support, could adversely affect our reputation, our ability to sell our solutions to existing and prospective customers, our relationships with third parties and our ability to form new partnerships, and our business and operating results. If our existing customers do not continue to renew their contracts with us, renew at lower fee levels, decline to purchase additional offerings from us, or terminate their contracts for convenience, our business could be harmed.We expect to derive a significant portion of our revenue from the renewal of existing customers' contracts and sales of additional solutions to existing customers.We typically enter into contracts with our customers with a stated initial term of three years and various termination rights, which if invoked may cause such contracts to be terminated before the term expires. For example, after a specified period, certain of these contracts are terminable for convenience by our customers after a notice period has passed, including existing contracts with some of our largest customers. If any of our contracts with our customers is terminated, we may not be able to recover all fees due under the terminated contract, which may adversely affect our operating results. Should any of our customers terminate their relationship with us after implementation of our solutions has begun, we not only would lose our time, effort, and resources invested in that implementation, but also we would have lost the opportunity to leverage those resources to build a relationship with other customers over that same period of time. Our customers may negotiate terms less advantageous to us upon renewal, which may reduce our revenue from these customers and may decrease our annual revenue. Mergers and acquisitions involving our customers have in the past and may in the future lead to non-renewal or termination of our contracts with those customers or by the acquiring or combining companies. If our customers fail to renew their contracts, renew their contracts upon less favorable terms or at lower fee levels, or fail to purchase new solutions from us, our revenue may decline or our future revenue growth may be constrained. The healthcare industry is rapidly evolving and the market for technology-enabled solutions that empower healthcare consumers is relatively immature and unproven. If we are not successful in promoting the benefits of our existing and future offerings, our growth may be limited.The market for our solutions is subject to rapid and significant changes. The market for technology-enabled solutions that empower healthcare consumers is characterized by rapid technological change, new product and service introductions, increasing consumer financial responsibility, consumerism and engagement, and the entrance of non-traditional competitors. In addition, there may be a limited-time opportunity to achieve and maintain a significant share of this market due in part to the rapidly evolving nature of the healthcare and technology industries and the substantial resources available to our existing and potential competitors. The market for technology-enabled solutions that empower healthcare consumers is relatively new and unproven, and it is uncertain whether this market will achieve and sustain high levels of demand and market adoption. In order to remain competitive, we are continually involved in a number of projects to compete with new market entrants by developing new offerings, growing our customer base, and expanding into adjacent markets. If we cannot adapt to rapidly evolving industry standards, technology, and increasingly sophisticated customers and their employees, our existing technology could become undesirable, obsolete, or harm our reputation.We must continue to invest significant resources in our personnel and technology in a timely and cost-effective manner in order to enhance our existing offerings and introduce new offerings that existing customers and potential new customers will want. If our new or modified offerings are not responsive to the preferences of customers and their employees, emerging industry standards, or regulatory changes, are not appropriately timed with market opportunity, or are not effectively brought to market, we may lose existing customers or be unable to obtain new customers, and our results of operations may suffer.Our success also depends, to a substantial extent, on the ability of our existing and future offerings to increase member engagement and our ability to demonstrate the value of our existing and future offerings to customers. In addition, we have limited insight into trends that might develop and affect our business, which could lead to errors in our predicting and reacting to relevant business, legal, and regulatory trends and healthcare reform. If any of these events occur, it could harm our business.Our marketing efforts for the direct-to-consumer virtual primary care portion of our business may not be successful or may become more expensive, either of which could increase our costs and adversely affect our business, financial condition, results of operations and cash flows.Direct-to-consumer virtual primary care and mental health support represents a material portion of our overall business. We spend significant resources marketing this service. We rely on relationships for our direct-to-consumer virtual business with a wide variety of third parties, including Internet search providers such as Google, social networking platforms such as Facebook, Internet advertising networks, co-registration partners, retailers, distributors, television advertising agencies and direct marketers, to source new members and to promote or distribute our services and products. In addition, in connection with the launch of new services or products for our direct-to-consumer virtual primary care and mental health support business, we may spend a significant amount of resources on marketing. If our marketing activities are inefficient or unsuccessful, if important third-party relationships or marketing strategies, such as Internet search engine marketing and search engine optimization, become more expensive or unavailable, or are suspended, modified or terminated, for any reason, including, without limitation, resulting from a change in consumer sentiment, or laws, rules or regulations regarding the use of web advertising technologies such as cookies or other tracking technologies, if there is an increase in the proportion of consumers visiting our websites or purchasing our services by way of marketing channels with higher marketing costs as compared to channels that have lower or no associated marketing costs or if our marketing efforts do not result in our services being prominently ranked in Internet search listings, our business, financial condition, results of operations and cash flows could be materially and adversely impacted.We have been and may in the future become subject to litigation, which could harm our business.Our business entails the risk of liability claims against us, and we have been and may in the future become subject to litigation. Claims against us may be asserted by or on behalf of a variety of parties, including our customers, our members, vendors of our customers, government agencies, our current or former employees, or our stockholders. We carry professional liability insurance in amounts that we believe are appropriate in light of the risks attendant to our business, but successful claims could result in substantial damage awards that exceed the limits of our insurance coverage. If our medical care services are found to cause harm to an individual or otherwise constitute malpractice, we may be subject to claims exceeding our coverage limits and cause reputational harm. If we make errors in the billing and the coding for such services, we may be subject to claims exceeding our coverage limits and cause reputational harm. In addition, professional liability insurance is expensive and insurance premiums may increase significantly in the future, particularly as we expand our solutions. As a result, adequate professional liability insurance may not be available to us or to our partners in the future at acceptable costs or at all. We cannot be certain of the ultimate outcomes of any claims that may arise in the future. Resolution of some of these types of matters against us may result in our having to pay significant fines, judgments, or settlements, which, if uninsured, or if the fines, judgments, and settlements exceed insured levels, could adversely impact our earnings and cash flows, thereby harming our business and per share trading price of our common stock. For example, fines or assessments could be levied against us under domestic or foreign data privacy laws (such as HIPAA, the GDPR, or the CCPA) or under authority of privacy enforcing governmental entities (such as the FTC, or the U.S. Department of Health and Human Services (HHS)) or as a result of private actions, such as class actions based on data breaches or based on private rights of action (such as that contained in the CCPA). Certain litigation or the resolution of certain litigation may affect the availability or cost of some of our insurance coverage, which could adversely impact our results of operations and cash flows, expose us to increased risks that would be uninsured and adversely impact our ability to attract directors and officers. In addition, such litigation could result in increased scrutiny by government authorities having authority over our business, such as the FTC, the HHS, Office for Civil Rights (OCR), and state attorneys general.In the ordinary course of our business, we may collect, store, use, and disclose (collectively, process) proprietary, confidential, and sensitive information, including personal data (such as health-related data), intellectual property, and trade secrets. We manage and maintain our technology platform and data utilizing a combination of on-site systems, mobile applications, managed data center systems, and cloud-based computing center systems. We are highly dependent on information technology networks, mobile applications, and systems, including the Internet, to securely process, transmit, and store this critical information. We utilize third-party service providers, including business associates as defined under HIPAA, for important aspects of the collection, storage, and transmission of customer and member information, and other confidential and sensitive information, and therefore rely on third parties to manage functions that have material cybersecurity risks. Our technology platform also utilizes artificial intelligence (AI) and machine learning (ML) technology to provide services, and this technology may be susceptible to cybersecurity threats, as PHI, PII, and other confidential and sensitive information may be integrated into the platform. Because of the sensitivity of the PHI, other PII, and other confidential information we and our service providers process, the security of our technology platform and other aspects of our solutions, including those provided or facilitated by our third-party service providers, are important to our operations and business strategy. While we use various information security techniques and tools designed to secure our platforms, and require our third party service providers to adhere to substantially similar standards, our ability to monitor these third parties’ cybersecurity practices is limited, and these third parties may not have adequate information security measures in place. Cyberattacks, malicious Internet-based activity, online and offline fraud, and similar activities threaten the confidentiality, integrity, and availability of our sensitive information and information technology systems, and those of the third parties upon which we rely. These threats are prevalent, continue to increase, and are increasingly difficult to detect. These threats come from a variety of sources, including traditional computer “hackers,” threat actors, “hacktivists,” organized criminal threat actors, personnel (such as through theft or misuse), sophisticated nation states, and nation-state-supported actors. Some actors now engage and are expected to continue to engage in cyberattacks, including without limitation nation-state actors for geopolitical reasons and in conjunction with military conflicts and defense activities.Ransomware attacks, including by organized criminal threat actors, nation-states, and nation-state-supported actors, are becoming increasingly prevalent and severe and can lead to significant interruptions in our operations, loss of data and income, reputational harm, and diversion of funds. Extortion payments may alleviate the negative impact of a ransomware attack, but we may be unwilling or unable to make such payments due to, for example, applicable laws or regulations prohibiting such payments. Similarly, supply-chain attacks have increased in frequency and severity, and we cannot guarantee that third parties and infrastructure in our supply chain or our third-party partners’ supply chains have not been compromised or that they do not contain exploitable defects or bugs that could result in a breach of or disruption to our information technology systems (including our services) or the third-party information technology systems that support us and our services. Our hybrid workforce poses increased risks to our information technology systems and data, as many of our employees work from home on at least a partial schedule and utilize network connections, computers, and devices outside our premises or network, while at home, in transit, or in public locations. Future or past business transactions (such as acquisitions or integrations) could expose us to additional cybersecurity risks and vulnerabilities, as our systems could be negatively affected by vulnerabilities present in acquired or integrated entities’ systems and technologies. Furthermore, we may discover security issues that were not found during due diligence of such acquired or integrated entities, and it may be difficult to integrate companies into our information technology environment and security program.Any of the previously identified or similar threats could cause a security incident or other interruption. A security incident or other interruption could result in unauthorized, unlawful, or accidental acquisition, modification, destruction, loss, alteration, encryption, disclosure of, or access to data. A security incident or other interruption could disrupt our ability (and that of third parties upon whom we rely) to provide our services.We may expend significant resources or modify our business activities in an effort to protect against security incidents. We take certain administrative, physical, and technological safeguards to address these risks, such as by requiring outsourcing subcontractors and partners, including suppliers in our Trusted Partner Ecosystem, who handle customer and member information for us to enter into agreements that contractually obligate those subcontractors and partners to comply with applicable privacy laws, such as HIPAA, and otherwise use reasonable efforts to safeguard PHI, other PII, and other sensitive information. For those subcontractors and partners who handle PHI on our behalf, we enter into business associate agreements as required by HIPAA. Measures taken to protect our systems, those of our subcontractors and partners, or the PHI, other PII, or other sensitive information we, our subcontractors, or our partners process or maintain, may not adequately protect us from the risks associated with the collection, storage, and transmission of such information.There can be no assurance that the security measures we have implemented to protect against security incidents and help protect confidential and other sensitive information (including PHI and PII) will be effective. We may be unable to detect vulnerabilities in our information technology systems or remediate them in a timely manner or without adversely impacting or interrupting our operations. Such vulnerabilities could be exploited because such threats and techniques change frequently, are often sophisticated in nature, and may not be detected until after a security incident has occurred. These vulnerabilities may pose material risks to our business. Further, we may experience delays in developing and deploying remedial measures designed to address any such identified vulnerabilities. In addition, security incidents and other inappropriate access to, or acquisition or processing of, information can be difficult to detect or may occur outside of our network (such as in our supply chain or at our customers or suppliers in our Trusted Partner Ecosystem), and any delay in identifying or responding to such incidents or in providing any notification of such incidents may lead to increased harm. Any such breach or interruption of our systems, or the systems of any of our third-party information technology partners, could compromise our networks or data security processes and sensitive information could be inaccessible or could be accessed by unauthorized parties, publicly disclosed, lost, or stolen. Despite our efforts to identify and address vulnerabilities in our information technology systems (including our products), our efforts may not be successful. Applicable data privacy and security obligations may require us to notify relevant stakeholders of security incidents. Such disclosures are costly, and the disclosures or the failure to comply with such requirements could lead to adverse consequences. If we (or a third party upon whom we rely) experience a security incident or are perceived to have experienced a security incident, we may experience adverse consequences. These consequences may include: government enforcement actions (for example, investigations, fines, penalties, audits, and inspections); additional reporting requirements and/or oversight; restrictions on processing data (including personal data); litigation (including class claims); indemnification obligations; negative publicity; harm to our reputation; monetary fund diversions; interruptions in our operations (including availability of data); financial loss; and other similar harms. Security incidents and attendant consequences may cause customers to stop using our services, deter new customers from using our services, and negatively impact our ability to grow and operate our business.Our contracts may not contain limitations of liability, and even where they do, there can be no assurance that limitations of liability in our contracts are sufficient to protect us from liabilities, damages, or claims related to our data privacy and security obligations. We maintain insurance covering certain security and privacy damages and claim expenses, but may not carry insurance or maintain coverage sufficient to compensate for all liability and, in any event, insurance coverage would not address the reputational damage that could result from a security incident. We cannot be sure that such coverage will continue to be available on commercially reasonable terms or at all, or that such coverage will pay future claims. Additionally, our contracts may not contain limitations of liability, and even where they do, there can be no assurance that limitations of liability in our contracts are sufficient to protect us from liabilities, damages, or claims related to our data privacy and security obligations. Our services, including personalized recommendations and interventions, center around engagement with our members to provide members with better understanding of their benefits, assist with access to care, and provide options for choosing quality providers and care. If we fail to provide accurate and timely information regarding these benefits or if the data generated by our technology platform (including the artificial intelligence and machine learning components) are inaccurate, fail, or are subject to security incidents, this could lead to claims against us that could result in substantial costs to us or cause demand for our solutions to decline. For example, our nurses have access to extensive intelligence on provider quality and cost, which allows them to present various options to members when they are selecting a primary care physician or specialist. If the member relies on this provider recommendation, and that provider subsequently makes faulty clinical decisions or treatment recommendations, we could be subject to claims by such member.The assertion of such claims and ensuing litigation, regardless of its outcome, could result in substantial cost to us, divert management's attention from operations, damage our reputation, and decrease market acceptance of our existing and future offerings. We maintain general liability and professional liability insurance coverage, but this coverage may not continue to be available on acceptable terms, may not be available in sufficient amounts to cover one or more large claims against us, or may not provide coverage if our Accolade Care Advocates or clinicians were to engage in the unlicensed practice of medicine. In addition, the insurer might disclaim coverage as to any future claim. One or more large claims could exceed our available insurance coverage. Adequate professional liability insurance may not be available to our clinicians or to us in the future at acceptable costs or at all. Any claims made against us that are not fully covered by insurance could be costly to defend against, result in substantial damage awards against us, and divert the attention of our management and our providers from our operations, which may harm our business. In addition, any claims may adversely affect our business or reputation. While we believe that these specialists do not create a physician-patient relationship with the member and are not practicing medicine in these engagements, if the information provided is not accurate or timely, we could incur liability, which could adversely affect our operations.We also act as a managed service provider to several medical practices that provide virtual primary care and mental health support to individuals. The physicians employed by or contracted with PlushCare of California or other PlushCare associated medical practices could misdiagnose or treat a patient, and/or the services and technology provided by PlushCare to the medical practices could malfunction, which could cause us to incur liability, which could adversely affect our operations.Increased regulatory scrutiny and issues relating to the responsible use of our technologies, including AI in our offerings, may result in reputational or financial harm and liability.Concerns relating to the responsible use of new and evolving technologies, such as AI, in our products and services may result in reputational or financial harm and liability and may cause us to incur costs to resolve such issues. Various federal and state level legislation may impact the use of evolving technologies such as AI. We are increasingly building AI capabilities into our products and services. Such legislation and/or industry or customer resistance to the use of AI due to emerging legal, social, and ethical issues presents risks and challenges that could affect its adoption, and therefore our business and ability to scale. If we implement and use AI in a manner that violates such legislation, including various privacy and discrimination laws, customer policies, or causes direct harm to our members, we may experience brand or reputational harm, competitive harm or legal liability. Complying with multiple regulations from different jurisdictions related to AI, including any U.S. Changes in AI-related regulation could disproportionately impact and disadvantage us as we expand our deployment of AI, and require us to change our business practices, which may negatively impact our financial results. Our failure to address concerns and regulation relating to the responsible use of AI by us or our third party service providers could undermine public confidence in AI and slow adoption of AI in our products and services or cause reputational or financial harm.Our ability to deliver our solutions is dependent on the development and maintenance of the infrastructure of the Internet and other telecommunications services by third parties. We currently host our technology platform, serve our customers and members, and support our operations primarily using third-party data centers and telecommunications solutions, including cloud infrastructure services such as Amazon Web Services (AWS) and Google Cloud. We also use a third-party call center for off-hours clinical support. We do not have control over the operations of the facilities of our data and call center providers, AWS, or Google Cloud. These facilities are vulnerable to damage or interruption from earthquakes, hurricanes, floods, fires, cyber security attacks, terrorist attacks, power losses, telecommunications failures, and similar events. The occurrence of a natural disaster or an act of terrorism, a decision to close the facilities without adequate notice, or other unanticipated problems could result in lengthy interruptions in our solution. The facilities also could be subject to break-ins, computer viruses, sabotage, intentional acts of vandalism, and other misconduct. Any errors, failures, interruptions, or delays experienced in connection with these third-party technologies and information services or our own systems could negatively impact our relationships with customers and adversely affect our business and could expose us to third-party liabilities. Our technology platform's continuing and uninterrupted performance is critical to our success. Members may become dissatisfied by any system failure that interrupts our ability to provide our solutions to them. We may not be able to easily switch our AWS and Google Cloud operations to another cloud service provider if there are disruptions or interference with our use of AWS or Google Cloud. Sustained or repeated system failures would reduce the attractiveness of our technology platform to customers and members and result in contract terminations, thereby reducing revenue. Moreover, negative publicity arising from these types of disruptions could damage our reputation and may adversely impact use of our existing and future offerings. We may not carry sufficient business interruption insurance to compensate us for losses that may occur as a result of any events that cause interruptions in our service. Neither our third-party data and call center providers nor AWS or Google Cloud have an obligation to renew their agreements with us on commercially reasonable terms, or at all. If we are unable to renew our agreements with these providers on commercially reasonable terms, if our agreements with our providers are prematurely terminated, or if in the future we add additional data or call center providers or cloud service providers, we may experience costs or downtime in connection with the transfer to, or the addition of, new providers. If these providers were to increase the cost of their services, we may have to increase the price of our existing and future offerings, and our business may be harmed.Risks Related to Governmental RegulationChanges in the health insurance market, ERISA laws, state insurance laws, or other laws could harm our business.The market for private health insurance in the United States is evolving and, as our customers are primarily employers that deploy our offerings to employees and their families, our future financial performance will depend in part on the growth in this market. Changes and developments in the health insurance system in the United States could reduce demand for our existing and future offerings and harm our business. For example, there has been an ongoing national debate relating to the healthcare reimbursement system in the United States. Some elected officials have introduced proposals that would create a new single payor national health insurance program for all United States residents; others have proposed more incremental approaches, such as creating a new public health insurance plan option as a supplement to private sources of coverage. In the event that laws, regulations or rules that eliminate or reduce private sources of health insurance or require such benefits to be taxable are adopted, the subsequent impact on the workplace benefits provided by our customers may in turn have an adverse effect on our business and results of operations.In addition, changes in laws or regulations regarding the Employee Retirement Income Security Act of 1974 (ERISA), changes in state insurance laws, or other changes in laws could materially impact the self-insured employer healthcare and benefits markets, or the markets in which our other existing or potential customers procure and provide benefits.Our existing and future offerings, as well as our business activities, including our relationships with our commercial partners and customers, are or may be in the future subject to a complex set of regulations and rigorous enforcement, including by the HHS, Office of the Inspector General and Office of Civil Rights, U.S. Food and Drug Administration (FDA), U.S. Department of Justice, and numerous other federal and state governmental authorities.g.The Affordable Care Act, among other things, amended the intent requirement of the federal Anti-Kickback Statute and criminal healthcare fraud statutes. A person or entity no longer needs to have actual knowledge of this statute or specific intent to violate it. In addition, the Affordable Care Act provides that the government may assert that a claim including items or services resulting from a violation of the federal Anti-Kickback Statute constitutes a false or fraudulent claim for purposes of the federal False Claims Act.Because of the breadth of these laws and the narrowness of available statutory and regulatory exemptions, it is possible that some of our activities could be subject to challenge under one or more of such laws. For example, there is a risk that regulatory authorities in some states may find that certain of our contractual relationships with healthcare providers are in violation of state anti-kickback, corporate practice of health care professions, or fee-splitting laws. We may be subject to private “qui tam” actions brought by individual whistleblowers on behalf of the federal or state governments, with potential liability under the federal False Claims Act including mandatory treble damages and significant per-claim penalties.Although we have adopted policies and procedures designed to comply with these laws and regulations and conduct internal reviews of our compliance with these laws, our compliance is also subject to governmental review. The growth of our business and sales organization may increase the potential of violating these laws or our internal policies and procedures. The risk of our being found in violation of these or other laws and regulations is further increased by the fact that many have not been fully interpreted by the regulatory authorities or the courts, and their provisions are open to a variety of interpretations. Any action brought against us for violation of these or other laws or regulations, even if we successfully defend against it, could cause us to incur significant legal expenses and divert our management's attention from the operation of our business. If our operations are found to be in violation of any of the federal, state and foreign laws described above or any other current or future fraud and abuse or other healthcare laws and regulations that apply to us, we may be subject to penalties, including significant criminal, civil and administrative penalties, damages and fines, disgorgement, additional reporting requirements and oversight if we become subject to a corporate integrity agreement or similar agreement to resolve allegations of noncompliance with these laws, imprisonment for individuals and exclusion from participation in government programs, such as Medicare and Medicaid, as well as contractual damages and reputational harm. We could also be required to curtail or cease our operations. Any of the foregoing consequences could seriously harm our business and our financial results.In our virtual care business, we are dependent on our relationships with affiliated professional entities, which we do not own, to provide physician services, and our business would be adversely affected if those relationships were disrupted or if our arrangements with our providers or our members are found to violate state laws prohibiting the corporate practice of medicine or fee splitting.The laws of many states, including states in which our members are located, prohibit us from exercising control over the medical judgments or decisions of physicians and from engaging in certain financial arrangements, such as splitting professional fees with physicians. These laws and their interpretations vary from state to state and are enforced by state courts and regulatory authorities, each with broad discretion, and are subject to change and to evolving interpretations by state boards of medicine and state attorneys general, among others. We enter into agreements with professional associations, PlushCare of California, Inc. (a California professional corporation) and others, which enter into contracts with our providers pursuant to which they render professional medical services. In addition, we enter into contracts with our members to deliver professional services in exchange for fees. These contracts include management services agreements with our affiliated physician organizations pursuant to which the physician organizations reserve exclusive control and responsibility for all aspects of the practice of medicine and the delivery of medical services. Although we seek to substantially comply with applicable state prohibitions on the corporate practice of medicine and fee splitting, changes in, or subsequent interpretations of, the corporate practice of medicine laws could circumscribe our business operations, and state officials who administer these laws or other third parties may successfully challenge our existing organization and contractual arrangements. If such a claim were successful, we could be subject to civil and criminal penalties and could be required to restructure or terminate the applicable contractual arrangements. A determination that these arrangements violate state statutes, or our inability to successfully restructure our relationships with our providers to comply with these statutes, could eliminate our ability to acquire members located in certain states from the market for our services, which would have a materially adverse effect on our business, financial condition and results of operations. State corporate practice of medicine doctrines also often impose penalties on physician themselves for aiding the corporate practice of medicine, which could discourage physicians from participating in our network of providers.We do not own PlushCare of California, Inc. (a California professional corporation) or other medical groups with which we contract. These medical groups are 100% physician owned and independent. The professional corporations with which we contract are owned by Dr. While we expect that these relationships will continue, we cannot guarantee that they will. In addition, the arrangement in which we have entered to comply with state corporate practice of medicine doctrines could subject us to additional scrutiny by federal and state regulatory bodies regarding federal and state fraud and abuse laws. Any scrutiny, investigation, or litigation with regard to such arrangements with the medical groups could have a material adverse effect on our business, financial condition and results of operations.30Table of ContentsWe are subject to stringent and evolving U.S. and foreign laws, regulations, rules, contractual obligations, policies and other obligations related to data privacy and security. Our actual or perceived failure to comply with such obligations could lead to regulatory investigations or actions; litigation; fines and penalties; disruptions of our business operations; reputational harm; loss of revenue or profits; loss of customers or sales; and other adverse business consequences.In the ordinary course of business, we process personal data and other sensitive information, including proprietary and confidential business information, trade secrets, intellectual property, sensitive third-party information, personal data, benefit plan eligibility information, and health information (including medical claims and other health records). Our data processing activities subject us to numerous data privacy and security obligations, such as various laws, regulations, guidance, industry standards, external and internal privacy and security policies, contracts, and other obligations that govern the processing of personal data by us and third parties who may process data on our behalf.In the United States, state, federal, and local governments have enacted numerous data privacy and security laws, including data breach notification laws, personal data privacy laws, consumer protection laws (e.g. Section 5 of the Federal Trade Commission Act, and state consumer protection laws regulating unfair or deceptive trade practices) and other applicable laws (e.g., wiretapping laws). These laws and regulations include HIPAA, which establishes a set of national privacy and security standards for the protection of PHI by health plans, healthcare clearinghouses and certain healthcare providers, referred to as covered entities, and individuals and entities that perform services for them which involve the use, or disclosure of, individually identifiable health information, known as business associates and their subcontractors. As such, we execute business associate agreements with our customers, subcontractors, and suppliers in our Trusted Partner Ecosystem. HIPAA requires covered entities and business associates, such as us, and their covered subcontractors to develop and maintain policies and procedures with respect to PHI that is used or disclosed, including the adoption of administrative, physical and technical safeguards to protect such information.Some of our business activities require that we or our partners obtain permissions consistent with HIPAA to provide certain marketing and data aggregation services as well as those activities that require the creation and use of de-identified information. We may also require large sets of de-identified information to enable us to continue to develop and enhance our data and analytics platform. If we or our partners are unable to secure these rights, or if there is a future change in law, we may face limitations on the use of PHI and our ability to provide marketing services and use de-identified information, which could harm our business or subject us to potential government actions or penalties. Also, there are ongoing public policy discussions regarding whether the standards for de-identified, anonymous or pseudonomized health information are sufficient, and the risk of re-identification sufficiently small, to adequately protect patient privacy. These discussions may lead to further restrictions on the use of such information or create additional regulatory burdens. There can be no assurance that these initiatives or future initiatives will not adversely affect our ability to access and use data or to develop or market current or future services.In addition, we could be subject to periodic audits for compliance with the HIPAA Privacy and Security Standards by HHS and our customers. HIPAA also implemented the use of standard transaction code sets and standard identifiers that covered entities must use when submitting or receiving certain electronic healthcare transactions, including activities associated with the billing and collection of healthcare claims. HIPAA imposes mandatory penalties for certain violations and a single breach incident can result in violations of multiple standards. HIPAA also authorizes state attorneys general to file suit on behalf of their residents. While HIPAA does not create a private right of action allowing individuals to sue us in civil court for violations of HIPAA, its standards have been used as the basis for duty of care in state civil suits such as those for negligence or recklessness in the misuse or breach of PHI.In addition to HIPAA, CAN-SPAM and the TCPA impose specific requirements on communications with customers. For example, the TCPA imposes various consumer consent requirements and other restrictions on certain telemarketing activity and other communications with consumers by phone, fax, or text message. TCPA violations can result in significant financial penalties, including penalties or criminal fines imposed by the Federal Communications Commission (FCC) or fines of up to $1,500 per violation imposed through private litigation or by state authorities. Furthermore, the CCPA applies to personal information of consumers, business representatives, and employees, and requires businesses to provide specific disclosures in privacy notices and honor requests from California residents to exercise certain privacy rights. The CCPA provides for civil penalties of up to $7,500 per violation and allows private litigants affected by certain data breaches to recover significant statutory damages. In addition, the CPRA, effective January 1, 2023, expands the CCPA by adding a new right for individuals to correct their personal information and establishing a new California Privacy Protection Agency to implement and enforce the CPRA. Other states have enacted data privacy laws, including Virginia, Colorado, Utah, and Connecticut, all of which become effective in 2023. Additionally, several states and localities have enacted measures related to the use of AI and ML in products and services.Outside the United States, an increasing number of laws, regulations, and industry standards apply to data privacy and security. In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) and various related provincial laws, as well as Canada’s Anti-Spam Legislation (CASL), may apply to our operations. Additionally, the EU GDPR and the UK GDPR impose strict requirements for processing the personal data of individuals. For example, under the EU GDPR, government regulators may impose temporary or definitive bans on data processing, as well as fines of up to 20 million euros or 4% of annual global revenue, whichever is greater. Further, individuals, classes of data subjects or consumer protection organizations authorized at law to represent their interests may initiate private litigation related to our processing of their personal data. Furthermore, in Europe, there is a proposed regulation related to AI and ML that, if adopted, could impose onerous obligations related to the use of AI-related systems. In addition to data privacy and security laws, we may be contractually subject to data privacy and security obligations, including industry standards adopted by industry groups and may become subject to new data privacy and security obligations in the future. Certain privacy laws, such as the GDPR and the CCPA, also require our customers to impose specific contractual restrictions on their service providers.Additionally, regulators are increasingly scrutinizing companies that process children’s data. Numerous laws, regulations, and legally-binding codes, such as the Children’s Online Privacy Protection Act (COPPA), California’s Age Appropriate Design Code (effective July 2024), the CCPA and CPRA, other U.S. state comprehensive privacy laws, the EU and UK GDPR, and the UK Age Appropriate Design Code, impose various obligations on companies that process children’s data, including by requiring certain consents to process such data and extending certain rights to children and their parents with respect to that data. Some of these obligations have wide ranging applications, including for services that do not intentionally target child users (defined in some circumstances as a user under the age of 18 years old). Additionally, under various privacy laws and other obligations, we may be required to obtain certain consents to process personal data. Our inability or failure to do so could result in adverse consequences.In the ordinary course of business, we may transfer personal data from Europe and other jurisdictions to the United States or other countries. Europe and other jurisdictions have enacted laws requiring data to be localized or limiting the transfer of personal data to other countries. In particular, the EEA and the UK have significantly restricted the transfer of personal data to the United States and other countries whose privacy laws it believes are inadequate. Other jurisdictions may adopt similarly stringent interpretations of their data localization and cross-border data transfer laws. Although there are currently various mechanisms that may be used to transfer personal data from the EEA and UK to the United States in compliance with law, such as the EEA and UK’s standard contractual clauses, these mechanisms are subject to legal challenges, and there is no assurance that we can satisfy or rely on these measures to lawfully transfer personal data to the United States. Additionally, companies that transfer personal data out of the EEA and UK to other jurisdictions, particularly to the United States, are subject to increased scrutiny from regulators, individual litigants, and activist groups. Some European regulators have ordered certain companies to suspend or permanently cease certain transfers out of Europe for allegedly violating the GDPR’s cross-border data transfer limitations. Inability to transfer personal data from the EEA, Switzerland or UK to the United States or elsewhere, may restrict our activities in those jurisdictions and limit our ability to provide our products and services in those jurisdictions. Our response to these requirements globally may not meet the expectations of individual customers, affected data subjects, or other stakeholders, which could reduce the demand for our services. Some customers or other service providers may respond to these evolving laws and regulations by asking us to make certain privacy or data-related contractual commitments that we are unable or unwilling to make. This could lead to the loss of current or prospective customers or other business relationships. Obligations related to data privacy and security are quickly changing, becoming increasingly stringent, and creating regulatory uncertainty. This complex, dynamic legal landscape regarding data privacy and security creates significant compliance issues for us and our customers and potentially exposes us to additional expense, adverse publicity and liability. Additionally, these obligations may be subject to differing applications and interpretations, which may be inconsistent or in conflict among jurisdictions. Preparing for and complying with these obligations requires us to devote significant resources (including, without limitation, financial and time-related resources). In addition, these obligations may require us to change our business model.Although we endeavor to comply with all applicable data privacy and security obligations, we may at times fail (or be perceived to have failed) to do so. Moreover, despite our efforts, our personnel or third parties upon whom we rely may fail to comply with such obligations, which could negatively impact our business operations and compliance posture. For example, any failure by a third-party processor to comply with applicable law, regulations, or contractual obligations could result in adverse effects, including inability to operate our business and proceedings against us by governmental entities or others. If we fail, or are perceived to have failed, to address or comply with data privacy and security obligations, we could face significant consequences. These consequences may include, but are not limited to, government enforcement actions (e.g., investigations, fines, penalties, audits, inspections, and similar); litigation (including class-related claims), additional reporting requirements and/or oversight, bans on processing personal data, orders to destroy or not use personal data, and imprisonment of company officials. While we are unaware of regulatory audits, investigations, or actions relating to our privacy practices, various entities in the healthcare technology industry, including the PlushCare medical practices, have received and responded to a “compliance review” from the U.S. The compliance review is focused on whether the use of such trackers collects and discloses protected health information for visitors to a healthcare-related website to third parties, such as Meta and Google.In addition to data privacy and security laws, we are contractually subject to industry standards adopted by industry groups and may become subject to such obligations in the future. For example, if we are subject to the Payment Card Industry Data Security Standard (PCI DSS) the PCI DSS requires companies to adopt certain measures to ensure the security of cardholder information, including using and maintaining firewalls, adopting proper password protections for certain devices and software, and restricting data access. Noncompliance with PCI DSS can result in penalties ranging from $5,000 to $100,000 per month by credit card companies, litigation, damage to our reputation, and revenue losses. We also rely on vendors to process payment card data, who may be subject to PCI DSS, and our business may be negatively affected if our vendors are fined or suffer other consequences as a result of PCI DSS noncompliance. We also publish statements to our customers and members that describe how we handle and protect PHI and personal data (for example, through our privacy policies connected with our website, mobile applications and other digital tools). Any of the foregoing consequences could have a material adverse effect on our reputation, business and our financial condition, including but not limited to: interruptions or stoppages in our business operations; interruptions or stoppages of data collection needed to train our algorithms; inability to process personal data or to operate in certain jurisdictions; limited ability to develop or commercialize our products; expenditure of time and resources to defend any claim or inquiry; adverse publicity; or revision or restructuring of our operations. Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations and policies that are applicable to the businesses of our customers may limit the use and adoption of, and reduce the overall demand for, our existing and future offerings. Any of the foregoing consequences could harm our business.Our employment and use of nurses, physician medical directors and our other clinicians and our engagement of physicians may subject us to licensing and other regulatory risks.Our employment and use of nurses, physician medical directors, and our other clinicians and our engagement of physicians may subject us to state and other licensing and regulatory risks. For example, there may be restrictions on the ability of our employed and contracted clinicians to provide services to our members residing in states outside of the state or states in which such clinicians are licensed or registered. The services provided by our clinicians may be subject to review by state or other regulatory bodies. In addition, any activities conducted by our clinicians that are in violation of practice rules could subject us to fines or other penalties. While we do not believe that we provide medical care or establish patient relationships with our members, our clinicians could be found to be in violation of applicable laws. Further, in March 2021, we acquired 2nd.MD, which provides a service that allows members to access board-certified national specialists across the country for second opinion consultations in a real-time video call or by phone. This provides the member with a rapid second opinion on their medical condition, enabling the member to better understand a diagnosis and treatment options, which helps them make more informed decisions on their healthcare regarding significant and high-cost care decisions. We believe that these experts do not create a physician-patient relationship with the member and are not practicing medicine, but state medical boards may disagree with our position, which could result in significant liability and may require the restructuring of such operations. Our associated medical practices employ and engage clinicians as permitted under state law, and maintain physician-patient relationships with members. The definition of what constitutes the practice of medicine, nursing or other health professions varies by state.In addition, there is a risk that we may be found in violation of the prohibition of the corporate practice of a health profession under certain state laws, which may result in the imposition of civil or criminal penalties. Certain states prevent corporations from being licensed as practitioners and prohibit physicians from practicing medicine in partnership with non-physicians, such as business corporations. Activities other than those directly related to the delivery of healthcare may be considered an element of the practice of medicine in certain states. These laws, which vary by state, may also prevent the sharing of professional services income with non-professional or business interests. Any determination that we are acting in the capacity as a healthcare provider, exercising undue influence or control over a healthcare provider or impermissibly sharing fees with a healthcare provider, may result in significant sanctions against us and our clinicians, including civil and criminal penalties and fines, additional compliance requirements, expense, and liability to us, and require us to change or terminate some portions of our contractual arrangements or business. Evolving government regulations may require increased costs or adversely affect our results of operations.In a regulatory climate that is uncertain, our operations may be subject to direct and indirect adoption, expansion, or reinterpretation of various laws and regulations. Compliance with these future laws and regulations may require us to change our practices at an undeterminable and possibly significant initial monetary and annual expense. These additional monetary expenditures may increase future overhead, which could harm our business. For example, President Trump signed several Executive Orders and other directives designed to delay the implementation of certain provisions of the Affordable Care Act or otherwise circumvent some of the requirements for health insurance mandated by the Affordable Care Act. Concurrently, prior sessions of Congress considered legislation to repeal or repeal and replace all or part of the Affordable Care Act. While Congress has not passed comprehensive repeal legislation, several bills affecting the implementation of certain taxes under the Affordable Care Act have been signed into law. The Tax Cuts and Jobs Act of 2017 (Tax Act), included a provision which repealed, effective January 1, 2019, the tax-based shared responsibility payment imposed by the Affordable Care Act on certain individuals who fail to maintain qualifying health coverage for all or part of a year that is commonly referred to as the “individual mandate.”The Bipartisan Budget Act of 2018, among other things, amended the Affordable Care Act, effective January 1, 2019, to close the coverage gap in most Medicare drug plans, commonly referred to as the “donut hole.” In addition, the 2020 federal spending package permanently eliminated, effective January 1, 2020, the “Cadillac” tax on high-cost employer-sponsored health coverage and medical device tax that were mandated by the Affordable Care Act and, effective January 1, 2021, also eliminated the health insurer tax. On June 17, 2021, the U.S. Supreme Court dismissed a challenge on procedural grounds that argued the Affordable Care Act is unconstitutional in its entirety because the “individual mandate” was repealed by Congress. Further, prior to the U.S. Supreme Court ruling, on January 28, 2021, President Biden issued an executive order that initiated a special enrollment period for purposes of obtaining health insurance coverage through the Affordable Care Act marketplace, which began on February 15, 2021 and remained open through August 15, 2021. The executive order also instructed certain governmental agencies to review and reconsider their existing policies and rules that limit access to healthcare, including among others, reexamining Medicaid demonstration projects and waiver programs that include work requirements, and policies that create unnecessary barriers to obtaining access to health insurance coverage through Medicaid or the Affordable Care Act. In addition, on August 16, 2022, President Biden signed the Inflation Reduction Act of 2022 (IRA) into law, which among other things, extends enhanced subsidies for individuals purchasing health insurance coverage in the Affordable Care Act marketplaces through plan year 2025. The IRA also eliminates the “donut hole” under the Medicare Part D program beginning in 2025 by significantly lowering the beneficiary maximum out-of-pocket cost and creating a new manufacturer discount program. It is possible that the Affordable Care Act will be subject to judicial or Congressional challenges in the future. It is unclear how any such challenges and any additional healthcare reform measures of the Biden administration will impact the Affordable Care Act. We continue to evaluate the potential impact of such healthcare reform measures on our business.There could be laws and regulations applicable to our business that we have not identified or that, if changed, may be costly to us, and we cannot predict all the ways in which implementation of such laws and regulations may affect us. In the states in which we operate, we believe we are in compliance with all applicable material regulations, but, due to the uncertain regulatory environment, certain states may determine that we are in violation of their laws and regulations. In the event that we must remedy such violations, we may be required to modify our existing and future offerings and solutions in such states in a manner that undermines our existing and future offerings' attractiveness to partners, customers or members, we may become subject to fines or other penalties or, if we determine that the requirements to operate in compliance in such states are overly burdensome, we may elect to terminate our operations in such states. In each case, our revenue may decline and our business, financial condition, and results of operations could be adversely affected. Compliance may require obtaining appropriate state medical board licenses or certificates, increasing our security measures and expending additional resources to monitor developments in applicable rules and ensure compliance. The failure to adequately comply with these future laws and regulations may delay or possibly prevent our existing and future offerings from being offered to partners, customers and members, which could significantly harm our business. Further, we expect that additional healthcare reform measures will be adopted in the future, which could impact our business. In addition, Congress is considering additional health reform measures.Several federal laws are designed to protect consumers from various types and modes of marketing. HIPAA prohibits certain types of marketing to individuals using PHI, except for certain treatment and healthcare operations, including communications made to describe a health-related product or service (or payment for such product or service) that is provided by, or included in, a plan of benefits. Our solutions may be subject to review by OCR and deemed in violation of HIPAA, which could subject us to significant fines or other penalties. In addition, the TCPA, is a federal statute that protects consumers from unwanted telephone calls and faxes. Since its inception, the TCPA's purview has extended to text messages sent to consumers. We may communicate with and perform outreach to members through multiple modes of communication, including phone, email, and secure messaging. We must ensure that our solutions that leverage telephone and secure messaging comply with TCPA regulations and agency guidance. While we strive to adhere to strict policies and procedures, the FCC, as the agency that implements and enforces the TCPA, may disagree with our interpretation of the TCPA and subject us to penalties and other consequences for noncompliance. Determination by a court or regulatory agency that our solutions violate the TCPA could subject us to civil penalties, could invalidate all or portions of some of our customer contracts, could require us to change or terminate some portions of our offerings, could require us to refund portions of our fees, and could have an adverse effect on our business. Even an unsuccessful challenge by consumers or regulatory authorities of our activities could result in adverse publicity and could require a costly response from us. Other laws focus on unsolicited email, such as the CAN-SPAM Act, which establishes requirements for the transmission of commercial email messages and specifies penalties for unsolicited commercial email messages that follow a recipient's opt-out request or deceive the receiving consumer.In addition, some of our marketing activities require that we obtain permissions consistent with HIPAA and applicable state health information privacy laws. If we are unable to secure such permissions, or if there is a future change in law, we may face limitations on the use of such information, which may harm our business. Our direct-to-consumer virtual care business leverages revenue from member subscriptions, which, if we do not comply with various state and federal laws relating to the collection of auto-renewing subscription fees, could result in significant liability or reputational harm and, in turn, a material adverse effect on our member base and revenue.Various state and federal laws require disclosures to be made to consumers prior to collecting periodic subscription fees that will automatically renew without further action by the consumer. One such example is the California Automatic Renewal Law (California ARL) pursuant to which PlushCare, Inc. and PlushCare of California were recently sued by a purported class (Robbins v. PlushCare, Inc. et al.) in the United States District Court for the Northern District of California alleging, inter alia, that PlushCare violated the California ARL by failing to provide adequate disclosures to members. In fiscal 2024, we agreed to and paid a settlement of $3.7 million, which was partially reimbursed through third-party insurance and remaining indemnification from selling shareholders of PlushCare, Inc.Direct-to-consumer virtual care represents a material portion of our overall business. If we are required to change our automatically renewing subscription fee practices, our business, financial condition, results of operations and cash flows could be materially and adversely impacted.The FDA may in the future determine that our technology solutions are subject to the Federal Food, Drug, and Cosmetic Act, and we may face additional costs and risks as a result.There is a risk that our existing and future offerings, including the operational/technical component of our business model, such as our decision support software incorporating machine learning, meet the definition of a medical device under the FDCA. Medical devices are subject to extensive regulation by the FDA under the FDCA. Under the FDCA, medical devices include any instrument, apparatus, machine, contrivance, or other similar or related articles that is intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease. FDA regulations govern among other things, product development, testing, manufacture, packaging, labeling, storage, clearance or approval, advertising and promotion, sales and distribution, and import and export. The FDA also has the authority to request repair, replace, or refund of the cost of any device.Taxing authorities may successfully assert that we should have collected or in the future should collect sales and use, value-added, or similar taxes, and we could be subject to liability with respect to past or future sales, which could adversely affect our results of operations.We do not collect sales and use, value-added, and similar taxes in all jurisdictions in which we have sales, based on our understanding that such taxes are not applicable. Sales and use, value-added, and similar tax laws and rates vary greatly by jurisdiction. Certain jurisdictions in which we do not collect such taxes may assert that such taxes are applicable, or jurisdictions in which we collect sales tax may assert that we have under-collected sales tax, either of which could result in tax assessments, penalties, and interest, and we may be required to collect such taxes in the future. Although our customer contracts typically provide that our customers must pay all applicable sales and similar taxes, our customers may be reluctant to pay back-taxes and associated interest and penalties, or we may determine that it would not be commercially feasible to seek reimbursement from such customers, in which event any such tax assessments, penalties, and interest, or future requirements may adversely affect our results of operations.Our ability to use our net operating loss carryforwards and certain other tax attributes may be limited.As of February 29, 2024, we had U.S. federal net operating loss carryforwards (NOLs) of $501.5 million. Under the Tax Act, as modified by the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), unused NOLs for the tax year ended February 28, 2018 and prior tax years will carry forward to offset future taxable income, if any, until such unused losses expire. Unused losses generated in tax years beginning after December 31, 2017, which would be our tax year ended February 28, 2018 and thereafter, pursuant to the Tax Act, will not expire and may be carried forward indefinitely but will only be deductible in the case of NOLs arising in taxable years ending after 2020 to the extent of 80% of current year taxable income in any given year. It is uncertain if and to what extent various states will conform to the Tax Act, as modified by the CARES Act. As a result, if we earn net taxable income in future years, our NOLs arising in tax years ended February 28, 2018 and earlier may expire prior to being used, and our NOLs generated in later tax years will be subject to a percentage limitation. Under Sections 382 and 383 of the Code, if a corporation undergoes an “ownership change,” the corporation’s ability to use its pre-change NOLs and other tax attributes and to offset its post-change income and taxes may be limited. In general, an “ownership change” occurs if there is a cumulative change in our ownership by “5% stockholders” that exceed 50 percentage points over a rolling three-year period. Our existing NOLs may be subject to limitations arising from previous ownership changes, and if we undergo an ownership change in connection with or after our initial public offering or as a result of future events, our ability to utilize NOLs could be further limited by Section 382 of the Code. Future changes in our stock ownership, some of which are outside of our control, could result in an ownership change under Section 382 of the Code. The existing NOLs of one of our subsidiaries may be subject to limitations arising from ownership changes prior to, or in connection with, their acquisition by us. Furthermore, our ability to utilize NOLs of companies that we may acquire in the future may be subject to limitations. There is also a risk that due to regulatory changes, such as suspensions on the use of NOLs or other unforeseen reasons, our existing NOLs could expire or otherwise be unavailable to reduce future income tax liabilities, including for state tax purposes. For these reasons, we may not be able to utilize some portion of our NOLs, none of which are currently reflected on our balance sheet, even if we attain profitability.Our intellectual property includes our processes, methodologies, algorithms, applications, technology platform, software code, website content, user interfaces, graphics, registered and unregistered copyrights, trademarks, trade dress, databases, domain names, and patents and patent applications. We believe that our intellectual property is an essential asset of our business. If we do not adequately protect our intellectual property, our brand and reputation could be harmed and competitors may be able to use our technologies and erode or negate any competitive advantage we may have, which could harm our business, negatively affect our position in the marketplace, limit our ability to commercialize our technology, and delay or render impossible our achievement of profitability. A failure to protect our intellectual property in a cost-effective and meaningful manner could have a material adverse effect on our ability to compete. We regard the protection of our trade secrets, copyrights, trademarks, trade dress, databases, domain names, and patents as critical to our success. These laws are subject to change at any time and could further restrict our ability to protect or enforce our intellectual property rights. In addition, the existing laws of certain foreign countries in which we operate may not protect our intellectual property rights to the same extent as do the laws of the United States.We generally enter into confidentiality and invention assignment agreements with our employees and contractors, and confidentiality agreements with other parties, with whom we conduct business in order to limit access to, and disclosure and use of, our proprietary information. However, we may not be successful in executing these agreements with every party who has access to our confidential information or contributes to the development of our intellectual property.The agreements that we execute may be breached, and we may not have adequate remedies for any such breach. These contractual arrangements and the other steps we have taken to protect our intellectual property may not prevent the misappropriation of our intellectual property or deter independent development of similar intellectual property by others.Obtaining and maintaining effective intellectual property rights is expensive, including the costs of monitoring unauthorized use of our intellectual property and defending our rights. We make business decisions about when to seek patent protection for a particular technology and when to rely upon trade secret protection, and the approach we select may ultimately prove to be inadequate. We strive to protect certain of our intellectual property rights through filing applications for trademarks, patents, and domain names in a number of jurisdictions, a process that is expensive and may not be successful in all jurisdictions. However, there is no assurance that any resulting patents or other intellectual property rights will adequately protect our intellectual property, or provide us with any competitive advantages. Moreover, we cannot guarantee that any of our pending patent or trademark applications will issue or be approved. Even where we have intellectual property rights, they may later be found to be unenforceable or have a limited scope of enforceability. In addition, we may not seek to pursue such protection in every jurisdiction. The United States Patent and Trademark Office also requires compliance with a number of procedural, documentary, fee payment, and other similar provisions during the patent application process and after a patent has issued. Noncompliance with such requirements and processes may result in abandonment or lapse of the patent or patent application, resulting in partial or complete loss of patent rights in the relevant jurisdiction. In such an event, our competitors might be able to develop and commercialize substantially similar and competing applications, which would harm our business.We believe it is important to maintain, protect and enhance our brands. Accordingly, we pursue the registration of domain names and our trademarks and service marks in the United States. Third parties may challenge our use of our trademarks, oppose our trademark applications, or otherwise impede our efforts to protect our intellectual property in certain jurisdictions. In the event that we are unable to register our trademarks in certain jurisdictions, we could be forced to rebrand our solutions, which would result in loss of brand recognition and could require us to devote resources to advertising and marketing new brands. Domain names similar to ours have been registered in the United States and elsewhere. We may be unable to prevent third parties from acquiring or using domain names and other trademarks that infringe on, are similar to, or otherwise decrease the value of, our brands, trademarks, or service marks. We also may incur significant costs in enforcing our trademarks against those who attempt to imitate our brand and other valuable trademarks and service marks. In order to protect our intellectual property rights, we may be required to spend significant resources to monitor and protect these rights. We may not be able to detect infringement or unauthorized use of our intellectual property rights, and defending or enforcing our intellectual property rights, even if successfully detected, prosecuted, enjoined, or remedied, could result in the expenditure of significant financial and managerial resources. Litigation has in the past and may be necessary in the future to enforce our intellectual property rights, protect our proprietary rights, or determine the validity and scope of proprietary rights claimed by others. Any litigation of this nature, regardless of outcome or merit, could result in substantial costs and diversion of management and technical resources, any of which could harm our business. Furthermore, our efforts to enforce our intellectual property rights may be met with defenses, counterclaims, countersuits, and adversarial proceedings such as oppositions, inter partes review, post-grant review, re-examination, or other post-issuance proceedings, that attack the validity and enforceability of our intellectual property rights. An adverse determination of any litigation proceedings could put our patents at risk of being invalidated or interpreted narrowly and could put our related pending patent applications at risk of not issuing. Further, because of the substantial amount of discovery required in connection with intellectual property litigation, there is a risk that some of our confidential or sensitive information could be compromised by disclosure in the event of litigation. In addition, during the course of litigation there could be public announcements of the results of hearings, motions, or other interim proceedings or developments. If securities analysts or investors perceive these results to be negative, it could have a substantial adverse effect on the price of our common stock. If we fail to maintain, protect, and enhance our intellectual property rights, our business may be harmed and the market price of our common stock could decline. The laws of some foreign countries may not be as protective of intellectual property rights as those in the United States, and mechanisms for enforcement of intellectual property rights may be inadequate. Effective patent, trademark, copyright, and trade secret protection may not be available to us in every country in which our solutions or technology are developed. Further, legal standards relating to the validity, enforceability, and scope of protection of intellectual property rights are uncertain. The laws in the United States and elsewhere change rapidly, and any future changes could adversely affect us and our intellectual property. Our failure to meaningfully protect our intellectual property could result in competitors offering solutions that incorporate our most technologically advanced features, which could seriously reduce demand for existing and future offerings.Third parties may initiate legal proceedings alleging that we are infringing or otherwise violating their intellectual property rights, the outcome of which would be uncertain and could harm our business.Our success depends in part on our ability to develop and commercialize our offerings and use our proprietary technology without infringing the intellectual property or proprietary rights of third parties. Intellectual property disputes can be costly to defend and may cause our business, operating results, and financial condition to suffer. As the market for healthcare in the United States expands and more patents are issued, the risk increases that there may be patents issued to third parties that relate to our offerings and technology of which we are not aware or that we must challenge to continue our operations as currently contemplated. Whether merited or not, we may face allegations that we, our partners, our licensees, or parties indemnified by us have infringed or otherwise violated the patents, trademarks, copyrights, or other intellectual property rights of third parties. Such claims may be made by competitors seeking to obtain a competitive advantage or by other parties. Additionally, in recent years, individuals and groups have begun purchasing intellectual property assets for the purpose of making claims of infringement and attempting to extract settlements from companies like ours. We may also face allegations that our employees have misappropriated the intellectual property or proprietary rights of their former employers or other third parties. We have in the past initiated, and it may in the future be necessary for us to initiate, litigation to defend ourselves in order to determine the scope, enforceability, and validity of third-party intellectual property or proprietary rights, or to establish our respective rights. Results of any such litigation are difficult to predict and may require us to stop commercializing or using our solutions or technology, obtain licenses, modify our solutions and technology while we develop non-infringing substitutes, or incur substantial damages, settlement costs, or face a temporary or permanent injunction prohibiting us from marketing or providing the affected solutions. If we require a third-party license, it may not be available on reasonable terms or at all, and we may have to pay substantial royalties, upfront fees, or grant cross-licenses to intellectual property rights for our solutions. We may also have to redesign our solutions so that they do not infringe third-party intellectual property rights, which may not be possible or may require substantial monetary expenditures and time, during which our technology and solutions may not be available for commercialization or use. Even if we have an agreement to indemnify us against such costs, the indemnifying party may be unable to uphold its contractual obligations. If we cannot or do not obtain a third-party license to the infringed technology, license the technology on reasonable terms, or obtain similar technology from another source, our revenue and earnings could be adversely impacted.From time to time, we have been and may be subject to legal proceedings and claims in the ordinary course of business with respect to intellectual property. Some third parties may be able to sustain the costs of complex litigation more effectively than we can because they have substantially greater resources. Even if resolved in our favor, litigation or other legal proceedings relating to intellectual property claims may cause us to incur significant expenses and could distract our technical and management personnel from their normal responsibilities. In addition, there could be public announcements of the results of hearings, motions, or other interim proceedings or developments, and if securities analysts or investors perceive these results to be negative, it could have a material adverse effect on the price of our common stock. Moreover, any uncertainties resulting from the initiation and continuation of any legal proceedings could have a material adverse effect on our ability to raise the funds necessary to continue our operations. Assertions by third parties that we violate their intellectual property rights could therefore harm our business.Our use of open source software could adversely affect our ability to offer our solutions and subject us to possible litigation.We use open source software in connection with our existing and future offerings. Some of these licenses contain requirements that we make available source code for modifications or derivative works we create based upon the open source software, and that we license such modifications or derivative works under the terms of a particular open source license or other license granting third-parties certain rights of further use. Although we monitor our use of open source software, we cannot be sure that all open source software is reviewed prior to use in our proprietary software, that our programmers have not incorporated open source software into our proprietary software, or that they will not do so in the future. Additionally, the terms of many open source licenses to which we are subject have not been interpreted by U.S. or foreign courts. There is a risk that open source software licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to provide our existing and future offerings to our customers and members. In addition, the terms of open source software licenses may require us to provide software that we develop using such open source software, to others, including our competitors, on unfavorable license terms. As a result of our current or future use of open source software, we may face claims or litigation, be required to release our proprietary source code, pay damages for breach of contract, re-engineer our technology, discontinue sales in the event re-engineering cannot be accomplished on a timely basis, or take other remedial action that may divert resources away from our development efforts, any of which could harm our business.Any restrictions on our ability to obtain or use data could harm our business.Our business depends in part on data provided to us by, among other sources, health plans, benefits administrators, data warehouses, electronic data interchange (EDI) transaction data providers, and suppliers in our Trusted Partner Ecosystem. Any errors or defects in any third-party data or other technology could result in errors in our existing and future offerings that could harm our business and damage our reputation and cause losses in revenue, and we could be required to spend significant amounts of additional resources to fix any problems. In addition, certain of our offerings, including Accolade Total Care and Accolade Total Health and Benefits, depend on maintaining our data and analytics technology platform, which is populated with data provided by third parties. While our existing agreements with these data providers have multiple-year terms, these providers could become our competitors in the future. Any loss of the right to use of data provided by any health plan providers, benefits administrators, or other entities that provide us data, could result in delays in producing or delivering our solutions until equivalent data, other technology, or intellectual property is identified and integrated, which delays could harm our business. In this situation we would be required to either redesign our solutions to function with technology, data, or intellectual property available from other parties or to develop these components ourselves, which would result in increased costs. Furthermore, we might be forced to limit the features available in our existing or future offerings. If we fail to maintain or renegotiate any of these technology or intellectual property licenses, we could face significant delays and diversion of resources in attempting to develop similar or replacement offerings or to license and integrate a functional equivalent of the technology or intellectual property. The occurrence of any of these events may harm our business.In addition, some of our business activities require that we obtain permissions consistent with HIPAA to provide certain marketing and data aggregation solutions as well as those activities that require the creation and use of de-identified information. We also require large sets of de-identified information to enable us to continue to develop and enhance our data and analytics platform. If we are unable to secure these rights, or if there is a future change in law, we may face limitations on the use of PHI and our ability to use de-identified information that could harm our business. There is also a risk that we may fail to properly de-identify PHI and/or PII under applicable state laws, some of which impose different standards for de-identification than those imposed by HIPAA.Risks Related to Ownership of Our Common StockWe have in the past experienced a material weakness in our internal controls over financial reporting, and if we experience additional material weaknesses in the future or if we otherwise fail to maintain an effective system of disclosure controls and internal control over financial reporting, our ability to produce timely and accurate financial statements or comply with applicable regulations could be impaired.As a public company, we are subject to the reporting requirements of the Securities Exchange Act of 1934, as amended (the Exchange Act), the Sarbanes-Oxley Act, and the rules and regulations of the applicable listing standards of the Nasdaq Stock Market (Nasdaq). The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. We have developed and refined our disclosure controls and other procedures that are designed to ensure that information required to be disclosed by us in the reports that we file with the SEC is recorded, processed, summarized, and reported within the time periods specified in SEC rules and forms and that information required to be disclosed in reports under the Exchange Act is accumulated and communicated to our principal executive and financial officers. Any failure to implement and maintain effective internal control over financial reporting also could adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports regarding the effectiveness of our internal control over financial reporting that we will eventually be required to include in our periodic reports that will be filed with the SEC. Ineffective disclosure controls and procedures and further ineffective internal control over financial reporting could also cause investors to lose confidence in our reported financial and other information, which would likely have a negative effect on the trading price of our common stock. In addition, if we are unable to continue to meet these requirements, we may not be able to remain listed on Nasdaq. We are required to comply with the SEC rules that implement Section 404 of the Sarbanes-Oxley Act and are required to make a formal assessment of the effectiveness of our internal control over financial reporting for that purpose. We are required to provide an annual management report on the effectiveness of our internal control over financial reporting, and our independent registered public accounting firm is also required to formally attest to the effectiveness of our internal control over financial reporting. Our independent registered public accounting firm may issue reports that are adverse in the event it is not satisfied with the level at which our internal control over financial reporting is documented, designed, or operating, or if it is not satisfied with our remediation of any identified material weaknesses. Any failure to maintain effective disclosure controls and internal control over financial reporting could have an adverse effect on our business and results of operations and could cause a decline in the price of our common stock.Sales of substantial amounts of our common stock in the public markets, or the perception that such sales could occur, could reduce the price that our common stock might otherwise attain.Sales of a substantial number of shares of our common stock in the public market, or the perception that such sales could occur, could adversely affect the market price of our common stock and may make it more difficult for you to sell your common stock at a time and price that you deem appropriate. Moreover, we have in the past and may in the future grant rights to some of our stockholders that require us to register the resale of our common stock or other securities on behalf of these stockholders and/or facilitate public offerings of our securities held by these stockholders, including in connection with potential future acquisition or capital-raising transactions.Our operations have consumed substantial amounts of cash since inception, and we intend to continue to make significant investments to support our business growth, respond to business challenges or opportunities, develop new applications and solutions, enhance our existing solutions, enhance our operating infrastructure, and potentially acquire complementary businesses and technologies.Accordingly, we may need to engage in equity or debt financings to secure additional funds. Additional financing may not be available on terms favorable to us, or at all. In addition, during times of economic instability, it has been difficult for many companies to obtain financing in the public markets or to obtain debt financing, and we may not be able to obtain additional financing on commercially reasonable terms, if at all. If we are unable to obtain adequate financing or financing on terms satisfactory to us, it could harm our business.If securities or industry analysts publish reports that are interpreted negatively by the investment community or publish negative or inaccurate research reports about our business, our share price and trading volume could decline.The trading market for our common stock depends, to some extent, on the research and reports that securities or industry analysts publish about us or our business. We do not have any control over these analysts or the information contained in their reports. Securities and industry analysts may cease to publish research on our business or publish negative coverage. If one or more analysts commence coverage of us and publish research reports that are interpreted negatively by the investment community, or have a negative tone regarding our business, financial condition, operating performance, industry, or end-markets, or downgrade our common stock, our share price could decline. In addition, if a significant number of these analysts ceases coverage of our company or fails to regularly publish reports about us, we could lose visibility in the financial markets, which could cause our share price or trading volume to decline.Anti-takeover provisions in our charter documents and under Delaware law could make an acquisition of us more difficult, limit attempts by our stockholders to replace or remove our current management, and may limit the market price of our common stock.Provisions in our amended and restated certificate of incorporation and amended and restated bylaws may have the effect of rendering more difficult, delaying, or preventing a change of control or changes in our management.These provisions may frustrate or prevent any attempts by our stockholders to replace or remove our current management by making it more difficult for stockholders to replace members of our board of directors, which is responsible for appointing the members of our management. In addition, institutional stockholder representative groups, stockholder activists, and others may disagree with our corporate governance provisions or other practices, including anti-takeover provisions, such as those listed above.Finally, because we are incorporated in Delaware, we are governed by the provisions of Section 203 of the Delaware General Corporation Law, which generally prohibits a Delaware corporation from engaging in any of a broad range of business combinations with any “interested” stockholder for a period of three years following the date on which the stockholder became an "interested" stockholder.Any of the foregoing provisions could limit the price that investors might be willing to pay in the future for shares of our common stock, and they could deter potential acquirers of our company, thereby reducing the likelihood that you would receive a premium for your shares of our common stock in an acquisition.Our amended and restated certificate of incorporation provides that the Court of Chancery of the State of Delaware and, to the extent enforceable, the federal district courts of the United States of America, will be the exclusive forum for substantially all disputes between us and our stockholders, which could limit our stockholders' ability to obtain a favorable judicial forum for disputes with us or our directors, officers, or employees.This provision would not apply to suits brought to enforce a duty or liability created by the Securities Act or the Exchange Act or any claim for which the U.S. federal courts have exclusive jurisdiction. Our amended and restated certificate of incorporation will provide that the federal district courts of the United States of America will be the exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act.These exclusive-forum provisions may limit a stockholder's ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers, or other employees, which may discourage lawsuits against us and our directors, officers, and other employees. If any other court of competent jurisdiction were to find either exclusive-forum provision in our amended and restated certificate of incorporation to be inapplicable or unenforceable, we may incur additional costs associated with resolving the dispute in other jurisdictions, which could seriously harm our business. For example, the Court of Chancery of the State of Delaware determined that a provision stating that U.S. federal district courts are the exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act is not enforceable. However, this decision was recently reviewed and ultimately overturned by the Delaware Supreme Court in March 2020.Our issuance of additional capital stock in connection with financings, acquisitions, investments, our stock incentive plans, or otherwise will dilute all other stockholders.We expect to issue additional capital stock in the future that will result in dilution to all other stockholders. We expect to grant equity awards to employees, directors, and consultants under our stock incentive plans. We also may raise capital through equity financings in the future. As part of our business strategy, we may acquire or make investments in complementary companies, products, or technologies and issue equity securities to pay for any such acquisition or 42Table of Contentsinvestment. Any such issuances of additional capital stock may cause stockholders to experience significant dilution of their ownership interests and the per share value of our common stock to decline.Risks Related to Our DebtOur credit agreement contains certain restrictions that may limit our ability to operate our business.The terms of our existing credit agreement with Comerica Bank and the related collateral documents contain, and any future indebtedness would likely contain, a number of restrictive covenants that impose significant operating and financial restrictions on us, including restrictions on our ability, and the ability of our subsidiaries, to take actions that may be in our best interests, including, among others, disposing of assets, entering into change of control transactions, mergers or acquisitions, incurring additional indebtedness, granting liens on our assets, declaring and paying dividends, and agreeing to do any of the foregoing. These agreements require us to satisfy a specified minimum liquidity level at all times and to achieve certain minimum covenant revenue, as defined, on a trailing six-month basis. Our ability to meet financial covenants can be affected by events beyond our control, including as a result of economic downturns, and we may not be able to continue to meet these covenants. A breach of any of these covenants or the occurrence of other events (including a material adverse effect) specified in these agreements and/or the related collateral documents would result in an event of default under such agreements. Upon the occurrence of an event of default, Comerica Bank as administrative agent for the revolving lenders could elect to declare all amounts outstanding, if any, under the credit agreement to be immediately due and payable and terminate all commitments to extend further credit. If we were unable to repay those amounts, Comerica Bank as administrative agent for the revolving lenders could proceed against the collateral granted to them to secure such indebtedness. We have pledged substantially all of our assets as collateral under the loan documents. If Comerica Bank as administrative agent for the revolving lenders accelerates the repayment of borrowings, if any, we may not have sufficient funds to repay our existing debt. We may not have sufficient cash flow from our business to pay our substantial debt when due.Our ability to pay our debt when due or to refinance our indebtedness, including the 0.50% Convertible Senior Notes due 2026, issued in March 2021 (the Notes), depends on our future performance, which is subject to economic, financial, competitive, and other factors beyond our control. Our business may not generate cash flow from operations in the future sufficient to service our debt and make necessary capital expenditures. In most instances it is at our discretion to settle the Notes for cash or the distribution of common stock; however, any required repurchase of the Notes for cash as a result of a fundamental change would lower our current cash on hand such that we would not have those funds available for us in our business. If we are unable to generate such cash flow, we may be required to adopt one or more alternatives, such as selling assets, restructuring debt or obtaining additional equity capital on terms that may be onerous or highly dilutive. Our ability to refinance our indebtedness will depend on the capital markets and our financial condition at such time. We may not be able to engage in any of these activities or engage in these activities on desirable terms, which could result in a default on our debt obligations. We and our subsidiaries may incur substantial additional debt in the future, subject to the restrictions contained in our future debt instruments, some of which may be secured debt. We are not restricted under the terms of the indenture governing the Notes from incurring additional debt, securing existing or future debt, recapitalizing our debt or taking a number of other actions that could have the effect of diminishing our ability to make payments on the Notes when due. Furthermore, the indenture prohibits us from engaging in certain mergers or acquisitions unless, among other things, the surviving entity assumes our obligations under the Notes and the indenture. These and other provisions in the indenture could deter or prevent a third party from acquiring us even when the acquisition may be favorable to holders of the Notes.Transactions relating to our Notes may affect the value of our common stock.The conversion of some or all of the Notes would dilute the ownership interests of existing stockholders to the extent we satisfy our conversion obligation by delivering shares of our common stock upon any conversion of such Notes. Our Notes may become in the future convertible at the option of their holders under certain circumstances. If holders of our Notes elect to convert their notes, we may settle our conversion obligation by delivering to them a significant number of shares of our common stock, which would cause dilution to our existing stockholders. In addition, the existence of the Notes may encourage short selling by market participants because the conversion of the Notes could be used to satisfy short positions, or anticipated conversion of the Notes into shares of our common stock could depress the price of our common stock. The capped call transactions are expected generally to reduce the potential dilution to our common stock upon any conversion or settlement of the Notes and/or offset any cash payments we are required to make in excess of the principal amount of converted Notes, as the case may be, with such reduction and/or offset subject to a cap. From time to time, the Option Counterparties or their respective affiliates may modify their hedge positions by entering into or unwinding various derivative transactions with respect to our common stock and/or purchasing or selling our common stock or other securities of ours in secondary market transactions prior to the maturity of the Notes. This activity could cause a decrease in the market price of our common stock.General Risk Factors Changes in tax laws or regulations that are applied adversely to us or our customers may have a material adverse effect on our business, cash flow, financial condition, or results of operations.New income, sales, use, or other tax laws, statutes, rules, regulations, or ordinances could be enacted at any time, which could adversely affect our business operations and financial performance. Further, existing tax laws, statutes, rules, regulations, or ordinances could be interpreted, changed, modified, or applied adversely to us. For example, the Tax Act, the CARES Act, and the IRA enacted many significant changes to the U.S. tax laws. Changes in corporate tax rates, the realization of net deferred tax assets relating to our U.S. operations, and the deductibility of expenses under the Tax Act or future tax reform legislation could have a material impact on the value of our deferred tax assets, could result in significant one-time charges in the current or future taxable years, and could increase our future U.S. tax expense. The foregoing items, as well as any other future changes in tax laws, could have a material adverse effect on our business, cash flow, financial condition, or results of operations. In addition, it is uncertain if and to what extent various states will conform to the Tax Act, the CARES Act, the IRA, or any newly enacted federal tax legislation.Unstable market and economic conditions, including adverse developments affecting the financial services industry, such as actual events or concerns involving liquidity, defaults, or non-performance by financial institutions or transactional counterparties, may have serious adverse consequences on our business, financial condition, results of operations, and stock price.The global credit and financial markets have recently experienced extreme volatility and disruptions, including severely diminished liquidity and credit availability, increased interest rates, inflationary pressures, declines in consumer confidence, declines in economic growth, increases in unemployment rates, and uncertainty about economic stability. There can be no assurance that further deterioration in the credit and financial markets and confidence in economic conditions will not occur. Our general business strategy may be adversely affected by any such economic downturn, volatile business environment, or continued unpredictable and unstable market conditions. If the current equity and credit markets deteriorate, it may make any necessary debt or equity financing more difficult, more costly, and more dilutive. Failure to secure any necessary financing in a timely manner and on favorable terms could have a material adverse effect on our growth strategy, financial performance, and stock price and could require us to delay or abandon critical development plans. Accordingly, there is a risk that one or more of our customers, current service providers, or other partners may be adversely impacted by, or may not survive, an economic downturn, which could directly affect our ability to attain our operating goals on schedule and on budget.In addition, actual events involving limited liquidity, defaults, non-performance or other adverse developments that affect financial institutions, transactional counterparties, or other companies in the financial services industry or the financial services industry generally, or concerns or rumors about any events of these kinds or other similar risks, have in the past and may in the future lead to market-wide liquidity problems. If any of our lenders or counterparties to any such instruments were to be placed into receivership, we may be unable to access such funds.We regularly maintain cash balances at third-party financial institutions in excess of the FDIC insurance limit. Although we assess our banking relationships as we believe necessary or appropriate, our access to funding sources and other credit arrangements in amounts adequate to finance or capitalize our current and projected future business operations could be significantly impaired by factors that affect us, the financial institutions with which we have arrangements 44Table of Contentsdirectly, or the financial services industry or economy in general. These factors could include, among others, events such as liquidity constraints or failures, the ability to perform obligations under various types of financial, credit, or liquidity agreements, or arrangements, disruptions, or instability in the financial services industry or financial markets, or concerns or negative expectations about the prospects for companies in the financial services industry. These factors could involve financial institutions or financial services industry companies with which we have financial or business relationships, but could also include factors involving financial markets or the financial services industry generally.S. or international financial systems could result in less favorable commercial financing terms, including higher interest rates or costs and tighter financial and operating covenants, or systemic limitations on access to credit and liquidity sources, thereby making it more difficult for us to acquire financing on acceptable terms or at allNatural or man-made disasters, events outside our reasonable control, and other similar events may significantly disrupt our operations and negatively impact our business, financial condition, and results of operations. Any disruptions in our operations related to the repair or replacement of our offices, third-party data and call centers, or cloud infrastructure services could negatively impact our business and results of operations and harm our reputation. Insurance may not be sufficient to compensate for losses that may occur. Any such losses or damages could harm our business.We have incurred and will incur increased costs and demands upon management as a result of complying with the laws and regulations affecting public companies, which could adversely affect our business, results of operations, and financial condition.As a public company, we are subject to the reporting requirements of the Securities Exchange Act of 1934, as amended (the Exchange Act), the listing standards of the Nasdaq Stock Market (Nasdaq) and other applicable securities rules and regulations. We expect that the requirements of these rules and regulations will continue to increase our legal, accounting, and financial compliance costs, make some activities more difficult, time-consuming and costly, and place significant strain on our personnel, systems and resources. For example, the Exchange Act requires, among other things, that we file annual, quarterly, and current reports with respect to our business and results of operations. As a result of the complexity involved in complying with the rules and regulations applicable to public companies, our management's attention may be diverted from other business concerns, which could harm our business, results of operations, and financial condition. Although we have already hired additional employees and engaged outside consultants to assist us in complying with these requirements, we will need to hire more employees in the future or may need to engage additional outside consultants, which will increase our operating expenses. In addition, changing laws, regulations, and standards relating to corporate governance and public disclosure are creating uncertainty for public companies, increasing legal and financial compliance costs, and making some activities more time-consuming. These laws, regulations, and standards are subject to varying interpretations, in many cases due to their lack of specificity, and, as a result, their application in practice may evolve over time as new guidance is provided by regulatory and governing bodies. These factors could result in continuing uncertainty regarding compliance matters and higher costs necessitated by ongoing revisions to disclosure and governance practices. We intend to invest substantial resources to comply with evolving laws, regulations, and standards, and this investment may result in increased general and administrative expenses and a diversion of management's time and attention from business operations to compliance activities. If our efforts to comply with new laws, regulations, and standards differ from the activities intended by regulatory or governing bodies due to ambiguities related to their application and practice, regulatory authorities may initiate legal proceedings against us and our business may be harmed. If such claims are successful, our business and results of operations could be harmed, and even if the claims do not result in litigation or are resolved in our favor, these claims, and the time and resources necessary to resolve them, could divert the resources of our management and harm our business, results of operations, and financial condition.Our stock price has been volatile since our initial public offering, and it is likely that the trading price of our common stock may fluctuate substantially, depending on a number of factors, including those described in this "Risk Factors" section, many of which are beyond our control and may not be related to our operating performance. These fluctuations could cause you to lose all or part of your investment in our common stock. An inactive market may also impair our ability to raise capital to continue to fund operations by selling shares of our common stock and may impair our ability to acquire or make investments in complementary companies, products, or technologies by using shares of our common stock as consideration.In addition, if the market for healthcare technology stocks or the stock market in general experiences a loss of investor confidence, the trading price of our common stock could decline for reasons unrelated to our business, financial condition, or results of operations. The trading price of our common stock might also decline in reaction to events that affect other companies in our industry even if these events do not directly affect us. In the past, following periods of volatility in the trading price of a company's securities, securities class action litigation has often been brought against that company. If our stock price is volatile, we may become the target of securities litigation. Securities litigation could result in substantial costs and divert our management's attention and resources from our business. This could harm our business.Item 1B. CybersecurityRisk Management and StrategyWe believe cybersecurity is critical to our mission to help every person live their healthiest life. Our customers, members, partners, and employees trust Accolade to maintain a secure environment for their health information. We process and maintain sensitive data on our customers and members in the form of PHI and PII and we maintain intellectual property of our solutions and PII of our employees. Because of the sensitivity of this data, we are subject to various cybersecurity threats that could adversely affect our business, customers, and members through impacts to the confidentiality, integrity, and availability of our systems.As part of our enterprise risk management ("ERM") program, we maintain a cybersecurity program in an effort to reduce the risk of a breach of our systems or information. Our cybersecurity program includes policies and controls which are regularly reviewed through internal assessments. We have an active HITRUST certification for our expert medical opinion offering and Service Organization Control ("SOC") 2 Type II security compliance reports that are issued by third-party entities for our other offerings. We have controls in place intended to assess our cybersecurity readiness and prevent unauthorized access to our critical systems, including, for example, vulnerability scanning of our systems, detection and blocking of potentially malicious email, multifactor authentication, and security review of our vendors. We also actively engage with the law enforcement community, industry groups, and key vendors to maintain awareness of the evolving threat environment. We have a documented cybersecurity response plan for identification and assessment of cybersecurity incidents, including an escalation process for management to assess the materiality of an incident. Despite our cybersecurity program, we cannot guarantee that we will not be subject to a material cybersecurity incident.

For a description of the risks from cybersecurity threats that may materially affect the Company, and how they may do so, see Item 1A-"Risk Factors" included elsewhere in this Annual Report on Form 10-K. As of the date of this Annual Report, we have determined that there have been no cybersecurity incidents which materially impacted our business, financial condition, or results of operations.GovernanceOur board of directors maintains oversight of our risk management and the audit committee of our board of directors maintains primary responsibility related to overseeing our cybersecurity risk. One member of our audit committee has experience in cybersecurity and provides perspective regularly. We maintain a cybersecurity program to identify, assess, and manage our cybersecurity threats that is led by our Chief Information Security Officer ("CISO") and General Counsel / Chief Compliance Officer. These individuals regularly engage with the audit committee and other members of senior management to discuss cybersecurity risks..

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
PLCE	2 days, 18 hours ago
AQU	2 days, 22 hours ago
LGIQ	2 days, 23 hours ago
EFHT	3 days, 9 hours ago
HNRA	3 days, 21 hours ago
IMII	3 days, 22 hours ago
VNCE	3 days, 23 hours ago
ECXJ	4 days, 10 hours ago
DCLT	4 days, 23 hours ago
NVEC	4 days, 23 hours ago
SCTH	5 days ago
NWCN	5 days, 8 hours ago
EMED	5 days, 10 hours ago
EGGF	5 days, 18 hours ago
NTRB	5 days, 21 hours ago
VSAC	5 days, 22 hours ago
STRM	5 days, 22 hours ago
MIND	5 days, 23 hours ago
PONO	6 days, 1 hour ago
VINO	6 days, 18 hours ago
ACRHF	6 days, 19 hours ago
ATAK	6 days, 22 hours ago
MSOF	6 days, 23 hours ago
ETWO	6 days, 23 hours ago
MUSS	6 days, 23 hours ago
NLSC	1 week ago
LGST	1 week, 2 days ago
EAWD	1 week, 2 days ago
ARAT	1 week, 2 days ago
IONM	1 week, 2 days ago
NHWK	1 week, 3 days ago
GBBK	1 week, 3 days ago
APOG	1 week, 3 days ago
FWAV	1 week, 3 days ago
JRSS	1 week, 3 days ago
PPIH	1 week, 3 days ago
WAVS	1 week, 3 days ago
GBNH	1 week, 3 days ago
ACCD	1 week, 3 days ago
EFSH	1 week, 4 days ago
RFAC	1 week, 4 days ago
GXXM	1 week, 4 days ago
PGY	1 week, 4 days ago
KPLT	1 week, 4 days ago
MSB	1 week, 4 days ago
MMMB	1 week, 4 days ago
LVPA	1 week, 5 days ago
HELE	1 week, 5 days ago
RILY	1 week, 5 days ago
BHAC	1 week, 5 days ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - ACCD

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

$ACCD Risk Factor changes from 00/04/27/23/2023 to 00/04/25/24/2024

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - ACCD

-New additions in green-Changes in blue-Hover to see similar sentence in last filing

$ACCD Risk Factor changes from 00/04/27/23/2023 to 00/04/25/24/2024

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing