Risk Factors Dashboard
Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.
View risk factors by ticker
Search filings by term
Risk Factors - INNV
-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing
Item 1A. Risk Factors, “Risks Related to Regulation.”
We maintain our Program with physical, administrative and technical safeguards, and we maintain plans and procedures whose objective is to help us prevent and respond to cybersecurity incidents. Elements of our Program include: (i) required training for our employees (including onboarding and annual training), exercises (including advanced phishing exercises), and awareness for our employees to promote vigilance of cybersecurity risks, including those that may be exacerbated by artificial intelligence, and (ii) compliance audits and assessments, which include routine technical and non-technical audits and assessments internally and in collaboration with independent third parties at least annually. Elements of our Program include: (i) required training for our employees (including onboarding and annual training), exercises (including advanced phishing exercises), and awareness for our employees to promote vigilance of cybersecurity risks and (ii) compliance audits and assessments, which include routine technical and non-technical audits and assessments internally and in collaboration with independent third parties at least annually. In addition, we engage various third-party consultants to assist us in assessing, enhancing, implementing and monitoring our Program and responding to incidents. Our Program is integrated into our Enterprise Risk Management (ERM) program and includes a vendor risk management program supported by our security and compliance teams. We assess vendor cybersecurity risks according to HIPAA and NIST CSF standards and have established an oversight process which we periodically review to manage cybersecurity risks related to the products and services we procure. We assess vendor cybersecurity risks according to HIPAA and NIST CSF standards and have established an oversight process to manage cybersecurity risks related to the products and services we procure. During the fiscal year ended June 30, 2025, we did not identify risks from cybersecurity threats, including as a result of previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. While prior incidents have not had a material impact on us, future incidents could have a material impact on our business, operations, and reputation . See “Security breaches, loss of data and other disruptions have in the past and could in the future compromise sensitive information related to our business or our participants, or prevent us from accessing critical information and expose us to liability, and could adversely affect our business and our reputation” in Item 1A “Risk Factors” in this Annual Report.
While our full Board has overall responsibility for risk oversight, it has delegated primary oversight of certain risks to its committees. Our Audit Committee monitors cybersecurity risks, and the steps our management has taken to monitor and control exposures . Our Chief Information Officer (CIO) and Chief Information Security Officer (CISO) brief the Audit Committee quarterly on cybersecurity risks, updates on the regulatory and cyber landscape and significant cybersecurity events, as needed. Our Audit Committee reports to our Board on cybersecurity matters quarterly, or more often as the need arises. We have an Information Security Team to strengthen our cybersecurity risk management activities across the Company, with its members having experience in public and private companies within the healthcare industry, as well as various cybersecurity certifications.We have an Information Security Team to strengthen our cybersecurity risk management activities across the Company. The Information Security Team reports to our CISO who works in collaboration with our CIO, Chief Compliance Officer and General Counsel. The Information Security Team is responsible for the oversight and operation of our Program, and the management our security standards and operating procedures. Cole Naus is our CISO. Mr. Naus has over 10 years of experience in the cybersecurity industry. Mr. Naus holds a degree in Cybersecurity and Information Assurance and holds other cybersecurity certifications. Mr. Naus reports directly to Cara Babachicos, our CIO. Ms. Babachicos has over 20 years of experience in the cybersecurity industry, having previously worked as Chief Information Officer at other companies in the healthcare industry .
Federal and State Regulation of PACE Providers
We are subject to a complex array of federal and state laws, regulations, and guidance, including legal requirements directly applicable to PACE providers as well as Medicare and Medicaid laws and regulations. These laws and guidance relate to our organizational structure, governance, fiscal soundness, marketing activities, participant enrollment and disenrollment, charges to participants, provision of healthcare and other services to participants, care planning activities, service delivery settings and maintenance of centers, participant rights, employment and contractual arrangements with healthcare providers and other staff, quality assessment and performance improvement activities, participant grievances and appeals, medical records documentation, compliance program activities, and other aspects of our operations and financing. As a PACE provider that provides qualified prescription drug coverage, we are also subject to Medicare laws, regulations, and requirements applicable to Medicare Part D plan sponsors.
The regulations and contractual requirements applicable to PACE providers are complex and subject to change, making it necessary for us to invest significant resources in complying with these requirements. Scrutiny through federal and state government audits, oversight and enforcement and the highly technical regulatory scheme in which we operate require us to allocate significant resources to our compliance efforts. In addition, new centers that we may acquire in the future may have less developed compliance and quality infrastructures, which may require us to allocate additional resources to making any required enhancements.
CMS and state regulatory authorities regularly audit our performance to determine our compliance with CMS’s regulations and our contracts with CMS and state authorities, and to assess the quality of the services we provide to our participants. Such audits have in the past, and may in the future, result in the identification of deficiencies in connection with our compliance with regulatory requirements, participant quality of care, care plan development and implementation, grievance and appeal processes, clinicians acting outside of their scope of practice, and other issues. See Item 1A. Risk Factors, “Risks Related to Regulation” .
Whether identified through such audits or other avenues, our failure to comply with the federal and state laws applicable to our business could result in significant or material retroactive adjustments to and/or withholding of capitation payments, fines, criminal liability, civil monetary penalties, requirements to make significant changes to our operations, corrective action plans, CMS imposed sanctions (including suspension or exclusion from participation in government programs), loss of contracts, or cessation of our services.
Licensing Laws
We, our healthcare professionals, and our centers are subject to various federal, state and local licensure and certification requirements in connection with our provision of healthcare and other services. Specifically, in some of the states in which we operate, we are required to maintain licensure or certification as an adult day health center, home health or home care provider, diagnostic and treatment center, pharmacy provider, clinical laboratory and/or other type of facility, and our affiliated physicians and other clinicians also must be licensed or certified, as applicable, in the states in which they are providing services. In addition, certain of the states where we currently operate regulate the operations and financial condition of risk bearing providers and impose capital requirements, licensing or certification, governance controls, and other obligations. While the states in which we operate do not currently impose these regulations on entities solely bearing risk under the PACE program, these states may seek to license or otherwise regulate our operations and financial solvency in the future; further, states in which we expand in the future may impose similar requirements on our operations. In addition to state requirements, we, our centers, and our healthcare professionals are in some cases subject to federal licensing and certification requirements, such as certification or waiver under the Clinical Laboratory Improvement Amendments of 1988 for performing laboratory services and Drug Enforcement Administration registrations for prescribing, storing, and dispensing controlled substances.
Failure to comply with federal, state and local licensing and certification laws, regulations and standards could result in a variety of consequences, including cessation of our services, loss of our contracts, prior payments by payors being subject to recoupment, requirements to make significant changes to our operations, or civil or criminal penalties. While we endeavor to comply with federal, state and local licensing and certification laws and regulations and standards as we interpret them, the laws and regulations in these areas are complex, changing and often subject to varying interpretations. While we endeavor to comply with federal, state and local licensing and certification laws and regulations and standards as we interpret them, the laws and regulations in these areas are complex, changing and often subject to varying interpretations.
8
Any failure to satisfy applicable laws and regulations could have a material adverse impact on our business, results of operations, financial condition, cash flows and reputation.
Corporate Practice of Medicine
The laws and regulations relating to our operations vary from state to state, and some states in which we operate prohibit general business corporations, such as us, from practicing medicine, directly employing physicians, controlling physicians’ or other clinicians’ medical decisions, or engaging in some practices such as splitting professional fees with physicians or other clinicians. In certain states, we contract with physicians to provide healthcare services that are required to be provided by licensed physicians to comply with such requirements. While we believe that we are in substantial compliance with state laws prohibiting the corporate practice of medicine, regulatory agencies and other parties may assert that we could be engaged in the corporate practice of medicine. Further, many such state laws are often vague or have otherwise only been infrequently interpreted by courts or regulatory agencies and are subject to change. The consequences associated with violating corporate practice of medicine laws vary by state and may result in physicians or other clinicians being subject to disciplinary action, as well as forfeiture of revenues from government payors for services rendered. However, if allegations are successfully asserted before the appropriate judicial or administrative forums, we could be subject to adverse judicial or administrative penalties, certain of our contracts could be determined to be unenforceable, and we may be required to restructure our organization or our contractual arrangements. Any allegations or findings that we have violated these laws could have a material adverse impact on our reputation, business, results of operations and financial condition.
See Item 1A. Risk Factors, “Risks Related to Our Business—Laws regulating the corporate practice of medicine could restrict the manner in which we are permitted to conduct our business, and the failure to comply with such laws could subject us to penalties or require a restructuring of our business.”
Federal Anti-Kickback Statute
The federal Anti-Kickback Statute prohibits, among other things, knowingly and willfully offering, paying, soliciting, or receiving remuneration, directly or indirectly, in cash or kind, to induce or reward either the referral of an individual for, or the purchase, order or recommendation of, any good or service, for which payment may be made under federal and state healthcare programs such as Medicare and Medicaid. Court decisions have held that the statute may be violated even if only one purpose of remuneration is to induce referrals. In addition, a defendant need not have actual knowledge of, or the specific intent to violate, the federal Anti-Kickback Statute in order to have the requisite intent to support an Anti-Kickback Statute violation.
Federal criminal penalties for the violation of the federal Anti-Kickback Statute include imprisonment, fines and exclusion of the provider from future participation in federal healthcare programs, including Medicare and Medicaid. Violations of the federal Anti-Kickback Statute are punishable by imprisonment for up to ten years, fines of up to $100,000 per kickback or both. Larger fines can be imposed upon corporations under the provisions of the U.S. Sentencing Guidelines and the Alternate Fines Statute. Individuals and entities convicted of a criminal violation of the federal Anti-Kickback Statute are subject to mandatory exclusion from participation in Medicare, Medicaid, and other federal healthcare programs for a minimum of five years. Civil penalties for violation of the Anti-Kickback Statute include up to $124,732 (adjusted for inflation) in monetary penalties per violation, fines, or penalties of up to three times the total payments between the parties to the arrangement and potential exclusion from participation in Medicare and Medicaid. Civil penalties for violation of the Anti-Kickback Statute include up to $120,816 in monetary penalties per violation, fines, or penalties of up to three times the total payments between the parties to the arrangement and potential exclusion from participation in Medicare and Medicaid. In addition, the federal Anti-Kickback Statute provides that any claims for items or services resulting from a violation of the federal Anti-Kickback Statute are considered false or fraudulent for purposes of the FCA, which is further discussed below. Any findings that we have violated these laws could have a material adverse impact on our business, results of operations, financial condition, cash flows, reputation and stock price.
The federal Anti-Kickback Statute includes statutory exceptions and regulatory safe harbors that protect certain arrangements. These exceptions and safe harbors are voluntary. To receive safe harbor protection, business transactions and arrangements must meet all the requirements of a safe harbor. However, transactions and arrangements that do not satisfy all elements of a relevant safe harbor do not necessarily render the arrangement per se illegal. When an arrangement does not satisfy a safe harbor, the arrangement must be evaluated upon all facts and circumstances, on a case-by-case basis considering among other things, the parties’ intent, and the arrangement’s potential for abuse. When an arrangement does not satisfy a safe harbor, the arrangement must be evaluated upon all facts and circumstances, on a case-by-case basis in light of among other things, the parties’ intent, and the arrangement’s potential for abuse. Arrangements that do not satisfy a safe harbor may be subject to greater scrutiny by enforcement agencies.
Additionally, some states have enacted statutes and regulations similar to the federal Anti-Kickback Statute. Unlike the federal Anti-Kickback Statute, however, certain state laws may be applicable regardless of the payor source for the patient.
9
Moreover, these state laws may contain exceptions and safe harbors that are different from and/or more limited than those of federal law and that may vary from state to state.
We have entered, and may continue to enter, into arrangements that may not fit squarely within enumerated safe harbors and could potentially implicate the Anti-Kickback Statute if the requisite intent were present, such as:
•Joint Ventures. As of June 30, 2025, we operated two of our centers, our Sacramento, California center, and Orlando, Florida center, under joint ventures, each with a not-for-profit healthcare provider. We operate two of our centers, our Sacramento, California center, and Orlando, Florida center, under joint ventures, each with a not-for-profit healthcare provider. Additionally, in August 2025, we entered into a joint venture with Tampa General Hospital, a not-for-profit healthcare provider in Tampa, Florida. We may enter other joint ventures with providers and payors in the future. The Office of Inspector General (the “OIG”) of the Department of Health and Human Services (“HHS”) has warned healthcare entities in the past that certain joint venture relationships have a potential for abuse. We have endeavored to structure our joint ventures to satisfy as many elements of the applicable safe harbor for investments in small entities as we believe are commercially reasonable. For example, we believe that these investments are offered and made by us on a fair market value basis and provide returns to the investors in proportion to their actual investment in the venture.
•Discounts. Our centers sometimes acquire certain items and services at a discount that may be reimbursed by a federal healthcare program. We endeavor to structure our vendor contracts that include discount or rebate provisions to comply with the federal Anti-Kickback Statute safe harbor for discounts.
•Sales Force and Participant Recruitment. We employ our own sales force and attempt to meet the Anti-Kickback safe harbor for bona fide employment.
Many of our arrangements are structured to provide for compensation that is fair market value for services rendered and in a manner that does not reflect the volume or value of referrals generated between the parties. Many of our arrangements are structured to provide for compensation that is fair market value for services actually rendered and in a manner that does not reflect the volume or value of referrals generated between the parties. In structuring our relationships with providers, including our physician partners, and other healthcare entities, we endeavor to comply with the regulatory requirements of such safe harbors and exceptions.
On January 19, 2021, the OIG issued regulations under the Anti-Kickback Statute that added new safe harbors and modified existing safe harbors that protect certain payment practices and business arrangements from sanctions under the Anti-Kickback Statute in order to remove potential barriers to more effective coordination and management of patient care and delivery of value-based care. Among other changes, these regulations contained safe harbors for value-based arrangements centering around value-based enterprises, which are enterprises, such as ours, composed of participants collaborating to achieve one or more value-based purposes, including coordinating, and managing the care of a target patient population and coordinating and managing the care of a target population. These new and modified value-based care safe harbors may allow our business to pursue new value-based arrangements with safe harbor protections under the Anti-Kickback Statute. However, compliance with these new Anti-Kickback Statute safe harbors is complex and, to the extent that one of our value-based arrangements does not squarely fit within the relevant safe harbors, it could be subject to greater scrutiny by enforcement agencies.
Federal Self-Referral Prohibition
The federal Ethics in Patient Referral Act (“Stark Law”) generally prohibits a physician who has (or whose immediate family member has) a financial relationship with certain entities from making referrals to such entities for “designated health services” if payment for the services may be made under Medicare or Medicaid. “Designated health services” include clinical laboratory services, inpatient and outpatient hospital services, physical and occupational therapy services, outpatient speech-language pathology services, certain radiology services, radiation therapy services and supplies, durable medical equipment and supplies, parenteral and enteral nutrients equipment and supplies, prosthetics, orthotics and prosthetic devices and supplies, home health services, and outpatient prescription drugs. To the extent we fall within the types of entities to which the Stark Law applies, then we need to ensure that any financial relationships that we have with a referring provider would satisfy a statutory or regulatory exception to the general Stark Law prohibition.
Providers are prohibited from billing Medicare and Medicaid for services related to a prohibited referral and a provider that has billed for prohibited services is obligated to notify and refund the amounts collected from the Medicare program or to make a self-disclosure to CMS under its Self-Referral Disclosure Protocol. Penalties for violation of the Stark Law include denial of payment, recoupment, refunds of amounts paid in violation of the law, exclusion from the Medicare or Medicaid programs, and substantial civil monetary penalties ($30,868 per prohibited item or service and $205,799 if there is a circumvention scheme; penalty amounts reflect current 2024 levels and are adjusted for inflation from time to time).
10
Claims filed in violation of the Stark Law may be deemed false claims under the FCA. In addition to the Stark Law, various states in which we operate have adopted similar self-referral prohibition statutes. In addition to the Stark Law, various states in which we operate have adopted their own self-referral prohibition statutes.
In parallel with OIG’s regulations on value-based care discussed above, on January 19, 2021, CMS issued a sweeping set of regulations that introduce significant new value-based exceptions to the Stark Law, including new exceptions for certain remuneration exchanged between or among eligible participants in value-based arrangements.In parallel with OIG’s regulations on value-based care discussed above, on January 19, 2021, CMS issued a sweeping set of regulations that introduce significant new value-based terminology and exceptions to the Stark Law, including new exceptions for certain remuneration exchanged between or among eligible participants in value-based arrangements. These exceptions and their various requirements apply based on the level of financial risk assumed by the arrangement’s participants. These exceptions and their various requirements apply based on the level of risk assumed by the arrangement’s participants. These regulations purport to ease the compliance burden for healthcare providers across the industry while maintaining strong safeguards to protect patients and programs from fraud and abuse. To the extent that we rely on the new value-based exceptions to the Stark Law for our value-based arrangements, we intend to comply with such safeguards. However, if we were to be found as out of compliance with such exceptions, we could be subject to penalties, as discussed above.
The False Claims Act
Among other things, the FCA authorizes the imposition of up to three times the government’s damages and significant per claim civil penalties on any “person” (including an individual, organization or company) who, among other acts:
•knowingly presents or causes to be presented to the federal government a false or fraudulent claim for payment or approval;
•knowingly makes, uses or causes to be made or used a false record or statement material to a false or fraudulent claim;
•knowingly makes, uses or causes to be made or used a false record, report or statement material to an obligation to pay the government, or knowingly conceals or knowingly and improperly avoids or decreases an obligation to pay or transmit money or property to the federal government; or
•conspires to commit the above acts.
The federal government has used the FCA to prosecute a wide variety of alleged false claims and fraud allegedly perpetrated against Medicare and state healthcare programs, including but not limited to coding errors, billing for services not rendered, the submission of false cost or other reports, billing for services at a higher payment rate than appropriate, billing under a comprehensive code as well as under one or more component codes included in the comprehensive code, billing for care that is not considered medically necessary and false reporting of risk-adjusted diagnostic codes, encounter data or other information used to determine capitated payments. The Affordable Care Act (“ACA”) provides that claims for payment that are tainted by a violation of the federal Anti-Kickback Statute (which could include, for example, illegal incentives or remuneration in exchange for enrollment or referrals) are false for purposes of the FCA. In addition, amendments to the FCA and Social Security Act impose severe penalties for the knowing and improper retention of overpayments from government payors. This could be relevant to our business the extent we receive payments on account of RAF determinations that are based on improper or erroneous records or reports. Failure to return overpayments could subject us to liability under the FCA, exclusion from government healthcare programs and penalties under the federal Civil Monetary Penalty Statute.
The penalties for a violation of the FCA may include per claim penalties, plus up to three times the amount of damages caused by each false claim, which can be as much as the amounts received directly or indirectly from the government for each such false claim. As of January 15, 2025, the minimum False Claims Act penalty increased from $13,946 to $14,308 per claim. As of February 12, 2024, the minimum False Claims Act penalty increased from $13,508 to $13,946 per claim. The maximum penalty has increased from $27,894 to $28,619 per claim.
In addition to civil enforcement under the FCA, the federal government can use several criminal statutes to prosecute persons who are alleged to have submitted false or fraudulent claims for payment to the federal government. Private parties may initiate qui tam whistleblower lawsuits against any person or entity under the FCA in the name of the federal government, as well as under the false claims’ laws of several states, and may share in the proceeds of a successful suit. Generally, federal and state governments have made investigating and prosecuting healthcare fraud and abuse a priority. Any allegations or findings that we have violated the FCA could have a material adverse impact on our reputation, business, results of operations and financial condition.
In addition to the FCA, the various states in which we operate have adopted their own analogs of the FCA. States are becoming increasingly active in using their false claims laws to police the same activities listed above, particularly with regard to capitated government-sponsored healthcare programs, such as Medicaid managed care and PACE. Under Section 6031 of the Deficit Reduction Act of 2005, as amended, if a state enacts a false claims act that is at least as stringent as the
11
federal statute and that also meets certain other requirements, the state will be eligible to receive a greater share of any monetary recovery obtained pursuant to certain actions brought under the state’s false claims act. As a result, more states are expected to enact laws that are similar to the federal FCA in the future along with a corresponding increase in state false claims enforcement efforts.
For additional information regarding allegations against us under Federal and State FCA statutes, see Item 1A. Risk Factors, “Risks Related to Our Business—We are subject to legal proceedings, enforcement actions and litigation, malpractice and privacy disputes, which are costly to defend and could materially harm our business and results of operations.”
Civil Monetary Penalties Statute
The Civil Monetary Penalties Statute, 42 U.S.C. § 1320a-7a, authorizes the imposition of civil monetary penalties, assessments and exclusion against an individual or entity based on a variety of prohibited conduct, including, but not limited to:
•presenting, or causing to be presented, claims, reports or records relating to payment by Medicare, Medicaid or other government payors that the individual or entity knows or should know are for an item or service that was not provided as reported, is false or fraudulent or was presented for a physician’s service by a person who knows or should know that the individual providing the service is not a licensed physician, obtained licensure through misrepresentation or represented certification in a medical specialty without in fact possessing such certification;
•offering remuneration to a federal healthcare program beneficiary that the individual or entity knows or should know is likely to influence the beneficiary to order or receive healthcare items or services from a particular provider, unless an exception applies;
•arranging contracts with or making payments to an entity or individual excluded from participation in the federal healthcare programs or included on CMS’s preclusion list;
•violating the federal Anti-Kickback Statute;
•making, using or causing to be made or used a false record or statement material to a false or fraudulent claim for payment for items and services furnished under a federal healthcare program;
•making, using or causing to be made any false statement, omission or misrepresentation of a material fact in any application, bid or contract to participate or enroll as a provider of services or a supplier under a federal healthcare program; and
•failing to report and return an overpayment owed to the federal government.
We could be exposed to a wide range of allegations to which the federal Civil Monetary Penalty Statute would apply. We perform monthly checks on our employees and certain affiliates and vendors using government databases to confirm that these individuals have not been excluded from federal programs or otherwise ineligible for payment. We have also implemented processes to avoid payments to contracted or noncontracted providers listed on CMS’s preclusion list and payments for drugs prescribed by individuals on the preclusion list. We have also implemented processes to ensure that we do not make payments to contracted or noncontracted providers listed on CMS’s preclusion list nor make payments for drugs prescribed by individuals on the preclusion list. Should an individual or entity be excluded, on the preclusion list, or otherwise ineligible for payment and we fail to detect it, a federal agency could require us to refund amounts attributable to all claims or services performed or sufficiently linked to such individual or entity. However, should an individual or entity be excluded, on the preclusion list, or otherwise ineligible for payment and we fail to detect it, a federal agency could require us to refund amounts attributable to all claims or services performed or sufficiently linked to such individual or entity. Due to this area of risk and the possibility of other allegations being brought against us, we cannot foreclose the possibility that we could face allegations of noncompliance with the Civil Monetary Penalty Statute that have the potential for a material adverse impact on our business, results of operations and financial condition.
Privacy and Security
HIPAA requires covered entities, and the business associates with whom such covered entities contract for services involving the use or disclosure of PHI to provide certain protections to their patients or participants and their health information. Through our various service offerings, the Company acts primarily as a covered entity under HIPAA but may also act as a business associate of other covered entities. The HIPAA privacy and security regulations extensively regulate the use and disclosure of PHI and require covered entities and their business associates, to develop and maintain policies and procedures and implement and maintain administrative, physical, and technical safeguards to protect the security of
12
such information. Additional security requirements apply to electronic PHI. These regulations also provide our participants with substantive rights with respect to their health information.
The HIPAA privacy and security regulations also require covered entities to enter into written agreements with their business associates. Covered entities may be subject to fines and penalties for, among other activities, failing to enter into a business associate agreement where required by law or as a result of a business associate violating HIPAA. Business associates are also directly subject to liability under certain HIPAA privacy and security regulations. In instances where we act as a business associate to a covered entity, there is the potential for additional liability beyond our status as a covered entity.
Covered entities must notify affected individuals of breaches of unsecured PHI without unreasonable delay but no later than 60 days after discovery of the breach. Reporting must also be made to the HHS Office for Civil Rights (“OCR”) and, for breaches of unsecured PHI involving more than 500 residents of a state or jurisdiction, to the media in accordance with HIPAA requirements. All impermissible uses or disclosures of unsecured PHI are presumed to be breaches unless an exception to the definition of breach applies or the covered entity or business associate establishes that there is a low probability the PHI has been compromised. Beginning in December 2022, OCR issued guidance on the use of tracking technologies on websites and mobile applications by covered entities and business associates, indicating that certain information collected by tracking technology vendors from websites and applications may cause a breach under HIPAA. Additionally, beginning in December 2022, OCR has issued guidance on the use of tracking technologies on websites and mobile applications by covered entities and business associates, indicating that certain information collected by tracking technology vendors from websites and applications may cause a breach under HIPAA. However, in June 2024, a federal court limited the scope of this guidance by ruling that collecting IP addresses from visits to unauthenticated public health-related webpages does not trigger HIPAA obligations, and HHS is assessing next steps.
Violations of HIPAA by covered entities and business associates, including, but not limited to, failing to implement appropriate administrative, physical and technical safeguards, have resulted in enforcement actions and in some cases triggered settlement payments or civil monetary penalties. Penalties for impermissible use or disclosure of PHI were increased by the HITECH Act by imposing tiered penalties of more than $50,000 (not adjusted for inflation) per violation and up to approximately $1.9 million (not adjusted for inflation) per year for identical violations. In addition, HIPAA provides for criminal penalties of up to $250,000 and ten years in prison, with the most severe penalties associated with obtaining and disclosing PHI with the intent to sell, transfer or use such information for commercial advantage, personal gain or malicious harm. In addition, HIPAA provides for criminal penalties of up to $250,000 and ten years in prison, with the severest penalties for obtaining and disclosing PHI with the intent to sell, transfer or use such information for commercial advantage, personal gain or malicious harm. Further, state attorneys general may bring civil actions seeking either injunction or damages in response to violations of the HIPAA privacy and security regulations that threaten the privacy of state residents. There can be no assurance that we will not be the subject of an investigation (arising out of a reportable breach incident, audit or otherwise) alleging non-compliance with HIPAA regulations in our maintenance of PHI.
We may also be subject to other laws governing the privacy and security of data, such as the California Consumer Privacy Act of 1918 (“CCPA”) and data breach notification laws. Additionally, many states have also enacted laws that protect the privacy and security of confidential, personal and health information, which may be even more stringent than HIPAA and may add additional compliance costs and legal risks to our operations. Additionally, many states also enacted laws that protect the privacy and security of confidential, personal and health information, which may be even more stringent than HIPAA and may add additional compliance costs and legal risks to our operations. Some state privacy and security laws overlap with federal law, some of which are preempted, in part by federal laws, whereas others are not. States have also passed privacy and security laws and regulations that apply across sectors and go beyond federal law, such as data security laws, secure destruction, Social Security number privacy, online privacy biometric information privacy, and data breach notification laws. Some of these state laws impose fines and penalties on violators and afford private rights of action to individuals who believe their personal information has been misused. Various state laws and regulations also require us to notify affected individuals in the event of a data breach involving personal information without regard to the probability of the information being compromised.
Looking ahead, it is possible that Congress could pursue a federal privacy bill to harmonize privacy regimes across states. While states have urged Congress not to weaken existing state privacy protections by adopting a less stringent national standard, many healthcare stakeholders have supported federal preemption of state data privacy legislation.
Various other federal and state laws restrict the use and protect the privacy and security of individually identifiable information, as well as employee personal information, including certain state laws modeled to some extent on the European Union’s General Data Protection Regulation. Various other federal and state laws restrict the use and protect the privacy and security of individually identifiable information, as well as employee personal information, including certain state laws modeled to some extent on the European Union’s General Data Protection Regulation. Federal and state consumer protection laws, including laws that do not on their face specifically address data privacy or security, have been applied to data privacy and security matters by a range of government agencies and courts.
In late 2024, the OCR proposed an update to the HIPAA Security Rule aimed at strengthening the health sector’s cybersecurity infrastructure in response to a significant increase in cyber attacks in recent years. The proposed updated would impose additional requirements on covered entities and business associates to enhance the protection of electronic PHI.
13
Healthcare Reform Efforts
The U.S. federal and state governments continue to enact and consider many broad-based legislative and regulatory proposals that have had a material impact on or could materially impact various aspects of the healthcare system and our business, operating results and/or cash flows. In addition, state and federal budgetary shortfalls and constraints pose potential risks for our revenue streams. We cannot predict how government payors or healthcare consumers might react to federal and state healthcare legislation and regulation, whether already enacted or enacted in the future, nor can we predict what form such legislation or regulations will take. Some examples of legislative and regulatory changes impacting our business include:
•In March 2010, broad healthcare reform legislation was enacted in the United States through the ACA. There have since been numerous political and legal efforts to repeal, replace or modify the ACA, some of which have been successful, in part, in modifying the law. Although some provisions of the ACA have been and may be modified, the reforms, particularly those relating to Medicare and Medicaid programs, could continue to have an impact on our business. These and other provisions of the ACA remain subject to ongoing uncertainty due to developing regulations as well as continuing political and legal challenges at both the federal and state levels.
•There have in recent years been congressional efforts to move Medicaid from an open-ended program with coverage and benefits set by the federal government to one in which states receive a fixed amount of federal funds, either through block grants or per capita caps, and have more flexibility to determine benefits, eligibility or provider payments. If these types of changes are implemented in the future, we cannot predict whether the amount of fixed federal funding to the states will be based on current payment amounts, or if it will be based on lower payment amounts, which would negatively impact those states that expanded their Medicaid programs in response to the ACA.
•Legislation enacted in 2011 requires CMS to sequester or reduce all Medicare payments, including payments to PACE organizations, by two percent per year beginning on April 1, 2013. This sequestration has been extended through fiscal year 2032 for Medicare benefit payments.
•Implementation of the Inflation Reduction Act of 2022 (“IRA”) introduced significant changes to Medicare prescription drug pricing, including requirements for Medicare drug price negotiations, inflationary rebates, and a reduction in the out-of-pocket spending cap for Medicare Part D beneficiaries from $7,050 to $2,000 beginning in 2025. While these provisions are intended to lower drug cost for beneficiaries, they may affect prescription drug costs and reimbursement for PACE organizations. Implementation of the IRA is subject to ongoing litigation challenging the constitutionality of the IRA’s Medicare drug price negotiation program, and the full effects on our business and the healthcare industry remain uncertain.
•Recent federal legislation has extended many of the Medicare telehealth flexibilities that were implemented during the COVID-19 pandemic through September 30, 2025. The OBBBA, signed into law on July 4, 2025, also includes a provision for permanent pre-deductible coverage of telehealth services under high-deductible health plans linked to health savings accounts, which could result in permanent Medicare telehealth flexibilities, potentially impacting PACE care delivery models.
•The “Medicare Program; Contract Year 2024 Policy and Technical Changes to the Medicare Advantage Program, Medicare Prescription Drug Benefit Program, Medicare Cost Plan Program, and Programs of All-Inclusive Care for the Elderly” final rule (“2024 PACE Final Rule”) set out a number of changes for PACE organizations, including (i) clarifying that CMS has enforcement discretion to impose civil monetary penalties or an intermediate sanction in the event CMS has made a determination that could lead to the termination of a PACE program; and (ii) reinstating the requirement that PACE organizations enter into written contracts with each outside organization, agency, or individual that furnishes administrative or care-related services not furnished directly by the PACE organization, including 25 medical specialties enumerated by the PACE Final Rule.
•The remaining provisions of the 2024 PACE Final Rule were issued alongside the new PACE final rule for 2025 (the “2025 PACE Final Rule”). The 2025 PACE Final Rule includes various changes that include but are not limited to: (i) implementation of past performance guidelines used to evaluate new PACE organization applications; (ii) personnel medical clearance guidelines; (iii) updates to service delivery timeframes by which participants must receive services; (iv) guidelines on IDT care coordination across all service settings with timeframes applied to external provider recommendations; (v) new content and documentation guidelines for participant plans of care; (vi) expansion of participant rights in care settings; and (vii) revisions to existing grievance process to align with standard determination request guidance.•The remaining provisions of the PACE final rule from 2024 were issued alongside the new PACE Final Rule for 2025. In this new final rule, CMS sets out changes which include but are not limited to: (i) implementation of past performance guidelines used to evaluate new PACE organization applications; (ii) personnel medical clearance guidelines; (iii) updates to service delivery timeframes by which participants must receive services; (iv) guidelines on IDT care coordination across all service settings with timeframes applied to external provider recommendations; (v) new content and documentation guidelines for participant plans of care; (vi) expansion of participant rights in care settings; and (vii) revisions to existing grievance process to align with standard determination request guidance.
14
•CMS released an updated PACE Medicaid Capitation Rate Settling Guide, effective January 1, 2025, which clarifies and expands requirements for state development and documentation of PACE Medicaid capitation rates. Under the new guidance, states must provide more detailed supporting data and methodologies when submitting proposed rates to CMS for approval.
•The OBBBA mandates significant reductions in federal Medicaid spending, with the Congressional Budget Office estimating a decrease of approximately $1 trillion over the next ten years. OBBBA also introduces new work requirements for Medicaid recipients aged 19 to 64, necessitating at least 80 hours per month of work, education, or volunteer activities, unless they qualify for certain exemptions. The OBBBA also narrows Medicaid eligibility for qualified immigrants. States will be required to conduct eligibility verifications of Medicaid enrollees in the expansion population every six months (unless otherwise exempt), increasing from the previous annual requirement. These changes may lead to decreased Medicaid enrollment among existing and prospective PACE participants, potentially reducing our funding and decreasing margins. OBBBA also introduces cost-sharing measures, requiring Medicaid beneficiaries with incomes between 100% and 138% of the federal poverty level to pay up to $35 per service for certain healthcare services. As a result, eligible participants could be deterred from enrolling in or continuing enrollment with PACE programs, possibly impacting our ability to retain or increase our participant base. In addition, the new requirements will necessitate adjustments in our administrative processes to ensure compliance with more frequent eligibility verifications and other reporting standards mandated by federal and state regulatory agencies
CMS and state Medicaid agencies also routinely adjust the RAF which is central to payment under PACE and Managed Medicaid programs in which we participate. The monetary “coefficient” values associated with diseases that we manage in our population are subject to change by CMS and state agencies. Such changes could have a material adverse effect on our financial condition. See Item 1A. Risk Factors, “Risks Related to Our Business — Our records and submissions to government payors may contain inaccurate or unsupportable information regarding risk adjustment scores of participants, which could cause us to overstate or understate our revenue and subject us to payment obligations or penalties.”
Other Regulations
Our operations are subject to various state hazardous waste and non-hazardous medical waste disposal laws. These laws do not classify as hazardous most of the waste produced from medical services. Occupational Safety and Health Administration regulations require employers to provide workers who are occupationally subject to blood or other potentially infectious materials with prescribed protections. These regulatory requirements apply to all healthcare facilities, including our participant centers, and require employers to make a determination as to which employees may be exposed to blood or other potentially infectious materials and to have in effect a written exposure control plan. In addition, employers are required to provide or employ hepatitis B vaccinations, personal protective equipment and other safety devices, infection control training, post-exposure evaluation and follow-up, waste disposal techniques and procedures and work practice controls. In addition, employers 14Table of Contentsare required to provide or employ hepatitis B vaccinations, personal protective equipment and other safety devices, infection control training, post-exposure evaluation and follow-up, waste disposal techniques and procedures and work practice controls. Employers are also required to comply with various record-keeping requirements.
In January 2025, we completed the acquisition of certain pharmacy assets from TRHC. Our pharmacy business subjects us to additional extensive federal, state, and local regulation governing various aspects of the business, including the distribution and dispensing of drugs; licensure of facilities and professionals; packaging, storing, distributing, shipping, and tracking of pharmaceuticals; repackaging of drug products; labeling consumer disclosures; interactions with prescribing professionals; supply chain security; as well as additional requirements of various governmental authorities, including state boards of pharmacy and the U.S. Consumer Product Safety Commission. Federal and state law also governs the purchase, handling, and dispensing of controlled substances by physicians and other clinicians.Federal and state law also governs the purchase, handling, and dispensing of controlled substances by physicians and other clinicians. If we are unable to maintain our registrations this could limit or affect our ability to purchase, handle, or dispense controlled substances and other violations of these laws could subject us to criminal or other sanctions. In addition, certain laws may apply to activities of our affiliated physicians and clinicians. For example, the Prescription Drug Marketing Act governs the provision of drug samples to physicians and other clinicians, and physicians and other clinicians are required to report relationships they have with the manufacturers of drugs, medical devices and biologics through the Open Payments Program database.
Clinical laboratories may be subject to oversight by CMS and state regulators, including the Eliminating Kickbacks in Recovery Act of 2018. If our laboratories or laboratories that we partner with are not in compliance with the applicable CMS or state laws or regulations, they could be subject to enforcement action, which could negatively affect our business.
15
We have in the past and continue to intend to grow our business through acquisitions in the states in which we currently operate or in new states that we seek to enter. Several states, including California, New Mexico and Colorado have adopted laws focused on competition, quality, access, and cost that either authorize state agencies to review and approve certain healthcare transactions or require notice prior to certain healthcare transactions, such as in California (requiring notice to the office of Health Care Affordability with certain transactions referred to their attorney general for further review) or New Mexico (requiring approval for certain transactions involving acquisitions and other changes in control of hospitals, including formation of a partnership or joint venture that results in an indirect change). Many other states, including Pennsylvania, where several bills have been proposed are currently voting on or considering similar legislation. These notices and approvals typically require a substantial amount of information, including supporting documentation. While certain of these proposed laws and restrictions primarily target physician and dental practice management, they reflect a broader trend of increased regulatory scrutiny of healthcare transactions, which could negatively affect our ability to grow our business.
Any allegations or findings that we or our providers have violated any of these laws or regulations could have a material adverse impact on our reputation, business, results of operations and financial condition. Certain states in which we do business or may desire to do business in the future have certificate of need programs regulating the establishment or expansion of healthcare facilities, including our participant centers. These regulations can be complex and time-consuming to ensure compliance with. Any failure to comply with such regulatory requirements could adversely impact our business, results of operations and financial condition.
Competition
The U.S. healthcare industry is highly competitive. We compete directly with national, regional and local providers of healthcare for participants and clinical providers. We also compete with payors and other alternate managed care programs for participants. Of these providers, there are many other companies and individuals currently providing healthcare services, many of which have been in business longer and/or have substantially more resources. Given the regulatory environment, there may be high barriers to entry for PACE providers; however, since there are relatively modest capital expenditures required for providing healthcare services, there are less substantial financial barriers to entry in the healthcare industry generally. Other companies could enter the healthcare industry in the future and divert some or all of our business. Our principal competitors for dual-eligible seniors vary considerably in type and identity by market. Our growth strategy and our business could be adversely affected if we are not able to compete efficiently, including penetrating existing markets or new markets, recruit qualified physicians or if we experience significant participant attrition to our competitors. See Item 1A. Risk Factors—“Risks Related to Our Business—The healthcare industry is highly competitive and, if we are not able to compete effectively, our business could be harmed. The healthcare industry is highly competitive and, if we are not able to compete effectively, our business could be harmed. ”
We believe the principal competitive factors for serving adults dually-eligible for Medicare and Medicaid and who meet nursing home eligibility criteria include: participant experience, quality of care, health outcomes, total cost of care, brand identity and trust in that brand.
Seasonality
Our business experiences some variability depending upon the time of year. Medical costs will vary seasonally depending on a number of factors, but most significantly the weather. Certain illnesses, such as the influenza virus and COVID-19, are far more prevalent during colder months of the year, which results in an increase in medical expenses during these time periods. We therefore see higher levels of per-participant medical costs in our second and third fiscal quarters. Medical costs also depend upon the number of business days in a period, with shorter periods generally having lower medical costs, all else being equal. There is also increased variability of participant enrollment during the open enrollment period, which occurs during our third fiscal quarter.
In addition, the retrospective capitation payments we receive for each participant are determined by a participant’s RAF score, which is calculated twice per year and is based on the evolving acuity and chronic conditions of a participant. We estimate and accrue for the expected true-up payments of our participants. Though no assurances can be made in the future, we have historically used our best estimate for accruing for this payment. We received net positive true-up payments during the fiscal years ended June 30, 2025 and 2024. Historically, these true-up payments typically occur between May and August, but the timing of these payments is determined by CMS, and we have neither visibility nor control over the timing of such payments.
16
Human Capital Resources
As of June 30, 2025, we had approximately 2,440 employees, including over 1,600 clinical professionals (excluding contract labor).
Our people are our product at InnovAge, and their commitment to our participants propels our mission of enabling seniors to age at home, with dignity, for as long as is safely possible. We believe that our employees are drawn to this mission and our values, which is why our voluntary retention rate was 69% in fiscal year 2025. Additionally, in our most recent employee engagement survey conducted in January 2025, 82% of our employees indicated that they are proud to work at InnovAge.
Attracting and retaining top talent is critical to the success of InnovAge's mission and one of the highest priorities to leadership. To keep leadership informed of the health of our employee base, we report weekly on key hiring and retention metrics. Since the launch of our annual employee engagement surveys in fiscal year 2022, we continue to review and implement action plans with staff groups based on the findings and opportunities discovered.
We continue to evaluate talent needs at the senior management level, aiming to hire ahead of the curve as the business evolves and to assess and respond to any gaps in our capabilities.
Less than 1% of our workforce is represented by a union, all of which are located in Pennsylvania.
At InnovAge, we strive to be a reflection of the communities that we serve. We are steadfastly dedicated to fostering an atmosphere that champions inclusivity throughout all sectors of InnovAge. We are steadfastly dedicated to fostering an atmosphere that champions diversity, equity, and inclusion throughout all sectors of InnovAge. Our commitment remains in building a culture where individual distinctions are not just acknowledged but deeply valued. As of June 30, 2025, our employed workforce comprised of 76% individuals who identified as women and 58% who identified as minorities.
Training and Development
We aim to provide our employees opportunities to grow and advance in their careers at InnovAge with learning and development programs. Each year we conduct soft skills training for managers and supervisors, the content of which is informed by gap assessment surveys. A quarterly training series for front-line leaders enables them to develop their management skills. Our clinical leaders also conduct separate physician leadership trainings quarterly, with a new topic for each installment (e.g., email / phone etiquette).
We also conduct a periodic training needs assessment surveys to hear directly from employees and managers where they think they could use more support and learning content in the coming year. These assessment surveys allow the Company to develop trainings tailored to the most prevalent needs identified by our employees.
Implications of being an emerging growth company and a smaller reporting company
We qualify as an “emerging growth company” as defined in the Jumpstart Our Business Startups Act of 2012 (the “JOBS Act”). We will remain an emerging growth company until the earlier of (1) June 30, 2026, (2) the last day of the fiscal year in which we have total annual gross revenue of at least $1.235 billion, (3) the date on which we are deemed to be a large accelerated filer or (4) the date on which we have issued more than $1.0 billion in non-convertible debt securities during the prior three-year period. We will remain an emerging growth company until the earlier of (1) June 30, 2026, (2) the last day of the 16Table of Contentsfiscal year in which we have total annual gross revenue of at least $1.235 billion, (3) the date on which we are deemed to be a large accelerated filer or (4) the date on which we have issued more than $1.0 billion in non-convertible debt securities during the prior three-year period. Additionally, we qualify as a “smaller reporting company,” and even after we no longer qualify as an “emerging growth company,” we may still qualify as a “smaller reporting company” based on the aggregate worldwide market value of common equity securities held by non-affiliates assessed on an annual basis and measured as of the last business day of our most recently completed second fiscal quarter.
As an emerging growth company and a smaller reporting company, we may take advantage of reduced reporting requirements that are otherwise applicable to public companies. These provisions include, but are not limited to:
•not being required to comply with the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act of 2002, as amended (the “Sarbanes-Oxley Act”);
•a requirement to present only two years of audited financial statements, plus unaudited condensed consolidated financial statements for any interim period and related discussion in the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations”;
•reduced disclosure obligations regarding executive compensation in our periodic reports, proxy statements and registration statements; and
17
•exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved.
In addition, under the JOBS Act, emerging growth companies can delay adopting new or revised accounting standards until such time as those standards apply to private companies. We intend to take advantage of the longer phase-in periods for the adoption of new or revised financial accounting standards under the JOBS Act until we are no longer an emerging growth company. Our election to use the phase-in periods permitted by this election may make it difficult to compare our financial statements to those of non-emerging growth companies and other emerging growth companies that have opted out of the longer phase-in periods permitted under the JOBS Act and who will comply with new or revised financial accounting standards. If we were to subsequently elect instead to comply with public company effective dates, such election would be irrevocable pursuant to the JOBS Act.
As a result, the information that we provide to our stockholders may be different than you might receive from other public reporting companies in which you hold equity interests.
Available Information
Our internet website is www.innovage.com. We include our website address on this Annual Report for reference only. The information contained on our website is not incorporated by reference into this Annual Report or any other report or document we file with, or furnish to, the SEC.
Our Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K and any amendments to those reports are available free of charge through our website at www.investor.innovage.com as soon as reasonably practicable after such material is electronically filed with, or furnished to, the SEC. Our SEC filings are also available to the public at the SEC’s website at www.sec.gov.
18
Item 1A. Risk Factors
Our business, results of operations, and financial condition are subject to numerous risks and uncertainties. You should carefully consider the following risk factors before making a decision to invest in our common stock. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties that we are unaware of, or that we currently believe are not material, may also become important factors that affect us. If any of the following risks occur, our business, financial condition, operating results and prospects could be materially and adversely affected. You should read these risk factors in conjunction with “Management’s Discussion and Analysis of Financial Condition and Results of Operations” in Item 7 and our consolidated financial statements and related notes in Item 8 of this Annual Report.
Summary of Risk Factors
There are a number of risks related to our business, regulation, our indebtedness and our common stock that you should consider. Some of the principal risks related to our business include the following:
•Our growth strategy may not prove viable. Our ability to grow depends upon a number of factors, including recruiting and retaining participants, finding suitable geographies for new centers, the outcome of our organizational and enterprise efficiency initiatives, entering into government payor arrangements in new jurisdictions, results of audits, investigations and ongoing or new remediation efforts, ensuring compliance with regulatory and contractual requirements, identifying appropriate locations for new and existing centers, and hiring members of our IDTs and other employees. Our ability to grow depends upon a number of factors, including results of audits, investigations and remediation efforts, recruiting new participants, finding suitable geographies , entering into government payor arrangements in new jurisdictions, ensuring compliance with regulatory and contractual requirements, identifying appropriate locations or existing centers, purchasing centers or obtaining leases, completing build-outs of new centers within proposed timelines and budgets and hiring members of our IDTs and other employees.
•Our growth strategy depends upon our ability to identify and complete acquisitions, joint ventures and other strategic partnerships. Our growth strategy involves identifying, pursuing and successfully completing acquisitions, joint ventures and strategic partnerships, which involve numerous risks, including failure to consummate negotiated transactions, difficulties in successfully integrating the operations and personnel, navigating the necessary regulatory approval requirements and difficulties in entering new markets.
•If we are unable to attract new participants and retain existing participants, our revenue growth will be adversely affected. To increase our revenue, we plan to expand the number of centers and participants in our network, requiring recruitment and retention. Our inability to recruit new eligible participants and retain existing participants has adversely affected, and could in the future, adversely affect our growth strategy.
•Our overall business results have been and we expect will continue to be impacted by ongoing macroeconomic and industry-related challenges. Macroeconomic and industry challenges, including labor shortages, labor competition, high inflation, tariffs and trade disputes, have impacted and we expect will continue to impact our business operations.
•We have faced, and continue to face inspections, reviews, audits and investigations under federal and state government programs and contracts. As a result of PACE contracts with various federal and state government programs, we are regularly subject to, and will continue to be subject to, various routine and non-routine governmental inspections, reviews, audits, requests for information and investigations to verify our compliance with applicable laws, assess the quality of our services and evaluate the accuracy of our submitted risk adjustment data. As a result of PACE contracts with various federal and state government programs, we are regularly subject to various routine and non-routine governmental inspections, reviews, audits, requests for information and investigations to verify our compliance with applicable laws, assess the quality of our services and evaluate the accuracy of our submitted risk adjustment data. We are unable to guarantee the outcomes of such audits.
•We are subject to legal proceedings, enforcement actions and litigation, malpractice and privacy disputes, which are costly and could materially harm our business. We are party to lawsuits and legal proceedings from various parties. These matters are often expensive and disruptive to our business operations. Among others, we are currently subject to civil investigative demands and stockholder lawsuits. These matters could result in significant cash settlements, and the time necessary to litigate could harm our business, financial condition, and results of operations.
•Under PACE contracts, we assume all of the risk that the cost of providing services will exceed our compensation. Most of our revenue was derived from capitation agreements with government payors in which we receive fixed PMPM fees. To the extent that our participants require more care than anticipated and/or the cost of care increases, aggregate fixed capitation payments may be insufficient to cover the costs and could have a material adverse effect on our business. To the extent that our participants require more care than anticipated and/or the cost of care increases, aggregate fixed capitation payments may be insufficient to cover the costs.
19
•We have experienced and expect to continue experiencing increased costs and expenditures in the future. In fiscal year 2025, we continued several initiatives intended to lower our costs and expect to continue making investments in growing our business, including through the implementation of Company-wide transformation initiatives. In fiscal year 2024, we continued several initiatives intended to lower certain of our costs, including limiting corporate staffing and certain other expenses, effecting a reduction in workforce, and optimizing working capital. If we are not able to execute or realize the benefits of our transformation initiatives, our profitability could decline. If we are not able to execute or realize the benefits of our clinical value initiatives, including as a result of our EMR system, Epic, not operating as expected, our profitability could continue to decline.
•Our revenues and operations are dependent upon a limited number of government payors, particularly Medicare and Medicaid. When aggregating the revenue associated with Medicare and Medicaid by state, a majority of our revenue was derived from a limited number of government payors. We expect a majority of our revenues will continue to be derived from a limited number of key payors, who are able to terminate their contracts with us upon the occurrence of certain events, adversely affecting our operating results and limiting our expansion.
•Reductions in PACE reimbursement rates or changes in the rules governing PACE programs could have a material adverse effect on our financial condition and results of operations. We receive nearly all of our revenue through the PACE program, which accounted for 99.8% of our revenue for each of the years ended June 30, 2025 and 2024. As a result, our operations are dependent on government funding levels for PACE programs. We receive nearly all of our revenue through the PACE program, which accounted for 99.9% and 99.8% of our revenue for the years ended June 30, 2024 and 2023, respectively. We receive nearly all of our revenue through the PACE program, which accounted for 99.9% and 99.8% of our revenue for the years ended June 30, 2024 and 2023, respectively. Any changes that limit or reduce general PACE rates could have a material adverse effect on our business.
•Our records and submissions to government payors may contain inaccurate or unsupportable information regarding risk adjustment scores of participants, which could subject us to repayment obligations or penalties. CMS may audit PACE organizations’ risk adjustment data submissions. Erroneous data submissions could result in inaccurate revenue and risk adjustment payments. Correction or retroactive adjustments in later periods could require us to refund a portion of the revenue that we received, which could have a material adverse effect on our business, results of operations, financial condition and cash flows.
•Allegations of failure and failure to adhere to all of the complex government laws and regulations applicable to our business, have had, and could in the future have, a material adverse effect on our business, results of operations, financial condition, cash flows, reputation and stock price. Our operations are subject to extensive federal, state and local government laws and regulations. Allegations of violation, or actual violations of the legal requirements implicated by our business may have material adverse consequences on our business.
•Ignite Aggregator LP (an investment vehicle owned by certain funds advised by Apax Partners LLP) and funds affiliated with Welsh, Carson, Anderson & Stowe (together, our “Principal Shareholders”) control us. Our Principal Shareholders beneficially own approximately 83% of our common stock, which means that together they control the vote of all matters submitted to a vote of our shareholders, including the election of members of the Board of Directors of the Company (the “Board”) and all other corporate decisions. Our Principal Shareholders beneficially own approximately 83% of our common stock, which means that together they control the vote of all matters submitted to a vote of our stockholders, including the election of members of the Board of Directors of the Company (the “Board”) and all other corporate decisions. For such period of time as our Principal Shareholders beneficially own a majority of the voting power, they will have significant influence.
•Our operating results fluctuate, which makes our future operating results difficult to predict and could cause such results to fall below any guidance, targets or goals we provide. If the guidance we provide falls short or we are unable to meet the expectations of analysts or investors, the trading price of our common stock could decline substantially.
Risks Related to Our Business
Our growth strategy may not prove viable and we may fail to realize expected results therefrom fully or at all.
Our ability to grow depends upon a number of factors, including recruiting and retaining participants at new and existing centers, finding suitable geographies that have aging populations and viable rate structures, the outcome of our organizational and enterprise efficiency initiatives, entering into government payor arrangements in new jurisdictions, results of audits, investigations and ongoing or new remediation efforts, ensuring compliance with regulatory and contractual requirements, identifying appropriate locations for new and existing centers, completing build-outs of new centers within proposed timelines and budgets and hiring members of our IDTs and other employees.Our ability to grow depends upon a number of factors, including results of audits, investigations and ongoing or new remediation efforts, recruiting new participants, finding suitable geographies that have aging populations and viable rate structures, entering into government payor arrangements in new jurisdictions, ensuring compliance with regulatory and contractual requirements, identifying appropriate locations or existing centers, purchasing centers or obtaining leases, completing build-outs of new centers within proposed timelines and budgets and hiring members of our IDTs and other employees.
Our growth strategy involves a number of risks and uncertainties, including that:
20
•we may not be able to successfully enter into contracts with government payors and/or other healthcare providers on terms favorable to us or at all. In addition, we compete for government payor relationships with other potential players, some of whom may have greater resources than we do. This competition has intensified due to the availability to seniors of other programs similar to PACE and the ongoing consolidation in the healthcare industry, which may increase our costs to pursue such opportunities;
•implementation of our organizational and enterprise efficiency initiatives may be more expensive than anticipated and we may fail to realize the anticipated benefits thereof within the expected timeline, or at all;
•we may not be able to recruit or retain a sufficient number of new or existing participants to execute our growth strategy or offset costs relating to marketing, opening de novo centers or executing acquisitions;
•we may not be able to hire sufficient numbers of physicians and other clinical staff, particularly in the current labor market characterized by heightened demand for healthcare personnel due to an aging population, and upward pressure on wages coupled with labor shortages for qualified healthcare professionals;
•when expanding our business into new states, we may be required to comply with laws and regulations that may differ from states in which we currently operate;
•we have faced, and may continue to face, larger than expected costs and legal, community or other obstacles in the construction and opening of de novo centers, such as the suspension or revocation of state-required attestations;
•we may have difficulty identifying appropriate acquisition targets, be precluded from acquiring targets as a result of audits or sanctions or due to other legal restrictions (e.g. federal or state antitrust laws), may fail to satisfy closing conditions or make investments in acquisitions that we are unable to effectively integrate, involve associated risks or liabilities that we are unable to uncover in advance, or that require greater resources than anticipated and that could include deficient quality of service; and
•we may be subject to sanctions as a result of audits and other regulatory processes and proceedings that could include temporary or permanent suspension of enrollments, debarment or exclusion from participation in federal healthcare programs, and the revocation of a center’s license and suspension or revocation of required attestations to open de novo centers, which may in turn result in participant attrition and preclude us from opening de novo centers and conducting tuck-in acquisitions. As previously disclosed, the California Department of Health Care Services (“DHCS”), suspended the state-required attestations for a planned de novo center in Downey and for the de novo center we acquired in Bakersfield, California in 2023. There is no guarantee that such attestations will be reinstated or that similar situations will not occur in the future. There is no guarantee that such attestations will be reinstated or that similar situations will not occur in the future;•we may not be able to successfully enter into contracts with government payors and/or other healthcare providers on terms favorable to us or at all.
One element of our growth strategy is to build de novo centers. When we open de novo centers, particularly in a new geography, such as our de novo centers in the State of Florida, there is no guarantee about the timing or our ability to enroll enough participants, hire and train enough skilled and non-skilled staff, develop necessary community relationships, and otherwise ramp up these centers to maturity. As we are in the early stages of operation of these two de novo centers in a new geography, there is no guarantee about the timing or our ability to enroll enough participants, hire and train enough skilled and non-skilled staff, develop necessary community relationships, and otherwise ramp up these centers to maturity. If we are unable to increase utilization of capacity at our centers through enrollment, ramp up de novo centers, build new de novo centers, manage our external provider costs, expand into new geographies, or find, evaluate and execute on new business opportunities, we may be unable to grow and our business and results of operations will be materially adversely affected.
In addition, as we grow our business and open or acquire new centers, we expect to continue to increase our headcount and to hire or contract with more physicians, nurses and other specialized medical personnel. In addition, as we grow our business and open or acquire new centers, we expect to continue to increase our headcount and to hire or contract with more physicians, nurses and other specialized medical personnel. We will need to continue to hire, train and manage additional qualified information technology, operations and marketing staff, and improve and maintain our technology and information systems to properly manage our growth. If our new hires perform poorly, if we are unsuccessful in hiring, training, managing and integrating these new employees, if we are not successful in retaining our existing employees or if we are unable to provide the care and services that our participants require in compliance with regulatory requirements, our business will be adversely affected.
Additional risks include, but are not limited to, our ability to effectively manage growth, process, store, protect and use personal data in compliance with governmental regulations and contractual obligations and manage our obligations as a provider of healthcare services under Medicare, Medicaid and PACE. Additional risks include, but are not limited to, our ability to effectively manage growth, process, store, protect and use personal data in compliance with governmental regulations and contractual obligations and manage our obligations as a provider of healthcare services under Medicare, Medicaid and PACE.
There can be no assurance that we will be able to successfully capitalize on growth opportunities, which will negatively impact our business, revenues, results of operations and financial condition. There can be no assurance that we will be able to successfully capitalize on growth opportunities, which will negatively impact our business, revenues, results of operations and financial condition.
21
Our growth strategy is partially dependent upon our ability to identify and successfully complete acquisitions, joint ventures and other strategic partnerships.
An element of our growth strategy is to identify, pursue and successfully complete and integrate tuck-in acquisitions, joint ventures and other strategic partnerships to expand our operations and support our growth. For example, in December 2023, we acquired all of the issued and outstanding membership interests of two California-based PACE programs, ConcertoCare PACE of Bakersfield, LLC and ConcertoHealth PACE of Los Angeles, LLC (collectively, “Concerto”); in May 2024, we entered into a joint venture with Orlando Health with respect to the InnovAge Florida PACE - Orlando (“InnovAge Orlando”) center in Florida; and in August 2025, we entered into a joint venture with Tampa General Hospital with respect to InnovAge Florida PACE - Tampa center in Florida. We intend to continue pursuing relationships with key stakeholders, existing organizations and other care providers in order to form partnerships in target geographies.
However, acquisitions, joint ventures and other strategic partnerships, involve numerous risks, including failure to consummate negotiated transactions, difficulties in successfully integrating the operations and personnel, navigating the necessary regulatory approval requirements, including securing regulatory safe harbors necessary for healthcare related join ventures under the Anti-Kickback Statute, distraction of management while overseeing the transactions, and disruption of, our existing operations, difficulties in entering new markets in which we have no or limited direct prior experience, difficulties in managing novel challenges in markets we have no or limited direct prior experience, and difficulties in achieving the synergies we anticipated.
In addition, we incur costs associated with potential acquisitions that we pursue or fail to close, including as a result of litigation related to a failed transaction. We also may need to expend resources to ensure target and acquired centers are operating in compliance with regulatory and contractual requirements, as well as any corrective action plans. Any failure to select suitable opportunities at fair prices, conduct appropriate due diligence, acquire, and successfully integrate the acquired center, including particularly when acquired centers operate in new geographic markets, could materially and adversely impact our growth strategies, financial condition and results of operations. Any failure to select suitable opportunities at fair prices, conduct appropriate due diligence, acquire and successfully integrate the acquired center, including particularly when acquired centers operate in new geographic markets, could materially and adversely impact our growth strategies, financial condition and results of operations.
Further, laws governing the review and approval of healthcare transactions could limit our ability to successfully complete acquisitions. Several states, including California, New Mexico, and Colorado have adopted laws focused on competition, quality, access, and cost that either authorize state agencies to review and approve certain healthcare transactions, or require notice prior to certain healthcare transactions, such as in California (requiring notice to the office of Health Care Affordability with certain transactions referred to their attorney general for further review) or New Mexico (requiring approval for certain transactions involving acquisitions and other changes in control of hospitals, including formation of a partnership or joint venture that results in an indirect change). Many other states, including Pennsylvania where several bills have been proposed, are currently voting on or considering similar legislation. These notices and approvals typically require a substantial amount of information, including supporting documentation. While certain of these proposed bills and restrictions are targeted at physician and dental practice management, they reflect a broader trend of increased regulatory scrutiny of healthcare transactions, which could negatively affect our ability to grow our business. These transactions may also cause us to significantly increase our interest expense, leverage and debt service requirements if we incur additional debt to pay for an acquisition or investment, issue common stock that would dilute our current shareholders’ percentage ownership or incur asset write-offs and restructuring costs and other related expenses that could have a material adverse impact on our operating results.These transactions may also cause us to significantly increase our interest expense, leverage and debt service requirements if we incur additional debt to pay for an acquisition or investment, issue common stock that would dilute our current stockholders’ percentage ownership or incur asset write-offs and restructuring costs and other related expenses that could have a material adverse impact on our operating results. Acquisitions, joint ventures and strategic investments also involve numerous other risks, including potential exposure to assumed liabilities, as well as undetected internal control, regulatory or other issues, or unanticipated additional costs. Acquisitions, joint ventures and strategic investments also involve numerous other risks, including potential exposure to assumed litigation, as well as undetected internal control, regulatory or other issues, or additional costs not anticipated at the time the transaction was completed.
If we are unable to attract new participants and retain existing participants, our revenue growth will be adversely affected.
To increase our revenue, our business strategy includes expanding the number of centers and participants in our network. In order to support such growth, we must recruit and retain a sufficient number of new participants.
We are focused on frail, dual-eligible senior population and face competition from other healthcare providers and payors in the recruitment of potential participants. Therefore, we must demonstrate that our services provide a viable solution for potential participants. If we are unable to convince the frail, dual-eligible senior population of the benefits of the InnovAge Platform or if potential or existing participants prefer the healthcare provider model of one of our competitors, we may not be able to effectively implement our growth strategy, which depends on our ability to attract new participants.
Additionally, participant enrollment for PACE is ongoing each month and requires states to verify eligibility, a process which can result in delays in enrollment. In addition participant enrollment for PACE is ongoing each month and requires states to verify eligibility, a process which can result in delays in enrollment. We have experienced, and continue to experience, an increase in gaps of
22
eligibility for both new enrollments and Medicaid redetermination applications due to processing delays and other enrollment and redetermination procedures that vary by State and county. While participants continue to receive care and remain enrolled with us during the redetermination process, the effect of such delays temporarily halts Medicaid revenue related to any closed application and simultaneously increases our risk of revenue recovery. While participants continue to receive care and remain enrolled with us during this time, the effect of such delays temporarily halts Medicaid revenue related to any closed application and simultaneously increases our risk of revenue recovery. The OBBBA, signed into law on July 4, 2025, generally requires redetermination to occur at least every 6 months instead of annually. As a result, enrollment delays may increase, due to insufficient staffing to handle the higher volume of work, and, if the additional redetermination requirement applies to our participants, the risk of revenue recovery may increase for those of our participants subject to such additional redetermination. In the State of California, processing delays resulted in lower estimated per member, per month (“PMPM”) amounts during fiscal year 2025, which triggered a negative adjustment for prior PMPM estimates and also reduced the reimbursements we received from the State. Even though our results of operations have not suffered a material adverse effect from these delays, there is no guarantee that further delays may not adversely impact our results.
A shortage of clinicians combined with an aging population creates increased demand on the limited number of existing residential facilities. As a result, the access of our participants to such facilities is uncertain, as such facilities may prioritize private payors or may be unable to accept participants at pre-determined rates. If we are unable to access residential facilities, we could be unable to retain existing participants who require such facilities.
Our overall business results have been, and we expect will continue to be, impacted by ongoing macroeconomic and industry-related challenges, including labor shortages, labor competition, inflation, tariffs and trade disputes.Our overall business results have been and we expect will continue to be impacted by ongoing macroeconomic and industry-related challenges, including labor shortages, labor competition and inflation.
Macroeconomic and industry challenges, including uncertainty surrounding trade tensions and supply chain disruptions, labor shortages, labor competition and high inflation, have impacted and we expect will continue to impact our business operations and our overall business results. The healthcare sector continues to experience workforce shortages, particularly in geriatrics, primary care and direct care roles, as well as a complex set of challenges in hiring additional professionals due to higher demand for healthcare services and systemic challenges related to workforce training and the pipeline of qualified professionals. We compete with other healthcare providers, primarily hospitals and other centers, and home health care providers in attracting physicians, nurses and medical staff to support our centers, and recruiting and retaining qualified management and support personnel responsible for the daily operations of each of our centers. We compete with other healthcare providers, primarily hospitals and other centers, in attracting physicians, nurses and medical staff to support our centers, and recruiting and retaining qualified management and support personnel responsible for the daily operations of each of our centers.
Furthermore, high inflation has increased the cost of living, and consequently, wage pressure for healthcare professionals, which has contributed to an increasingly competitive labor market. Furthermore, high inflation has increased the cost of living, and consequently, wage pressure for healthcare professionals, which has contributed to an increasingly competitive labor market. Increased wage pressure for healthcare professionals is also impacted by certain laws and regulations, such as the adoption of California Senate Bill No. 525 (“SB 525”), which raised minimum wage for many California healthcare workers and impacted many of our contractors and other third-party providers. As a result of competition generated by SB 525 and other California market conditions, we received rate increases from third party vendors, including those providing home health services and care partner services, increasing our cost of care in California. We also increased our wages for impacted healthcare workers and other comparable market positions in the California market. Because the vast majority of our revenue consists of prospective monthly capitated, or fixed, payments per participant, our ability to pass along increased costs is limited. Because the vast majority of our revenue consists of prospective monthly capitated, or fixed, payments per participant, our ability to pass along increased costs is limited. In particular, if labor costs rise at an annual rate greater than our net annual consumer price index basket update from Medicare, our results of operations and cash flows will likely be adversely affected.
If labor market conditions disrupt our ability to recruit healthcare professionals, we may not be able to execute our growth plan and grow capacity in our existing centers or open de novo centers or we may have to do so at costs higher than originally budgeted, which, in turn, could increase our capital needs during a time of high interest rates and when conditions in the credit and capital markets are volatile.In addition, if labor market conditions continue to disrupt our ability to recruit healthcare professionals , we may not be able to execute our growth plan and grow capacity in our existing centers or open de novo centers or we may have to do so at costs higher than originally budgeted, which, in turn, could increase our capital needs during a time of high interest rates and when conditions in the credit and capital markets are volatile. Cost of care and related cost per participant increased for fiscal year 2025 compared to 2024, partially as a result of higher wage rates. In addition, labor relations matters could have a material adverse effect on our business. Certain nurses in our Pennsylvania centers (less than 1% of our total workforce) are represented by unions. If additional employees seek to unionize in the future, employees may threaten and/or engage in work stoppages and strikes and our labor costs may materially increase.
We rely on both domestic and international suppliers for medical equipment and supplies, including pharmaceuticals used in our business. U.S. tariff announcements, retaliatory measures by other countries, and significant uncertainty surrounding trade tensions may result in higher prices for medical and other supplies and lead to supply chain disruptions and additional costs. Factors arising from supply chain challenges such as raw material shortages, longer lead times, and increased transportation expenses may affect our ability to grow our business effectively and may pose risks to our ability to acquire essential medical supplies in a timely and efficient manner. The degree to which tariffs affect the global supply
23
chain and our business will depend on their timing, duration and magnitude, which may be changed at any time and with little or no prior notice.
Additionally, the healthcare industry is subject to shifting political priorities and initiatives. As our stakeholders have evolving, varied, and sometimes conflicting expectations regarding political positions, we may experience adverse reactions from some of our stakeholders for positions we take on, and advocacy for, Medicare and Medicaid in the future.
During periods of high unemployment, governmental entities often experience budget deficits as a result of increased costs and lower than expected tax collections. These budget deficits at federal, state and local government entities have decreased, and may continue to decrease, spending for health and human service programs, including Medicare, Medicaid, PACE and similar programs, which represent nearly all of the payor sources for our centers and which may have a material effect on our results of operations and financial condition. To date, we believe that macroeconomic and industry conditions, including labor shortages and inflation, have not had a material effect on our operating results. However, there can be no assurance that continued challenges will not have an adverse impact on our operating results and financial condition.
We have faced and continue to face inspections, reviews, audits and investigations under federal and state government programs and contracts. These audits have required and may in the future require corrective actions and have resulted in adverse findings that have negatively affected and continue to affect our business, including our results of operations, liquidity, financial condition and reputation. These audits require corrective actions and have resulted in adverse findings that have negatively affected and continue to affect our business, including our results of operations, liquidity, financial condition and reputation.
As a result of our PACE contracts with CMS and state government agencies, state licenses, and participation in Medicaid, we are regularly subject to, and will continue to be subject to, various routine and non-routine governmental inspections, reviews, audits, requests for information and investigations to verify our compliance with requirements of these programs and applicable laws and regulations, assess the quality of the services we are providing to our participants, and evaluate the accuracy of the risk adjustment data we have submitted to the government.
Starting in 2021, we underwent federal and state audits in our centers in California, Colorado and New Mexico. Based on deficiencies detected in the audits, CMS and regulatory authorities in the states of California and Colorado suspended new enrollments at our Sacramento center and our centers in Colorado. We were released from the enrollment sanctions in 2023. As previously disclosed, in October 2023, CMS and the DHCS conducted a joint routine audit of our Sacramento center and DHCS is currently conducting a medical review of our San Bernardino center, which commenced in March 2024. In response to both of these matters, DHCS suspended its state-required attestations for our planned de novo centers in California. There is no guarantee that such attestations will be reinstated or that similar situations will not occur in the future. There is no guarantee that such attestations will be reinstated or that similar situations will not occur in the future;•we may not be able to successfully enter into contracts with government payors and/or other healthcare providers on terms favorable to us or at all. Audits have and will continue to increase our regulatory compliance costs and have required and may require further change to our business practices, which could negatively impact our participant and revenue growth. Managing audits, even if we achieve favorable outcomes, is costly, time-consuming and diverts management’s attention from our business.
Our centers will continue to be subject to federal and state audits, and there is no guarantee that future audits will not find deficiencies similar to, or different from, the ones found in connection with prior audits. Even though we believe we are applying best practices learned from our recent audits to all our centers, there is no guarantee that future audits will not find deficiencies similar to, or different from, the ones found in connection with the recent audits.
In general, inspections, reviews, audits, requests for information or investigations with adverse findings, and in particular the audits described above, have resulted in and may further result in:
•temporary or permanent enrollment sanctions in the affected center(s), as was the case with our Sacramento, California center and our centers in the State of Colorado in 2021;
•refunding amounts we have been paid by the government;
•state or federal agencies imposing corrective action plans, fines, penalties, training, policies and procedures, monitoring, and other requirements;
•temporary suspension of payments;
•debarment or exclusion from participation in federal healthcare programs;
•self-disclosure of violations to applicable regulatory authorities;
•damage to our reputation;
24
•the revocation of a center’s license or suspension of state attestations to open de novo centers, such as the case with our Downey and Bakersfield, California centers; and
•loss of certain rights under, or termination of, our contracts with government payors.
Any of the results noted above have had and could have material adverse effects on our business and operating results.Any of the results noted above could have further material adverse effects on our business and operating results. Furthermore, the legal, document production and other costs associated with complying with these inspections, reviews, audits, requests for information or investigations are significant. If we are unable to effectively remediate the deficiencies raised by any audits, implement corrective action plans, or otherwise satisfy the regulators’ concerns, we could be subject to new sanctions, and our business, financial results and operations could be adversely impacted.
We are subject to legal proceedings, enforcement actions and litigation, malpractice and privacy disputes, which are costly to defend and could materially harm our business and results of operations.
We are party to lawsuits and legal proceedings from participants, employees, or other third parties for various actions.We are party to lawsuits and legal proceedings in the normal course of business from participants, employees, or other third parties for various actions. These matters are often expensive and disruptive to our business operations. We face and may in the future face allegations, lawsuits, including class actions, and regulatory inquiries, requests for information, audits and investigations regarding care and services provided to participants, the FCA, data privacy, security, labor and employment, securities laws, consumer protection or intellectual property. We also have faced and may in the future face allegations or litigation related to our potential and completed acquisitions, securities issuances or business practices, including contract claims and public disclosures about our business. We are currently party to a stockholder lawsuit asserting derivative claims for breach of fiduciary duty generally relating to alleged failures by the defendants to take remedial actions to address the matters that resulted in sanctions by CMS at certain of our centers and alleged misstatements in our public filings relating to those matters. Additionally, we are currently a party to an arbitration proceeding initiated by our former pharmacy services vendor asserting claims for breach of contract and breach of confidentiality, non-renewal and termination of its services agreements. We are currently unable to predict the outcome of these matters. See Part I, Item 3 “Legal Proceedings” for more information.
Litigation and regulatory proceedings are protracted and expensive, and the results are difficult to predict. Litigation and regulatory proceedings are protracted and expensive, and the results are difficult to predict. Certain of these matters include claims for substantial or indeterminate amounts of damages and may include claims for injunctive relief. Additionally, our litigation costs are and will continue to be significant. Adverse outcomes with respect to the legal proceedings described above or other litigation may result in significant settlement costs or judgments, penalties, fines and sanctions. Adverse outcomes with respect to any of the legal proceedings described above or other litigation may result in significant settlement costs or judgments, penalties, fines and sanctions. For example, in June 2025, the Company and the other defendants entered into a settlement agreement to resolve the securities class action lawsuit with plaintiffs who alleged violations of the Securities Act and the Exchange Act in exchange for a payment by the Company of $27.0 million, of which— after adjusting for the settlement amounts to be paid directly by the Company's insurers—the Company’s share was $10.1 million. Managing legal proceedings, regulatory inquiries, litigation and audits, even if we achieve favorable outcomes, is costly, time-consuming and diverts management’s attention from our business.
The results of regulatory proceedings, investigations, inquiries, litigation, claims, and audits cannot be predicted with certainty, and determining reserves for pending litigation and other legal, regulatory and audit matters require significant judgment and assumptions. There can be no assurance that our expectations will prove correct, and even if these matters are resolved in our favor or without significant cash settlements, these matters, and the time and resources necessary to litigate or resolve them, cause harm to our reputation, business, financial condition, results of operations and the market price of our common stock.
We are also subject to lawsuits under the FCA and comparable state laws for submitting allegedly fraudulent, inadequately supported or otherwise inappropriate bills for services to the Medicare and Medicaid programs. These lawsuits, which may be initiated by government authorities as well as private party relators, can involve significant monetary damages, fines, attorney fees and the award of bounties to private plaintiffs who successfully bring these suits, as well as to the government programs. In recent years, government oversight and law enforcement have become increasingly active and aggressive in investigating and taking legal action against potential healthcare fraud and abuse.
As previously disclosed, in July 2021, the Company received a civil investigative demand from the Attorney General for the State of Colorado under the Colorado Medicaid False Claims Act.In July 2021, the Company received a civil investigative demand from the Attorney General for the State of Colorado under the Colorado Medicaid False Claims Act. We continue to fully cooperate with the Attorney General. In February 2022, the Company received a civil investigative demand from the Department of Justice (“DOJ”) under the Federal False Claims Act on similar subject matter. In October 2024, the Company received a civil investigative demand from the DOJ under the Federal False Claims Act on similar subject matter as the 2022 investigation. In February 2022, the Company received a civil investigative demand from the Department of Justice (“DOJ”) under the Federal False Claims Act on similar subject matter. The Company is fully cooperating with the DOJ. We are currently unable to predict the outcome of these investigations. See Part I, Item 3 “Legal Proceedings” for more information.
25
Furthermore, our business exposes us to potential medical malpractice, professional negligence or other related actions or claims that are inherent in the provision of healthcare services. These claims, whether or not they have merit, could cause us to incur substantial costs, and could place a significant strain on our financial resources, divert the attention of management from our core business, harm our reputation and adversely affect our ability to attract and retain participants, any of which could have a material adverse effect on our business, financial condition and results of operations.
Although we maintain third-party professional liability insurance coverage, certain claims against us may exceed the coverage limits of our insurance policies, such as the securities class action lawsuit discussed above.Although we maintain third-party professional liability insurance coverage, it is possible that claims against us may exceed the coverage limits of our insurance policies. Even if any professional liability loss is covered by an insurance policy, these policies typically have substantial deductibles for which we are responsible. Professional liability claims in excess of applicable insurance coverage could have a material adverse effect on our business, financial condition and results of operations. In addition, any professional liability claim brought against us, regardless of merit, could result in an increase of our professional liability insurance premiums. In addition, any professional liability claim brought against us, whether or not they have merit, could result in an increase of our professional liability insurance premiums. Insurance coverage varies in cost and can be difficult to obtain, and we cannot guarantee that we will be able to obtain insurance coverage in the future on terms acceptable to us or at all. If our costs of insurance and claims increase, then our earnings could decline.
Under our PACE contracts, we assume all of the risk that the cost of providing services will exceed our compensation.
Approximately 99.8% of our revenue for each of the years ended June 30, 2025 and 2024, was derived from capitation agreements with government payors in which we receive fixed PMPM fees. While there are variations specific to each agreement, we generally contract with government payors to receive a fixed PMPM fee to provide or manage all healthcare services a participant may require while assuming financial responsibility for the totality of our participants’ healthcare expenses. This type of contract is often referred to as an “at-risk” or a “capitation” contract.
To the extent that our participants require more care than is anticipated and/or the cost of care increases, aggregate fixed capitation payments may be insufficient to cover the costs associated with treatment. To the extent that our participants require more care than is anticipated and/or the cost of care increases, aggregate fixed capitation payments may be insufficient to cover the costs associated with treatment. If medical costs and expenses exceed the underlying capitation payments received, we will not be able to correspondingly increase our capitated payments and thus we could suffer losses with respect to such agreements.
Changes in our anticipated ratio of medical expense to revenue can significantly impact our financial results. Accordingly, the failure to adequately predict and control medical costs and expenses, execute or realize the benefits of our clinical value initiatives and operational value initiatives, and to make reasonable estimates and maintain adequate accruals for incurred but not reported claims, could have a material adverse effect on our business, results of operations, financial condition and cash flows. Accordingly, the failure to adequately predict and control medical costs and expenses, execute or realize the benefits of our clinical value initiatives, and to make reasonable estimates and maintain adequate accruals for incurred but not reported claims, could have a material adverse effect on our business, results of operations, financial condition and cash flows. Additionally, the Medicare and Medicaid expenses of our participants may be outside of our control in the event that participants take certain actions, such as emergency room visits or preventable hospital admissions, that increase such expenses.
Historically, our medical costs and expenses as a percentage of revenue have fluctuated. Historically, our medical costs and expenses as a percentage of revenue have fluctuated. Factors that may cause medical expenses to exceed estimates include:
•the health status of participants requiring higher levels of care, such as nursing home care, or higher incidents of hospitalization;
•higher than expected utilization of new or existing healthcare services;
•more frequent catastrophic medical cases (e.g. transplants);
•an increase in the cost of healthcare services and supplies, whether as a result of inflation, wage increases, purchases of vaccines and personal protective equipment as a result of a pandemic or epidemic, other health emergencies, or otherwise;
•emergence of new high-cost medications to treat conditions that are common in our population, such as new treatments for Alzheimer’s Dementia;
•changes to mandated benefits or other changes in healthcare laws, regulations and practices at both the federal and state levels;
•increased costs attributable to specialist physicians, hospitals, and ancillary providers;
•changes in the demographics of our participants and medical trends;
26
•contractual or claims disputes with providers, hospitals or other service providers;
•the occurrence of catastrophes, health emergencies, including epidemics or pandemics or acts of terrorism; and
•the reduction of government payor payments.
We have experienced, and expect to continue experiencing, increased costs and expenditures in the future.
In fiscal year 2025, while we continued several initiatives intended to lower certain of our costs, we also made, and expect to continue making, significant investments in growing and transforming our business, including through the implementation of Company-wide transformation initiatives (focused on managing cost trends, operational excellence and high quality care for participants) increasing our participant base, building capabilities to increase our sophistication as a payor to drive clinical value, expanding our operations through acquisitions, hiring additional employees for growing or new centers, and introducing or improving technology. As a result of these increased expenditures, we may not succeed in increasing our revenue sufficiently to improve our profit margins. We finance our operations principally from revenue from our participant services and the incurrence of indebtedness. We may not continue to generate positive cash flow from operations or have access to sufficient capital, and our variable results may make it difficult for you to rely on our historical results as indicative of future performance. We have encountered, and will continue to encounter, risks and difficulties frequently experienced by growing companies in rapidly changing and highly regulated industries, including increasing expenses as we continue to grow our business. We have encountered and will continue to encounter risks and difficulties frequently experienced by growing companies in rapidly changing and highly regulated industries, including increasing expenses as we continue to grow our business.
Our operating expenses have increased, and we expect them to continue to increase, over the next several years as we continue to hire additional personnel, expand our operations and infrastructure, reimagine key operational areas through technology, and continue to provide services to an increasing number of participants in furtherance of our clinical and operational initiatives. If we are not able to execute or realize the benefits of our clinical and operational value initiatives, our operating loss could continue to decline and we may not gain anticipated integration and efficiencies. If we are not able to execute or realize the benefits of our clinical value initiatives, including as a result of our EMR system, Epic, not operating as expected, our profitability could continue to decline. In addition to the expected costs to grow our business, we also expect to continue to incur compliance costs, as a result of audits and maintaining high quality of care across our centers, as well as additional legal, accounting and other expenses as we continue to operate as a public company. These investments may be more costly than we expect, and if we do not achieve the benefits anticipated from these investments, or if the realization of these benefits is delayed, our profitability could continue to decline. If our growth rate were to decline significantly or become negative, it could adversely affect our financial condition and results of operations. If we are not able to maintain positive cash flow in the long term, we may require additional financing, which may not be available on favorable terms or at all and/or which would be dilutive to our shareholders. If we are unable to successfully address these risks and challenges as we encounter them, our business, results of operations and financial condition would be adversely affected. Accordingly, we may not be able to be profitable or improve our income in the future, which could negatively impact the value of our common stock.
Our revenues and operations are dependent upon a limited number of government payors, particularly Medicare and Medicaid.
Our operations are dependent on a limited number of government payors, particularly Medicare and Medicaid, with whom we directly contract to provide services to participants. We generally manage our contracts on a state-by-state basis, entering into a separate contract in each state. When aggregating the revenue associated with Medicare and Medicaid by state, Colorado, California and Virginia accounted for a total of approximately 86.4% and 84.3% of our capitation revenue for the years ended June 30, 2025 and 2024, respectively.
Based on our current business structure and market conditions, we expect that the majority of our revenues will continue to be derived from a limited number of key government payors. As a result, we depend on federal funding, the financial condition of the states in which we operate, and each state’s commitment to its PACE program. Government-funded healthcare programs in the states in which we operate face a number of risks, including higher than expected healthcare costs and lack of predictability of tax basis and budget needs. As the states respond to market dynamics and financial pressures, and as government payors make strategic budgetary decisions in respect of the programs in which they participate, certain government payors, including CMS and state Medicaid agencies, may seek to renegotiate or terminate their agreements with us. As the states respond to market dynamics and financial pressures, and as government payors make strategic budgetary decisions in respect of the programs in which they participate, certain government payors may seek to renegotiate or terminate their agreements with us. Any reduction in the budgetary appropriations for our services, whether due to fiscal constraints from a recession or economic downturn, emergency situations such as pandemics, changes in policy or otherwise, could result in a reduction in our capitated fee payments, changes to the scope of services, or even the loss of contracts, any of which could negatively impact our revenues, business and prospects. Any reduction in the budgetary appropriations for our services, whether as a result of fiscal constraints due to recession, or economic downturn, emergency situations such as the COVID-19 pandemic, changes in policy or otherwise, could result in a reduction in our capitated fee payments, changes to the scope of services and possibly loss of contracts and could negatively impact our revenues, business and prospects.
The Trump Administration has called for a reduction in expenditures across the government, including at HHS, the FDA, the National Institutes of Health, CMS and related agencies. Implementation of efficiency directives, such as those
27
issued by the Department of Government Efficiency (DOGE), and actions presently directed by executive order could decrease federal spending related to healthcare and create policy changes that could harm our business. These actions may, for example, include directives to reduce agency workforce and rescinding a Biden Administration executive order tasking the Center for Medicare and Medicaid Innovation (CMMI) to consider new payment and healthcare models to limit drug spending.
Further, the OBBBA, makes several changes that impact Medicare, Medicaid and PACE providers. OBBBA mandates significant reductions in federal Medicaid spending, with the Congressional Budget Office estimating a decrease of $1 trillion over the next decade. The OBBBA also introduces new work requirements for Medicaid recipients aged 19 to 64, necessitating at least 80 hours per month of work, education, or volunteer activities, unless they qualify for certain exemptions. The OBBBA also narrows Medicaid eligibility for qualified immigrants. States will be required to conduct eligibility verifications of Medicaid enrollees in the expansion population every six months (unless otherwise exempt), increasing from the previous annual requirement. These changes may lead to decreased Medicaid enrollment among existing and prospective PACE participants, potentially reducing our funding and decreasing margins. OBBBA also introduces cost-sharing measures, requiring Medicaid beneficiaries with incomes between 100% and 138% of the federal poverty level to pay up to $35 per service for certain healthcare services. As a result, eligible participants could be deterred from enrolling in or continuing enrollment with PACE programs, possibly impacting our ability to retain or increase our participant base. With the federal funding cuts, and states being prohibited from increasing provider taxes to finance their share of Medicaid spending, states may also face budgetary pressures. These budgetary pressures may potentially lead to reductions in certain optional Medicaid benefits, reductions in the workforce for the government entities that oversee and administer Medicaid and PACE, causing delays, and downward pressure on rates, including our capitated fee payments. State-level decisions on benefit coverage could adversely affect or limit the comprehensiveness and quality of care we provide. Finally, the new requirements will necessitate adjustments in our administrative processes to ensure compliance with more frequent eligibility verifications and other reporting standards mandated by federal and state regulatory agencies. Failure to adapt promptly could result in regulatory penalties, sanctions, or loss of funding. Until we know the full scope of the impact of the OBBBA and other policy changes made by the Trump Administration, whether those policy changes are challenged and subsequently upheld by the court system and how those changes impact our business and the business of our competitors over the long term, we will not know the extent of any direct or indirect impact on us.
In addition, government payors may generally adjust certain terms of our agreements with them from time to time and may terminate their contracts with us upon the occurrence of certain events. Such events include inspections, reviews, audits, requests for information or investigations with adverse findings, as well as situations in which state or federal funds are not appropriated at sufficient levels to fund our contracts or PACE programs in general. Government payors, such as CMS and state Medicaid agencies, may also exercise their regulatory authority to terminate, suspend or cancel our contracts, in whole or in part, for cause in the event of our noncompliance with applicable statutory, regulatory, or contractual requirements, or if we are debarred or suspended from providing services by state or federal government authorities. There can be no assurance that our expectations will prove correct, and even if these matters are resolved in our favor or without significant cash settlements, these matters, and the time and resources necessary to litigate or resolve them, cause harm to our reputation, business, financial condition, results of operations and the market price of our common stock. CMS, as the federal agency responsible for oversight of Medicare and PACE programs, may also impose regulatory sanctions for noncompliance with federal requirements, including but not limited to the suspension of participant enrollment, civil monetary penalties, or contractual termination. The imposition of such sanctions has in the past affected and could in the future adversely affect our operating results and our ability to pursue our growth strategies. The sudden loss of any of our government contracts, entry into a government contract with unfavorable economic terms or the renegotiation or adjustment of any of such contracts to include unfavorable terms could adversely affect our operating results. In the ordinary course of business, we engage in active discussions and renegotiations with government payors in respect of the services we provide and the terms of our agreements.
See also Item 1A. Risk Factors, “Risks Related to Our Business-We conduct a significant percentage of our operations in the State of Colorado and, as a result, we are particularly susceptible to any reduction in budget appropriations for our services or any other adverse developments in that state.We conduct a significant percentage of our operations in the State of Colorado and, as a result, we are particularly susceptible to regulatory issues and reduction in budget appropriations for our services or any other adverse developments in that state. ”
Reductions in PACE reimbursement rates or changes in the rules governing PACE programs could have a material adverse effect on our financial condition and results of operations.
We receive nearly all of our revenue through the PACE program, which accounted for 99.8% of our revenue for each of the years ended June 30, 2025 and 2024. As a result, our operations are dependent on government funding levels for PACE programs. Any changes that limit or reduce general PACE funding, such as reductions in or limitations of reimbursement amounts or rates under programs, reductions in funding of programs, expansion of benefits, services or treatments under programs without adequate funding, could have a material adverse effect on our business, results of operations, financial condition and cash flows.
28
The PACE programs and their respective reimbursement rates, payment structures and rules are subject to frequent change. These include statutory and regulatory changes, rate adjustments (including retroactive adjustments), administrative or executive orders and government funding restrictions, all of which may materially adversely affect the PACE rates at which we are compensated for our services. Budget pressures can lead federal and state governments to reduce or place limits on reimbursement rates and payment structures under PACE. For example, the budget constraints caused by recent federal funding cuts and impact of the OBBBA may lead federal and state governments to reduce or limit reimbursement amounts or rates under the PACE program. Implementation of these and other types of measures has in the past and could in the future result in reductions in our revenue and operating margins, the extent of which would depend on the specific measures implemented. Implementation of these and other types of measures has in the past and could in the future result in substantial reductions in our revenue and operating margins. Legislation enacted in 2011 requires CMS to sequester or reduce all Medicare payments, including payments to PACE organizations, by two percent per year beginning on April 1, 2013, and this sequestration has been extended through fiscal year 2032 for Medicare benefit payments. Legislation enacted in 2011 requires CMS to sequester or reduce all Medicare payments, including payments to PACE organizations, by 2% per year for a period of years. We cannot predict what other deficit reduction, other payment reduction or budget enforcement initiatives may be proposed by Congress, which could impact our business, including whether Congress will attempt to increase, restructure or suspend sequestration.
Each year, CMS establishes the Medicare PACE benchmark payment rates by county for the following calendar year. Each year, CMS establishes the Medicare PACE benchmark payment rates by county for the following calendar year. Because nearly all of our revenue is through the PACE program, any negative changes to the PACE benchmark payment rates could have a material adverse effect on our business, results of operations, financial condition and cash flows. In addition, our PACE revenues may become volatile in the future, which could have a material adverse impact on our business, results of operations, financial condition and cash flows.
Reductions in reimbursement rates could have a material, adverse effect on our financial condition and results of operations or even result in rates that are insufficient to cover our operating expenses. Reductions in reimbursement rates could have a material, adverse effect on our financial condition and results of operations or even result in rates that are insufficient to cover our operating expenses. For example, our external provider costs are driven by rates set by Medicare and Medicaid, which are outside of our control and may be negotiated in a manner unfavorable to us. Additionally, any delay or default by state governments in funding our capitated payments could materially and adversely affect our business, financial condition and results of operations.
Recent legislative, judicial and executive efforts to enact further healthcare reform legislation have caused the future state of reforms under the ACA and many core aspects of the current U.S. healthcare system to be unclear. While specific changes and their timing are not yet apparent, enacted reforms and future legislative, regulatory, judicial, or executive changes, particularly any changes to the PACE program, could have a material adverse effect on our business, results of operations, financial condition and cash flows.
Our records and submissions to government payors may contain inaccurate or unsupportable information regarding risk adjustment scores of participants, which could cause us to overstate or understate our revenue and subject us to repayment obligations or penalties.•Our records and submissions to government payors may contain inaccurate or unsupportable information regarding risk adjustment scores of participants, which could subject us to repayment obligations or penalties.
The claims and encounter records that we submit to government payors involve data that support the RAF scores attributable to participants. These RAF scores determine the payment we are entitled for the provision of medical care to such participants. The data submitted to CMS is based on diagnosis codes and medical charts that our employed, contracted and noncontracted providers identify, record and prepare. Any issues with recording and documenting identified medical conditions could adversely impact Medicare RAF scores and our resulting revenue for future periods. CMS periodically audits PACE organizations’ risk adjustment submissions. The submission of inaccurate, incomplete or erroneous data could result in inaccurate revenue and risk adjustment payments, which may be subject to correction or retroactive adjustment in later periods. This corrected or adjusted information may be reflected in financial statements for periods subsequent to the period in which the revenue was recorded. We could be required to refund a portion of the revenue that we received, which could have a material adverse effect on our business, results of operations, financial condition and cash flows. Historically, these true-up payments typically occur between May and August, but the timing of these payments is determined by CMS, and we have neither visibility nor control over the timing of such payments. From time to time, we may experience reconciliation issues as government payors modify or adopt new systems.
If CMS seeks repayment from us for payment adjustments as a result of its audits, we could also be subject to liability for penalties for inaccurate or unsupportable RAF scores provided by us or our providers. If CMS seeks repayment from us for payment adjustments as a result of its audits, we could also be subject to liability for penalties for inaccurate or unsupportable RAF scores provided by us or our providers. In addition, we could be liable for penalties to the federal government under the FCA, which may include per claim penalties, plus up to three times the amount of damages caused by each false claim, which can be as much as the amounts received directly or indirectly from the government for each such false claim. As of January 15, 2025, the minimum FCA penalty increased from $13,946 to $14,308 per claim. As of February 12, 2024, the minimum False Claims Act penalty increased from $13,508 to $13,946 per claim. The maximum penalty has increased from $27,894 to $28,619 per claim. There is a high potential for substantial penalties in connection with any alleged FCA violations.
29
Elements of the risk adjustment mechanism continue to be challenged, reevaluated and revised by the U.S. DOJ, the OIG and CMS. On February 1, 2023, CMS published the Medicare Advantage RADV Program Final Rule, effective April 3, 2023, which allows CMS to extrapolate Risk Adjustment Data Validation (“RADV”) audit findings beginning with payment year 2018. On May 21, 2025, CMS announced a significant expansion of its RADV auditing: all eligible MA plans will now be audited annually, rather than a limited subset, and CMS intends to complete its backlog of RADV audits for payment years 2018 to 2024 by early 2026. Each audit will also review a larger sample of records, increasing the administrative burden and potential for recoupment. If CMS recovers overpayments from MA plans, those plans may seek to recover payments from us that the plans believe are attributable to risk adjustment data. These developments generally increase the risk of payment recoupment and compliance exposure for organizations participating in Medicare Advantage arrangements, like us.
There can be no assurance that a PACE organization, including us, will not be randomly selected or targeted for review by CMS or that the outcome of such a review will not result in a material adjustment in our revenue and profitability, even if the information we submitted to CMS is accurate and supportable. Substantial changes in the risk adjustment mechanism, including changes that result from enforcement or audit actions, could materially affect our capitated reimbursement. For example, CMS released an updated PACE Medicaid Capitation Rate Setting Guide, effective January 1, 2025, which clarifies and expands requirements for state development and documentation of PACE Medicaid capitation rates. Under this new guidance, states must provide more detailed supporting data and methodologies when submitting proposed rates to CMS for approval.
State and federal efforts to reduce healthcare spending could adversely affect our financial condition and results of operations. State and federal efforts to reduce healthcare spending could adversely affect our financial condition and results of operations.
Most of our participants are dually eligible, meaning they are qualified for coverage under both Medicare and Medicaid when enrolled in our PACE program, and nearly all our revenue is derived from government payors. Medicaid is a joint federal and state funded program for healthcare services for low income as well as certain higher-income individuals who qualify for nursing home level of care. Under broad federal criteria, states establish rules for eligibility, services and payment. PACE programs are administered at the state level and are financed by both state and federal funds. Medicaid spending has increased rapidly in recent years, becoming a significant component of state budgets. This increase, combined with slower state revenue growth, has led both the federal government and many states to institute measures aimed at controlling the growth of Medicaid spending, and in some instances reducing aggregate Medicaid spending. Due to budget decisions and constraints, which can be unpredictable and influenced by shifting political and economic priorities or the result of macroeconomic conditions, including a potential recession, we may experience negative Medicaid capitated rate payment pressure from certain states where we operate, such as Colorado, where we conduct a significant percentage of our operations.
In addition, as part of past attempts to repeal, replace or modify the ACA and as a means to reduce the federal budget deficit, there have in recent years been congressional efforts to move Medicaid from an open-ended program with coverage and benefits set by the federal government to one in which states receive a fixed amount of federal funds, either through block grants or per capita caps, and have more flexibility to determine benefits, eligibility or provider payments. In addition, as part of past attempts to repeal, replace or modify the ACA and as a means to reduce the federal budget deficit, there have in recent years been congressional efforts to move Medicaid from an open-ended program with coverage and benefits set by the federal government to one in which states receive a fixed amount of federal funds, either through block grants or per capita caps, and have more flexibility to determine benefits, eligibility or provider payments. If those changes or others are implemented, we cannot predict whether the amount of fixed federal funding to the states will be based on current payment amounts or on lower payment amounts, which would negatively impact those states that expanded their Medicaid programs in response to the ACA. If those changes are implemented, we cannot predict whether the amount of fixed federal funding to the states will be based on 28current payment amounts, or if it will be based on lower payment amounts, which would negatively impact those states that expanded their Medicaid programs in response to the ACA. We expect state and federal efforts to reduce healthcare spending to continue for the foreseeable future.
We depend on our senior management team and other key employees, and the loss of one or more of these employees or an inability to attract and retain other highly skilled employees could harm our business. We depend on our senior management team and other key employees, and the loss of one or more of these employees or an inability to attract and retain other highly skilled employees could harm our business.
Our future success depends largely upon the services of our executive officers, senior management team and other key employees.Our future success depends largely upon the services of our senior management team and other key employees. We rely on our leadership team in the areas of operations, provision of medical services, information technology and security, marketing and general and administrative functions. Our employment agreements with our executive officers and other key personnel do not require them to continue to work for us for any specified period and, therefore, they could terminate their employment with us at any time. The loss of one or more of our executive officers, the members of our senior management team, or other key employees, could disrupt or otherwise harm our business. The loss, whether as a result of voluntary termination or illness, of one or more of the members of our senior management team, or other key employees, could harm our business.
30
If certain of our suppliers do not meet our needs, if we are not reimbursed or adequately reimbursed for medical products we purchase or if we are unable to effectively access new technology or medical products, our ability to effectively provide the services we offer could be negatively impacted.
We have significant suppliers that may be the sole or primary source of products critical to the services we provide, or to which we have committed obligations to make purchases, sometimes at particular prices. If any of these suppliers do not meet our needs for the products they supply, including as a result of price increases, a product recall, product shortage or other supply chain issues (including as a result of trade tensions), or a dispute, and we are not able to find adequate alternative sources, our business, results of operations, financial condition and cash flows could be materially adversely impacted. If any of these suppliers do not meet our needs for the products they supply, including as a result of price increases, a product recall, product shortage or other supply chain issues, or a dispute, and we are not able to find adequate alternative sources, our business, results of operations, financial condition and cash flows could be materially adversely impacted. In addition, the technology related to the products critical to the services we provide is subject to new developments which may result in the availability of superior products. If we are not able to access superior products or new medical products, including biopharmaceuticals or medical devices, on a cost-effective basis or if suppliers are not able to fulfill our requirements for such products, we could face attrition with respect to our participants or healthcare providers and other personnel and other negative consequences which could have a material adverse effect on our business, results of operations, financial condition and cash flows.
We recently completed the acquisition of certain pharmacy assets and we have no previous experience managing our own pharmacy services.
In January 2025, we completed the acquisition of certain pharmacy assets from TRHC and entered into a services agreement with TRHC to provide management services to our pharmacy business with an initial term of five years. We have no previous experience in the pharmacy business and may encounter significant problems as a result of our failure to foresee the challenges of providing pharmacy services. If our assumptions regarding risks and uncertainties that we used to plan our pharmacy business are incorrect or change as we gain more experience operating the business or due to changes in the industry, or if we do not address these challenges successfully, our operating and financial results could suffer materially. Further, we may not be able to realize the cost benefits we expect from operating our own pharmacy subsidiary due to changes in reimbursement or for other reasons. Our pharmacy business also subjects us to additional extensive federal, state, and local regulation governing various aspects of the business, including the distribution and dispensing of drugs; licensure of facilities and professionals; packaging, storing, distributing, shipping, and tracking of pharmaceuticals; repackaging of drug products; labeling consumer disclosures; interactions with prescribing professionals; supply chain security; as well as additional requirements of various governmental authorities, including state boards of pharmacy and the U.S. Consumer Product Safety Commission. The failure to adhere to any of these laws and regulations may expose us to severe civil and criminal penalties.
If we fail to manage our operations effectively, we may be unable to execute our business plan, maintain effective levels of service and participant satisfaction or adequately address competitive challenges.
We have experienced, and may continue to experience, organizational change and growth, which has placed, and may continue to place, significant demands on our management and our operational and financial resources. Additionally, our organizational structure continues to become more complex as we grow and expand our operational, financial and management controls, as well as our reporting systems and procedures as a public company. We may require significant capital expenditures and the allocation of valuable management resources to grow and evolve our operational and financial operations. We must ensure our personnel have the necessary licenses and competencies and continue to effectively train and manage our employees. We will be unable to manage our business effectively if we are unable to alleviate the strain on resources caused by growth in a timely and efficient manner. In fiscal year 2025, our participant base grew by 10.3% compared to the prior fiscal year, and we intend to continue focusing on growing our participant base as part of our growth strategy. If we fail to effectively manage our potential growth or fail to ensure that the level of care and services provided by our employees complies with regulatory and contractual requirements and levels of patient service and satisfaction, our brand and reputation, could suffer, adversely affecting our ability to attract and retain participants and employees and could also lead to corrective actions or sanctions. If we fail to effectively manage our potential growth and change or fail to ensure that the level of care and services provided by our employees complies with regulatory and contractual requirements, and levels of patient service and satisfaction, our brand and reputation, could suffer, adversely affecting our ability to attract and retain participants and employees and lead to the need for corrective actions or sanctions.
The healthcare industry is highly competitive and, if we are not able to compete effectively, our business could be harmed. The healthcare industry is highly competitive and, if we are not able to compete effectively, our business could be harmed.
We compete directly with national, regional and local providers of healthcare for participants and clinical providers, including new or growing participants and providers. We also compete directly with payors, such as with Medicare Advantage Special Needs Plans, and other alternate managed care programs for participants. Some of our competitors may have greater brand recognition and be more established in their respective communities than we are, and may have greater financial and other resources than we have. Further, our current or potential competitors may be acquired by third parties
31
with greater available resources. Competing providers may also offer different programs or services than we do, which, combined with the foregoing factors, may result in our competitors being more attractive to our current participants, potential participants and referral sources. For example, additional offerings by MA, particularly for dual eligible seniors, and other competitors during 2025 resulted in higher than expected disenrollments during fiscal year 2025. Furthermore, to the extent that competitive forces cause our budgeted routine capital expenditures to increase in the future beyond the amounts we set to keep them competitive, our financial condition may be negatively affected. For example, additional offerings by MA and other competitors during 2024 resulted in higher than expected disenrollments during fiscal year 2024. Furthermore, while we budget for routine capital expenditures at our centers to keep them competitive in their respective markets, to the extent that competitive forces cause those expenditures to increase in the future, our financial condition may be negatively affected. In addition, our contracts with government payors are not exclusive for PACE programs in California, and competitors in California could seek to establish contracts with the state Medicaid agency and CMS to serve PACE eligible participants in our service areas. For example, the service area for our Sacramento, California center overlaps with an existing PACE program in the region. Additionally, as we continue expanding into new geographies, we may encounter competitors with stronger local community relationships or brand recognition, which could give those competitors an advantage in attracting new participants. Additionally, as we expand into new geographies, such as Florida, we may encounter competitors with stronger local community relationships or brand recognition, which could give those competitors an advantage in attracting new participants. Individual physicians, physician groups and companies in other healthcare industry segments, some of which have greater financial, marketing and staffing resources, may become competitors in providing healthcare services, and this competition may have a material adverse effect on our business operations and financial position.
Our presence is currently limited to six states, with a significant percentage of our operations in the State of Colorado. As a result, we are particularly susceptible to regulatory issues and reduction in budget appropriations for our services or any other adverse developments in that state.
We currently operate in California, Colorado, Florida, New Mexico, Pennsylvania and Virginia. For the year ended June 30, 2025, almost half of our consolidated revenue was driven by our businesses in Colorado, with 43% of our consolidated revenue derived from contracts specifically with government agencies in the State of Colorado. Accordingly, any regulatory issues and developments in the six states, and particular in Colorado such as a reduction in Colorado’s budgetary appropriations for our services, whether as a result of fiscal constraints due to recession, emergency situations, such as pandemics, changes in policy or otherwise, have resulted and could in the future result, in a reduction in our capitated fee payments and possibly the loss of contracts, and materially adversely impact our results. Further, our concentrated operations limit our ability to mitigate many of the risks described in these risk factors by a diversification of geographic focus.
In order to continue expanding our operations to other regions of the United States, we devote significant resources to identifying and exploring perceived opportunities. Thereafter, we have to, among other things, recruit and retain qualified personnel, develop and grow new centers and establish new relationships or contracts with physicians and other healthcare and services providers. Thereafter, we have to, among other things, recruit and retain qualified 30personnel, develop new centers and establish new relationships or contracts with physicians and other healthcare and services providers. In addition, we are required to comply with laws and regulations of states that may differ from the ones in which we currently operate, and could face competitors with greater knowledge of such local markets. We anticipate that further geographic expansion will require us to make a substantial investment of management time, capital and/or other resources. There can be no assurance that we will be able to continue to expand our operations in new geographic markets.
Security breaches, loss of data and other disruptions, including disruptions in our disaster recovery systems, have in the past and could in the future compromise sensitive information related to our business or our participants, or prevent us from accessing critical information and expose us to liability, and could adversely affect our business and our reputation. See “Security breaches, loss of data and other disruptions have in the past and could in the future compromise sensitive information related to our business or our participants, or prevent us from accessing critical information and expose us to liability, and could adversely affect our business and our reputation” in Item 1A “Risk Factors” in this Annual Report.
Our information technology systems facilitate our ability to conduct our business. In the ordinary course of our business, we create, receive, maintain, transmit, collect, store, use, disclose, share and process (collectively, “Process”) sensitive data, including PHI/PII relating to our employees, participants and others. We also contract with third-party service providers to Process sensitive information, including PHI/PII, confidential information and other proprietary business information. We also Process and contract with third-party service providers to Process sensitive information, including PHI/PII, confidential information and other proprietary business information. We manage and maintain PHI/PII and other sensitive data and information using both on premise and cloud-based systems. Third-party service providers that serve our participants Process PHI/PII data either in their own on-site systems, at managed or co-located data centers, or in the cloud. Third-party service providers that serve our participants Process PHI/PII data either in their own on-site systems, at managed or co-located data centers, or in the cloud.
We are highly dependent on information technology networks and systems, including our Electronic Medical Records (“EMR”) system and Epic to securely Process PHI/PII and other sensitive data and information. We are highly dependent on information technology networks and systems, including our EMR system, Epic, and the internet, to securely Process PHI/PII and other sensitive data and information. Security breaches or disruptions of this infrastructure, whether ours or of our third-party service providers, including physical or electronic break-ins, computer viruses, ransomware or other cybersecurity incidents, attacks by hackers and similar breaches, weather-related disruptions, and employee or contractor error, negligence or malfeasance, have occurred in the past, and have in the past and could in the future, create system disruptions, shutdowns or unauthorized access, acquisition, use, disclosure or modifications of such data or information, and could cause PHI/PII to be accessed, acquired, used, disclosed or modified without authorization, to be made publicly available, or to be further accessed, acquired, used or disclosed. Security breaches of this infrastructure, whether ours or of our third-party service providers, including physical or electronic break-ins, computer viruses, ransomware, attacks by hackers and similar breaches, and employee or contractor error, negligence or malfeasance, have occurred in the past, and have in the past and could in the future, create system disruptions, shutdowns or unauthorized access, acquisition, use, disclosure or modifications of such data or information, and could cause PHI/PII to be accessed, acquired, used, disclosed or modified without authorization, to be made publicly available, or to be further accessed, acquired, used or disclosed.
32
We use third-party service providers for important aspects of the Processing of employee and participant PHI/PII and other confidential and sensitive data and information, and therefore rely on third parties to manage functions that have material cybersecurity risks. Because of the sensitivity of the PHI/PII and other sensitive data and information that we and our service providers Process, the security of our technology platform and other aspects of our services, including those provided or facilitated by our third-party service providers, are important to our operations and business strategy. We have implemented certain administrative, physical and technological safeguards through our Cybersecurity Program to address these risks; however, such policies and procedures may not address certain HIPAA requirements or address situations that could lead to increased privacy or security risks. We have implemented certain administrative, physical and technological safeguards through our Cybersecurity Program to address these risks; however, such policies and procedures may not address certain HIPAA requirements or address situations that could lead to increased privacy or security risks, and agreements with contractors and other third-party service providers who handle this PHI/PII and other sensitive data and information for us. However, some PACE organizations that we have acquired in the past or may acquire in the future may not have implemented such agreements with their third-party service providers, which may expose us to legal claims or proceedings, liability, and penalties. We may be required to expend significant capital and other resources to protect against security breaches, to safeguard the privacy, security, and confidentiality of PHI/PII and other sensitive data and information, to investigate, contain, remediate, and mitigate actual or potential security breaches, and/or to report security breaches to participants, employees, regulators, media, credit bureaus, and other third parties in accordance with applicable law and to offer complimentary credit monitoring, identity theft protection, and similar services to participants and/or employees where required by law or otherwise appropriate. Cyber-attacks are becoming more sophisticated including with the use of artificial intelligence, and frequent, and we or our third-party service providers may be unable to anticipate these techniques or to implement adequate protective measures against them or to prevent future attacks. Cyber-attacks are becoming more sophisticated, and frequent, and we or our third-party service providers may be unable to anticipate these techniques or to implement adequate protective measures against them or to prevent future attacks. The prevalence of smart/handheld devices and the remote work environment has increased these risks. We exercise limited control over our third-party service providers and, in the case of some third-party service providers, may not have evaluated the adequacy of their security measures, which increases our vulnerability to problems with services they provide.
A security breach, security incident, or privacy violation that leads to unauthorized use, disclosure, access, acquisition, loss or modification of, or that prevents access to or otherwise impacts the confidentiality, security, or integrity of, participant or employee information, including PHI/PII that we or our third-party service providers process, could harm our reputation and business, compel us to comply with breach notification laws, cause us to incur significant costs for investigation, containment, remediation, mitigation, fines, penalties, settlements, notification to individuals, regulators, media, credit bureaus, and other third parties, complimentary credit monitoring, identity theft protection, training and similar services to participants and/or employees where required by law or otherwise appropriate, for measures intended to repair or replace systems or technology and to prevent future occurrences. A security breach, security incident, or privacy violation that leads to unauthorized use, disclosure, access, acquisition, loss or modification of, or that prevents access to or otherwise impacts the confidentiality, security, or integrity of, participant or employee information, including PHI/PII that we or our third-party service providers process, could harm our reputation and business, compel us to comply with breach notification laws, cause us to incur significant costs for investigation, containment, remediation, mitigation, fines, penalties, settlements, notification to individuals, regulators, media, credit bureaus, and other third parties, complimentary credit monitoring, identity theft protection, training and similar services to participants and/or employees where required by law or otherwise appropriate, for measures intended to 31repair or replace systems or technology and to prevent future occurrences. We may also be subject to potential increases in insurance premiums, resulting in increased costs or loss of revenue.
Even in the case of cybersecurity incidents on our third-party service-providers, we remain responsible under HIPAA for our participants’ PHI/PII and any failure on our part to comply with HIPAA in connection with such data could be subject to civil penalties, resolution agreements, monitoring or similar agreements or other enforcement action. Even in the case of cybersecurity incidents on our third-party service-providers, we remain responsible under HIPAA for our participants’ PHI/PII and any failure on our part to comply with HIPAA in connection with such data could be subject to civil penalties, resolution agreements, monitoring or similar agreements or other enforcement action.
If we or our third-party service providers are unable to prevent or mitigate security breaches, security incidents or privacy violations, or if we or our third-party service providers are unable to implement satisfactory remedial measures with respect to known or future security incidents, or if it is perceived that we have been unable to do so, our operations could be disrupted, we may be unable to provide access to our systems, and we could suffer a loss of participants, loss of reputation, adverse impacts on participant and investor confidence, financial loss, governmental investigations or other actions, regulatory or contractual penalties, and other claims and liability. In addition, security breaches and incidents and other compromise or inappropriate access to, or acquisition or processing of, PHI/PII or other sensitive data or information can be difficult to detect, and any delay in identifying such breaches or incidents or in providing timely notification of such incidents may lead to increased harm and increased penalties.
While we maintain insurance covering certain security and privacy damages and claim expenses, we may not carry insurance or maintain coverage sufficient to compensate for all liability and in any event, insurance coverage would not address the reputational damage that could result from a security incident. While we maintain insurance covering certain security and privacy damages and claim expenses, we may not carry insurance or maintain coverage sufficient to compensate for all liability and in any event, insurance coverage would not address the reputational damage that could result from a security incident.
A failure to accurately estimate incurred but not reported medical expenses could adversely affect our results of operations. A failure to accurately estimate incurred but not reported medical expenses could adversely affect our results of operations.
External provider costs include estimates of future medical claims that have been incurred by the participant but for which the provider has not yet billed. These claim estimates are made utilizing actuarial methods and are continually evaluated and adjusted by management, based upon our historical claims experience and other factors, including an independent assessment by a nationally recognized actuarial firm. Positive or negative adjustments, if necessary, are made when the assumptions used to determine our claims liability change and when actual claim costs are ultimately determined.
33
Due to uncertainties associated with the factors used in these estimates and changes in the patterns and rates of medical utilization, materially different amounts could be reported in our financial statements for a particular period under different conditions or using different, but still reasonable, assumptions. It is possible that our estimates of this type of claim may be excessive or inadequate in the future and we may be obligated to repay certain amounts to CMS. In such event, our results of operations would be adversely impacted. Further, the inability to estimate these claims accurately may also affect our ability to take timely corrective actions, further exacerbating the extent of any adverse effect on our results of operations.
In addition, our operational and financial results vary depending upon the time of year in which they are measured. For example, medical costs vary seasonally depending primarily on the weather because certain illnesses, such as the influenza, COVID-19 and respiratory syncytia viruses, are far more prevalent during colder months of the year. For example, medical costs vary seasonally depending primarily on the weather because certain illnesses, such as the influenza virus, are far more prevalent during colder months of the year. Historically, we have seen higher levels of per-participant medical costs in the second and third quarters of our fiscal year.
We lease half of our centers and may experience risks relating to lease termination, lease expense escalators, lease extensions and special charges. We lease half of our centers and may experience risks relating to lease termination, lease expense escalators, lease extensions and special charges.
We currently lease 10 of our 20 centers. We currently lease 10 of our 20 centers. Our leases typically have terms of nine years, and generally provide for renewal or extension options for an average total potential term of approximately 23 years. However, there can be no assurance that these rights will be exercised in the future or that we will be able to satisfy the conditions precedent to exercising any such renewal or extension. However, there can be no assurance that these rights will be exercised in the future or that we will be able to satisfy the conditions precedent to exercising any such renewal or extension. Each of our lease agreements provides that the lessor may terminate the lease, subject to applicable cure provisions, for a number of reasons, including the defaults in any payment of rent, taxes or other payment obligations or the breach of any other covenant or agreement in the lease. If a lease agreement is terminated or if we are unable to renew or extend any of our leases, we may lose the center subject to that lease agreement. If we are not able to renew or extend our leases at or prior to the end of the existing lease terms, or if the terms of such options are unfavorable or unacceptable to us, our business, financial condition and results of operation could be adversely affected.
A pandemic, epidemic or outbreak of an infectious disease in the United States or worldwide, as well as weather and other factors, have affected, and could in the future adversely affect our business.32A pandemic, epidemic or outbreak of an infectious disease in the United States or worldwide, such as COVID-19, as well as weather and other factors, have affected, and could in the future adversely affect our business.
Any future pandemic, epidemic or outbreak of an infectious disease may adversely affect our business if one or all of the geographies we serve is affected by such outbreak, particularly at the onset of any such outbreak before response protocols have been developed. Specifically, if our participants fall ill due to an outbreak, such as during the COVID-19 pandemic, we may experience a high level of unexpected deaths, increased costs, difficulties adhering to the complex government laws and regulations that apply to our business (including difficulties enrolling participants), and other effects, including a loss of revenue, negative publicity, litigation and inquiries from government regulators. Specifically, if our participants fall ill due to an outbreak, such as during the COVID-19 pandemic, we may experience a high level of unexpected deaths, increased costs, difficulties adhering to the complex government laws and regulations that apply to our business (including difficulties enrolling participants as was the case during the COVID-19 pandemic), and other effects, including a loss of revenue, negative publicity, litigation and inquiries from government regulators.
In addition, our results of operations have been, and may in the future be, negatively impacted by adverse conditions affecting our centers, including severe weather events such as tornadoes, hurricanes and widespread winter storms, floods, fires, earthquakes, power losses, violence or threats of violence or other factors beyond our control that cause disruption in provision of participant services, displacement of our participants, employees and care teams, or force certain of our centers to close temporarily.In addition, our results of operations have been and may in the future be negatively impacted by adverse conditions affecting our centers, including severe weather events such as tornadoes, hurricanes and widespread winter storms, earthquakes, violence or threats of violence or other factors beyond our control that cause disruption in provision of participant services, displacement of our participants, employees and care teams, or force certain of our centers to close temporarily. Our insurance coverage may not compensate us for losses that may occur in the event of an earthquake or other significant natural disaster. In certain geographic areas, we have a large concentration of centers that may be simultaneously affected by health emergencies, adverse weather conditions or other events. Our future operating results may be adversely affected by these and other factors that disrupt the operation of our centers.
Risks Related to Regulation
Allegations that we have failed to adhere to all of the complex government laws and regulations that apply to our business have had, and could in the future have, a material adverse effect on our business, results of operations, financial condition, cash flows, reputation and stock price.
Our operations are subject to extensive federal, state and local government laws and regulations, such as:
•Federal Medicare, federal and state Medicaid, and federal and state PACE statutes and regulations, which are continuously changing and evolving;
•federal and state anti-kickback and self-referral laws, which prohibit, among other things, the knowing and willful offer, payment, solicitation or receipt of any bribe, kickback or remuneration, whether in cash or in kind, for referring an individual, in return for ordering, leasing, purchasing or recommending or arranging for or to induce the referral of an individual or the ordering, purchasing or leasing of items or services covered, in whole or in part, by federal healthcare programs, such as Medicare and Medicaid, or by any payor;
34
•the federal civil false claims laws, including the FCA and associated regulations, which impose civil penalties through governmental, whistleblower or qui tam actions, on individuals or entities for, among other things, knowingly submitting false or fraudulent claims for payment to the government or knowingly making, or causing to be made, a false statement in order to have a claim paid. When an entity is determined to have violated the FCA, the government may impose civil fines and penalties ranging from $14,308 to $28,619 for each false claim, plus treble damages, and exclude the entity from participation in Medicare, Medicaid and other federal healthcare programs;
•the federal false claims laws, which impose criminal penalties on individuals who make or present a false, fictitious, or fraudulent claim to the government that the individual knew was false, fictitious, or fraudulent, and was made with the specific intent to violate the law or with a consciousness of wrongdoing;
•state false claims laws, which generally follow the FCA and apply to claims submitted to state healthcare programs, and state health insurance fraud laws that impose penalties for the submission of false or fraudulent claims by providers to commercial insurers or other payors of healthcare services;
•the federal Civil Monetary Penalties Statute and associated regulations, which impose civil fines for, among other things, the offering or transfer of remuneration to a Medicare or state healthcare program beneficiary if the person knows or should know such remuneration is likely to influence the beneficiary’s selection of a particular provider or supplier of services reimbursable by Medicare or a state healthcare program, unless an exception applies, and which authorize assessments and program exclusion for various forms of fraud and abuse involving the Medicare and Medicaid programs;
•the federal healthcare fraud statute and its implementing regulations, which created federal criminal laws that prohibit, among other things, executing or attempting to execute a scheme to defraud any healthcare benefit program or making false statements relating to healthcare matters;
•federal and state laws regarding the collection, use disclosure and protection of personal identifiable information, or PII, and protected health information, or PHI (e.g., HIPAA and the CCPA), and the storage, handling, shipment, disposal and/or dispensing of pharmaceuticals and blood products and other biological materials, and many other applicable state and federal laws and requirements;
•state and federal statutes and regulations that govern workplace health and safety;
•federal and state laws and policies that require healthcare providers to maintain licensure, certification or accreditation to provide services to patients or to enroll and participate in the Medicaid programs, to report certain changes in their operations to the agencies that administer these programs and, in some cases, to re-enroll in these programs when changes in direct or indirect ownership occur;
•federal and state scope of practice and other laws pertaining to the provision of services by qualified healthcare providers, including those pertaining to the provision of services by nurse practitioners and physician assistants in certain settings and requirements for physician supervision of those services;
•state laws restricting the corporate practice of medicine; and
•federal or state consumer protection laws that regulate various trade practices (e.g. consumer communications or consumer-facing activities).
In addition to the above, PACE contracts also impose complex and extensive requirements upon our operations.
Federal and state manuals, policies, and other guidance may affect our operations. Federal and state manuals, policies, and other guidance may also affect our operations.
The various laws, regulations, and agency guidance that apply or relate to our operations are often subject to varying interpretations, and additional laws and regulations potentially affecting healthcare organizations continue to be promulgated and issued. A violation or departure from any of the legal requirements applicable to our business may result in, among other things, government audits, decreased payment rates, significant fines and penalties, the potential loss of licensure or certification, recoupment efforts or retractions of reimbursement previously paid, voluntary repayments, exclusion from governmental healthcare programs, written warnings, corrective action plans, monitoring, reputational harm, suspension of new enrollment or the restriction of current enrollment, the withholding of payments under the PACE program agreement, and termination of the PACE program agreement. These legal requirements may be civil or
35
administrative in nature. We are subject to federal and state regulations that require PACE organizations to maintain fiscally sound operations, as defined by CMS and applicable state agencies. We submit regular financial reports to governmental authorities and are subject to routine financial reviews and audits by both CMS and state agencies. For example, federal and state governments evaluate our assets and liabilities, cash flows, and net operating surpluses against specific regulatory requirements. From time to time, federal and state authorities may identify aspects of the finances of our PACE organizations that do not comply with federal or state requirements and may require us to submit clarifications and/or take action to adjust the capitalization or other financial status of such entities. As state agencies promulgate additional regulations applicable to PACE and issue sub-regulatory guidance, we will have to allocate sufficient resources to ensure compliance with both federal and state regulations. As state agencies promulgate additional regulations applicable to PACE and issue sub-regulatory guidance, we will have to allocate sufficient resources to ensure compliance with both federal and state regulations.
We endeavor to comply with all legal requirements, including structuring our relationships with physicians, providers, and other third parties to comply with state and federal anti-kickback laws and other applicable healthcare laws. However, the laws and regulations in these areas are complex, changing and often subject to varying interpretations, and any failure to satisfy applicable laws and regulations could have a material adverse impact on our business, results of operations, financial condition, cash flows and reputation. We may face penalties, including penalties under the FCA, if we fail to report and return government overpayments within 60 days of when the overpayment is identified and quantified. See Item 1A. Risk Factors, “Risks Related to Our Business--We are subject to legal proceedings, enforcement actions and litigation, malpractice and privacy disputes, which are costly to defend and could materially harm our business and results of operations.” Additionally, the federal government has used the FCA to prosecute a wide variety of alleged false claims and fraud allegedly perpetrated against Medicare, Medicaid, and other federally funded healthcare programs. Moreover, following amendments to the federal Anti-Kickback Statute under the ACA, claims that are implicated by Anti-Kickback Statute violations are also subject to liability under the FCA, including qui tam or whistleblower suits. Moreover, following amendments to the federal Anti-Kickback Statute under the ACA, claims that are implicated by Anti-Kickback Statute violations are also subject to liability under the FCA, including qui tam or whistleblower suits. In recent years, the number of suits brought in the medical industry by private individuals has increased dramatically. Given the high volume of claims processed by our various operating units, the potential is high for substantial penalties in connection with any alleged FCA violations.
In addition to the provisions of the FCA, the federal government can use several criminal statutes to prosecute persons who are alleged to have submitted false or fraudulent claims for payment to the federal government. In addition to the provisions of the FCA, the federal government can use several criminal statutes to prosecute persons who are alleged to have submitted false or fraudulent claims for payment to the federal government.
If any of our operations are found to violate these or other government laws or regulations, we could suffer severe consequences that would have a material adverse effect on our business, results of operations, financial condition, cash flows, reputation and stock price, including:
•suspension, termination or exclusion of our participation in government payment programs;
•refunds of amounts received in violation of law or applicable payment program requirements dating back to the applicable statute of limitation periods;
•criminal or civil liability, fines, damages or monetary penalties for violations of healthcare fraud and abuse laws, including the Anti-Kickback Statute, Civil Monetary Penalties Statute and FCA, or other failures to meet regulatory requirements;
•enforcement actions by governmental agencies and/or state law claims for monetary damages for patients or employees relating to breach or impermissible use or disclosure of, or other incident relating to PHI and other types of personal data or PII that we collect, use, and disclose, in violation of federal or state privacy laws, including, for example and without limitation, HIPAA or state data privacy and security laws;
•mandated changes to our practices or procedures that could significantly increase operating expenses;
•imposition of and compliance with corporate integrity agreements, monitoring agreements or corrective action plans that could subject us to ongoing audits and reporting requirements as well as increased scrutiny of our billing and business practices;
•termination of various relationships and/or contracts related to our business, including joint venture arrangements, real estate leases and consulting agreements; and
•harm to our reputation, which could negatively impact our business relationships, affect our ability to attract and retain participants and healthcare professionals, affect our ability to obtain financing and decrease access to new business opportunities, among other things.
36
We are, from time to time, and may in the future continue to be, a party to various lawsuits, demands, claims, governmental investigations, audits (including investigations or other actions resulting from our obligation to self-report suspected violations of law), and other legal matters. Responding to subpoenas, requests for information, investigations and other lawsuits, claims, and legal proceedings as well as defending ourselves in such matters has required management’s attention and caused us to incur significant legal expense. It is possible that criminal proceedings may be initiated against us and/or individuals in our business in connection with investigations by the federal government. The results of such lawsuits cannot be predicted. Qui tam actions are filed under seal and impose a mandatory duty on the U.S. DOJ to investigate such allegations, and because qui tam suits are filed under seal, we could be subject to suits of which we are not aware or have been ordered by the presiding court not to discuss or disclose.
We, our healthcare professionals, and the centers in which we operate, are subject to various federal, state and local licensing, certification and other laws and regulations, relating to, among other things, the quality of medical care, equipment, privacy of health information, physician relationships, telehealth, personnel and operating policies and procedures. We, our healthcare professionals, and the centers in which we operate, are subject to various federal, state and local licensing, certification and other laws and regulations, relating to, among other things, the quality of medical care, equipment, privacy of health information, physician relationships, telehealth, personnel and operating policies and procedures. Failure to comply with these licensing and certification laws, regulations and standards could result in cessation of our services, recoupment of prior payments by government payors, corrective action plans, the suspension of participant enrollment or requirements to make significant changes to our operations and can give rise to civil or, in certain cases, criminal penalties. While we endeavor to comply with federal, state and local licensing and certification laws and regulations and standards as we interpret them, the laws and regulations in these areas are complex, changing and often subject to varying interpretations. Any failure to satisfy applicable laws and regulations could have a material adverse impact on our business, results of operations, financial condition, cash flows, and reputation.
If we are unable to effectively adapt to changes in the healthcare industry, including changes to laws and regulations regarding or affecting U.S. healthcare reform, our business could be harmed.
Federal, state, and local legislative bodies frequently pass legislation and administrative agencies promulgate regulations relating to healthcare reform or that affect the healthcare industry. As has been the trend in recent years, we expect a continued increase in government oversight and regulation of the healthcare industry. As has been the trend in recent years, it is reasonable to assume that there will continue to be increased government oversight and regulation of the healthcare industry in the future. We cannot assure our shareholders as to the ultimate content, timing or effect of any new healthcare legislation or regulations, nor is it possible at this time to estimate the impact of potential new legislation or regulations on our business. We cannot assure our stockholders as to the ultimate content, timing or effect of any new healthcare legislation or regulations, nor is it possible at this time to estimate the impact of potential new legislation or regulations on our business.
Since nearly all of our revenue is derived from government payors, we are continually subject to regulatory changes. Since nearly all of our revenue is derived from government payors, we are always subject to regulatory changes. Federal and state legislators routinely introduce and consider proposed legislation that would impact Medicare, Medicaid, and PACE funding and operations, and state and federal agencies also consider and implement regulations and guidance that impact our business. For example, the OBBBA includes provisions that would significantly reduce federal Medicaid spending over the next decade through new work requirements for Medicaid recipients aged 19 to 64, increase the frequency of eligibility verifications of Medicaid enrollees, introduce cost-sharing measures for Medicaid beneficiaries, and reduce funding for long-term care and home- and community-based services. See “Risk Factors—If we are unable to attract new participants and retain existing participants, our revenue growth will be adversely affected” and “Risk Factors—Our revenues and operations are dependent upon a limited number of government payors, particularly Medicare and Medicaid.” Additionally, changes in the leadership of federal agencies under the Trump Administration may also lead to new policies and changes in such agencies’ regulations and operations. Similarly, changes in private payor reimbursement policies could lead to adverse changes in Medicare, Medicaid and other governmental healthcare programs, which could have a material adverse effect on our business, financial condition and result of operations. We cannot predict with certainty the impact that any particular federal and state healthcare legislation or regulation will have on us, but such changes could impose new and/or more stringent regulatory requirements on our activities or result in reduced payment rates, any of which could adversely affect our business, financial condition, and results of operations.
There can be no assurance that regulators will agree that we have structured our agreements and operations in material compliance with applicable healthcare laws and regulations or that we will be able to successfully address changes in the current legislative and regulatory environment. While we believe that we have structured our agreements and operations in material compliance with applicable healthcare laws and regulations, there can be no assurance that regulators will agree with our approach or that we will be able to successfully address changes in the current legislative and regulatory environment. Moreover, some of the healthcare laws and regulations applicable to us are subject to limited or evolving interpretations, and a review of our business or operations by a court, law enforcement or a regulatory authority might result in a determination that could have a material adverse effect on us. Furthermore, the healthcare laws and regulations applicable to us may be amended or interpreted in a manner that could have a material adverse effect on our business, prospects, results of operations and financial condition.
37
Laws regulating the corporate practice of medicine could restrict the manner in which we are permitted to conduct our business, and the failure to comply with such laws could subject us to penalties or require a restructuring of our business.
Some of the states in which we currently operate, as well as states in which we may operate in the future, have laws that prohibit business entities, such as us, from practicing medicine, employing physicians or other clinicians to practice medicine, exercising control over medical decisions by physicians or other clinicians or engaging in certain arrangements, such as fee-splitting, with physicians or other clinicians (such activities generally referred to as the “corporate practice of medicine”). In some states, these prohibitions are expressly stated in a statute or regulation, while in other states the prohibition is a matter of judicial or regulatory interpretation. For example, in Pennsylvania, the statutes that pertain to the employment of healthcare practitioners by healthcare centers do not explicitly include a PACE organization in the list of healthcare centers by which a healthcare practitioner may be employed. While we endeavor to comply with state corporate practice of medicine laws and regulations as we interpret them, the laws and regulations in these areas are complex, changing, and often subject to varying interpretations. The interpretation and enforcement of these laws vary significantly from state to state.
Penalties for violations of the corporate practice of medicine vary by state and may result in physicians being subject to disciplinary action, as well as forfeiture of revenues from payors for services rendered. Penalties for violations of the corporate practice of medicine vary by state and may result in physicians being subject to disciplinary action, as well as forfeiture of revenues from payors for services rendered. For business entities, such as us, violations may also bring both civil and, in more extreme cases, criminal liability for engaging in medical practice without a license, as well as obligations to restructure the implicated arrangements.
Our use, disclosure, and other processing of PHI/PII is subject to HIPAA, CCPA as amended by the CPRA and other federal and state privacy and security regulations, and our failure to comply with those laws and regulations or to adequately secure the information we hold could result in significant liability or reputational harm and, in turn, a material adverse effect on our participant base and revenue.
Numerous state and federal laws and regulations, govern the collection, dissemination, use, disclosure, destruction, retention, privacy, confidentiality, security, availability, integrity and other processing of PHI/PII. These laws and regulations include HIPAA. HIPAA establishes a set of national privacy and security standards for the protection of PHI by health plans, healthcare clearinghouses, and certain healthcare providers, referred to as covered entities, which includes the Company, and the business associates with whom such covered entities contract for services. A business associate is any person or entity (other than members of a covered entity’s workforce) that performs a service for or on behalf of a covered entity involving the use or disclosure of PHI. HIPAA also implemented the use of standard transaction code sets and standard identifiers that covered entities must use when submitting or receiving certain electronic healthcare transactions, including activities associated with the billing and collection of healthcare claims.
HIPAA imposes mandatory penalties for certain violations. HIPAA imposes mandatory penalties for certain violations. Under a notice of enforcement discretion issued by HHS in 2019 and annually adjusted by the HHS, penalties for violations of HIPAA and its implementing regulations start at $100 (not adjusted for inflation) per violation and are not to exceed approximately $63,000 (not adjusted for inflation) per violation, subject to a cap of approximately $1.9 million (not adjusted for inflation) for violations of the same standard in a single calendar year. Under a notice of enforcement discretion issued by HHS in 2019, penalties for violations of HIPAA and its implementing regulations start at $100 (not adjusted for inflation) per violation and are not to exceed approximately $63,000 (not adjusted for inflation) per violation, subject to a cap of approximately $1.9 million (not adjusted for inflation) for violations of the same standard in a single calendar year. However, a single breach incident can result in violations of multiple standards. In addition, HIPAA provides for criminal penalties of up to $250,000 and ten years in prison, with the severest penalties for obtaining and disclosing PHI with the intent to sell, transfer or use such information for commercial advantage, personal gain or malicious harm. HIPAA also authorizes state attorneys general to file suit on behalf of their residents. Courts may award damages, costs and attorneys’ fees related to violations of HIPAA in such cases. While HIPAA does not create a private right of action allowing individuals to sue us in civil court for violations of HIPAA, its standards have been used as the basis for duty of care in state civil suits such as those for negligence or recklessness in the misuse or breach of PHI.
In addition, HIPAA mandates that the Secretary of HHS conduct periodic compliance audits of HIPAA covered entities and business associates for compliance with the HIPAA Privacy and Security Standards. In addition, HIPAA mandates that the Secretary of HHS conduct periodic compliance audits of HIPAA covered entities and business associates for compliance with the HIPAA Privacy and Security Standards. It also tasks HHS with establishing a methodology whereby harmed individuals who were the victims of breaches of unsecured PHI may receive a percentage of the civil monetary penalty fine paid by the violator.
HIPAA further requires that individuals be notified of any unauthorized acquisition, access, use or disclosure of their unsecured PHI that compromises the privacy or security of such information, with certain exceptions related to unintentional or inadvertent use or disclosure by employees or authorized individuals. HIPAA further requires that individuals be notified of any unauthorized acquisition, access, use or disclosure of their unsecured PHI that compromises the privacy or security of such information, with certain exceptions related to unintentional or inadvertent use or disclosure by employees or authorized individuals. HIPAA specifies that such notifications must be made “without unreasonable delay and in no case later than 60 calendar days after discovery of the breach.” If a breach affects 500 individuals or more, it must be reported to HHS without unreasonable delay, and in no case later than 60 calendar days after discovery, and HHS will automatically investigate the breach and post the name of the
38
entity on its public breach portal. If a breach involves fewer than 500 people, the covered entity must record it in a log and notify HHS at least annually. Breaches affecting more than 500 residents in the same state or jurisdiction must also be reported to the local media. Looking ahead, it is possible that Congress could pursue a federal privacy bill to harmonize privacy regimes across states.
In addition to HIPAA, numerous other federal and state laws and regulations protect the confidentiality, privacy, availability, integrity and security of individually identifiable information. In addition to HIPAA, numerous other federal and state laws and regulations protect the confidentiality, privacy, availability, integrity and security of individually identifiable information. State statutes and regulations vary from state to state, and these laws and regulations in many cases are more restrictive than, and may not be preempted by, HIPAA and its implementing rules. These laws and regulations are often uncertain, contradictory, and subject to changing or differing interpretations, and we expect new laws, rules and regulations regarding privacy, data protection, and information security to be proposed and enacted in the future. For example, the CCPA provides certain exceptions for PHI, but is still applicable to certain PII we process in the ordinary course of our business. The effects of the CCPA are wide-ranging and afford consumers certain rights with respect to PII, including a private right of action for data breaches involving certain personal information of California residents. In addition, the California Privacy Rights Act of 2020, or CPRA, expands the CCPA’s requirements, including by adding a new right for individuals to correct their personal information and establishing a new regulatory agency to implement and enforce the law. Other states have enacted similar privacy laws that impose new obligations or limitations in areas affecting our business and we continue to assess the impact of this state legislation on our business as additional information and guidance becomes available. Other states have enacted similar privacy laws that impose new obligations or limitations in areas affecting our business and we continue to assess the impact of this state legislation on our business as additional information and guidance becomes available. Efforts at the federal level to enact similar laws have been ongoing. As new data security laws are implemented, we may not be able to timely comply with such requirements, or such requirements may not be compatible with our current processes. As new data security laws are implemented, we may not be able to timely comply with such requirements, or such requirements may not be compatible with our current processes. Changing our processes could be time consuming and expensive, and failure to implement required changes in a timely manner could subject us to liability for non-compliance. Consumers may also be afforded a private right of action for certain violations of privacy laws. This complex, dynamic legal landscape regarding privacy, data protection, and information security creates significant compliance issues for us and potentially restricts our ability to process data and may expose us to additional expense, adverse publicity, and liability. We cannot guarantee that our data privacy and security measures both internally and with our third parties will be adequate, and we may be subject to cybersecurity, ransomware or other security incidents, especially as the rapid evolution of AI leads to more complex and sophisticated attacks. Further, it is possible that laws, rules and regulations relating to privacy, data protection, or information security may be interpreted and applied in a manner that is inconsistent with our practices or those of our third-party service providers. If we or these third parties are found to have violated such laws, rules or regulations, it could result in regulatory investigations, litigation awards or settlements, government-imposed fines, orders requiring that we or these third parties change our or their practices, or criminal charges, which could adversely affect our business. Complying with these various laws and regulations could cause us to incur substantial costs or require us to change our business practices, systems and compliance procedures in a manner adverse to our business.
We also publish statements to our participants that describe how we handle and protect PHI. We also publish statements to our participants that describe how we handle and protect PHI. If federal or state regulatory authorities, such as the FTC, or private litigants consider any portion of these statements to be untrue, we may be subject to claims of deceptive practices, which could lead to significant liabilities and consequences, including, without limitation, costs of responding to investigations, defending against litigation, settling claims, and complying with regulatory or court orders. The FTC sets expectations for failing to take appropriate steps to keep consumers’ personal information secure, or failing to provide a level of security commensurate to promises made to individuals about the security of their personal information (such as in a privacy notice) may constitute unfair or deceptive acts or practices in violation of Section 5(a) of the Federal Trade Commission Act (“FTC Act”). The FTC sets expectations for failing to take appropriate steps to keep consumers’ personal information secure, or failing to provide a level of security commensurate to promises made to individual about the security of their personal information (such as in a privacy notice) may constitute unfair or deceptive acts or practices in violation of Section 5(a) of the Federal Trade Commission Act (“FTC Act”). The FTC expects a company’s data security measures to be reasonable and appropriate in light of the sensitivity and volume of consumer information it holds, the size and complexity of its business, and the cost of available tools to improve security and reduce vulnerabilities. Individually identifiable health information is considered sensitive data that merits stronger safeguards. With respect to privacy, the FTC also sets expectations that companies honor the privacy promises made to individuals about how the company handles consumers’ personal information; failure to honor promises, such as the statements made in a privacy policy or on a website, may also constitute unfair or deceptive acts or practices in violation of the FTC Act. With respect to privacy, the FTC also sets expectations that companies honor the privacy promises made to individuals about how the company handles consumers’ personal information; any failure to honor promises, such as the statements made in a privacy policy or on a website, may also constitute unfair or deceptive acts or practices in violation of the FTC Act. Additionally, the FTC has the power to enforce promises as it interprets them, and events that we cannot fully control, such as data breaches, may result in FTC enforcement and could result in civil penalties or enforcement actions. While we do not intend to engage in unfair or deceptive acts or practices, the FTC has the power to enforce promises as it interprets them, and events that we cannot fully control, such as data breaches, may be result in FTC enforcement. Any of the foregoing consequences could seriously harm our business and our financial results.
Risks Related to Our Indebtedness and Liquidity
Our existing indebtedness could adversely affect our business.
As of June 30, 2025, we had total outstanding debt of (i) $60.0 million principal amount under the Term Loan Facility (as defined in Note 7, “Long-term Debt” to the consolidated financial statements in this Annual Report), and (ii) $2.2 million principal amount under the convertible term loan (included in “Liabilities held for sale” in the consolidated
39
financial statements in this Annual Report). Our indebtedness requires us to use cash flows for purposes of satisfying our debt obligations. If we cannot generate sufficient cash flow to service our debt, we may need to refinance our debt, dispose of assets or issue equity to obtain necessary funds. If we cannot generate sufficient cash flow from operations to service our debt, we may need to refinance our debt, dispose of assets or issue equity to obtain necessary funds. We do not know whether we will be able to take any of these actions on a timely basis, or on terms satisfactory to us or at all.
Additionally, our indebtedness exposes us to risks relating to fluctuations in interest rates, which can increase borrowing costs.
In addition, the Credit Agreement (as defined in Note 7, “Long-term Debt” to the consolidated financial statements in this Annual Report) contains a number of restrictive covenants that impose significant operating and financial restrictions on us and may limit our ability to engage in acts that may be in our long-term best interests. A breach of the covenants or restrictions under the Credit Agreement could result in an event of default under the agreement and could allow the creditors to accelerate the related debt and terminate all commitments to extend credit thereunder and could further result in the acceleration of any other debt to which a cross-acceleration or cross-default provision applies. In the event the holders of our indebtedness accelerate the repayment pursuant to an event of default, we may not have sufficient assets to repay that indebtedness or be able to borrow sufficient funds to refinance it. In the event the holders of our indebtedness accelerate the repayment, we may not have sufficient assets to repay that indebtedness or be able to borrow sufficient funds to refinance it.
Our failure to raise additional capital or generate cash flows necessary to expand our operations and invest in participant services in the future could reduce our ability to compete successfully and harm our results of operations. Our failure to raise additional capital or generate cash flows necessary to expand our operations and invest in participant services in the future could reduce our ability to compete successfully and harm our results of operations.
We may need to raise additional funds, and we may not be able to obtain additional debt or equity financing on favorable terms or at all. If we raise additional equity financing, our security holders may experience significant dilution of their ownership interests. If we engage in additional debt financing, we may be required to accept terms that restrict our operational flexibility and our ability to incur additional indebtedness, force us to maintain specified liquidity or other ratios or restrict our ability to pay dividends or make acquisitions. If we need additional capital and cannot raise it on acceptable terms, or at all, we may not be able to, among other things:
•develop and enhance our participant services;
•continue to expand our business either by increasing enrollment or building de novo centers;
•hire, train and retain employees;
•respond to competitive pressures or unanticipated working capital requirements; or
•pursue acquisition opportunities.
Risks Related to Our Common Stock
Our operating results have fluctuated and may fluctuate significantly in the future, which makes our future operating results difficult to predict and could cause such results to fall below any guidance, targets or goals we provide.
Our quarterly and annual operating results have fluctuated and may fluctuate significantly, which makes it difficult for us to predict our future operating results. These fluctuations may be driven by a variety of factors, many of which are outside of our control, including, but not limited to:
•our ability to execute our growth strategy, including our ability to identify and successfully complete acquisitions and expand via de novo centers within existing and new markets;
•our inability to control expenses and increases to the cost of care, including as a result of the composition of our participant pool, macroeconomic factors such as such as labor shortages, high inflation, and health emergencies;
•the results of current and future, routine and non-routine inspections, reviews, audits and investigations under federal and state government programs and contracts, and any resulting sanctions or remediation efforts as a result of such government actions; and
•legal proceedings, enforcement actions and litigation, malpractice and privacy disputes to which we are currently and may in the future be party to.
40
The impact of any one of the factors discussed above or any other factors discussed in this “Risk Factors” section, or the cumulative effects of a combination of such factors, could result in significant fluctuations and unpredictability in our quarterly and annual operating results. As a result of such variability and unpredictability, our revenue or operating results could fall short of our expectations or any guidance we provide and we may also fail to meet the expectations of industry or financial analysts or investors for any period. If the guidance we provide falls short or we are unable to meet the expectations of analysts or investors, the trading price of our common stock could decline substantially.
Our stock price is volatile.
The price of our common stock has significantly fluctuated since our IPO. The price of our common stock has significantly fluctuated since our IPO. In addition, securities markets worldwide have experienced, and are likely to continue to experience, significant price and volume fluctuations. This market volatility, as well as general economic, market or political conditions, could continue to subject the market price of our shares to wide price fluctuations regardless of our operating performance. Because we do not anticipate paying any regular cash dividends on our common stock for the foreseeable future, any return on investment in our common stock is solely dependent upon the appreciation of the price of our common stock on the open market, which due to historic fluctuation may not occur. The trading price of our shares fluctuates in response to various factors, including:
•developments and results of audits, sanctions, investigations and litigation;
•market conditions in our industry or the broader stock market;
•actual or anticipated fluctuations in our quarterly financial and operating results;
•introduction of new services by us or our competitors;
•issuance of new or changed securities analysts’ reports, research or recommendations;
•sales, or anticipated sales, of large blocks of our stock;
•additions or departures of key personnel;
•regulatory or political developments;
•economic and macroeconomic conditions, including inflationary pressures, increased interest rates, trade wars, weather and public health events;
•investors’ perception of us and our prospects; and
•any default on our indebtedness.
These and other factors, many of which are beyond our control, may cause the market price and demand for our shares to fluctuate substantially. Fluctuations in the price of our shares could limit or prevent investors from readily selling their shares and may otherwise negatively affect the market price and liquidity of our shares. Fluctuations in our quarterly operating results could limit or prevent investors from readily selling their shares and may otherwise negatively affect the market price and liquidity of our shares.
Our Principal Shareholders control us, and their interests may conflict with our interests and those of our other shareholders.
Our Principal Shareholders own approximately 83% of our common stock, which means that they control the vote of all matters submitted to a vote of our shareholders, which enables them to control the election of the members of the Board and all other corporate decisions. Our Principal Shareholders own approximately 83% of our common stock, which means that they control the vote of all matters submitted to a vote of our shareholders, which enables them to control the election of the members of the Board and all other corporate decisions. This concentration of ownership may delay, deter or prevent acts that would be favored by our other shareholders. The interests of the Principal Shareholders may not always coincide with our interests or the interests of our other shareholders. Even when the Principal Shareholders cease to own shares of our common stock representing a majority of the total voting power, for so long as the Principal Shareholders continue to own a significant percentage of our common stock, the Principal Shareholders will still be able to significantly influence the composition of our Board and the approval of actions requiring shareholder approval. Even when the Principal Shareholders cease to own shares of our stock representing a majority of the total voting power, for so long as the Principal Shareholders continue to own a significant percentage of our stock, the Principal Shareholders will still be able to significantly influence the composition of our Board and the approval of actions requiring shareholder approval. Accordingly, for such period of time, the Principal Shareholders will have significant influence with respect to our management, business plans and policies, including the appointment and removal of our officers, decisions on whether to raise future capital and amend our charter and bylaws, which govern the rights attached to our common stock. In particular, for so long as the Principal Shareholders continue to own a significant percentage of our common stock, the Principal Shareholders will be able to cause or prevent a change of control of us or a change in the composition of our Board and could preclude any unsolicited acquisition of us. In particular, for so long as the Principal Shareholders continue to own a significant percentage of our stock, the Principal Shareholders will be able to cause or prevent a change of control of us or a change in 39the composition of our Board and could preclude any unsolicited acquisition of us. The concentration of ownership could deprive shareholders of an opportunity to receive a premium for their shares of common
41
stock as part of a sale of us and ultimately might affect the market price of our common stock. In addition, this concentration of ownership may adversely affect the trading price of our common stock because investors may perceive disadvantages in owning shares in a company with significant shareholders.
Additionally, we are party to a Director Nomination Agreement (defined herein) with the Principal Shareholders that provides the Principal Shareholders the right to designate: (i) all of the nominees for election to our Board for so long as the Principal Shareholders collectively beneficially own at least 40% of the Original Amount (as defined therein); (ii) 40% of the nominees for election to our Board for so long as the Principal Shareholders collectively beneficially own less than 40% but at least 30% of the Original Amount; (iii) 30% of the nominees for election to our Board for so long as the Principal Shareholders collectively beneficially own less than 30% but at least 20% of the Original Amount; (iv) 20% of the nominees for election to our Board for so long as the Principal Shareholders collectively beneficially own less than 20% but at least 10% of the Original Amount; and (v) one of the nominees for election to our Board for so long as the Principal Shareholders collectively beneficially own at least 5% of the Original Amount. In addition, we are party to a Director Nomination Agreement (defined herein) with the Principal Shareholders that provides the Principal Shareholders the right to designate: (i) all of the nominees for election to our Board for so long as the Principal Shareholders collectively beneficially own at least 40% of the Original Amount (as defined therein); (ii) 40% of the nominees for election to our Board for so long as the Principal Shareholders collectively beneficially own less than 40% but at least 30% of the Original Amount; (iii) 30% of the nominees for election to our Board for so long as the Principal Shareholders collectively beneficially own less than 30% but at least 20% of the Original Amount; (iv) 20% of the nominees for election to our Board for so long as the Principal Shareholders collectively beneficially own less than 20% but at least 10% of the Original Amount; and (v) one of the nominees for election to our Board for so long as the Principal Shareholders collectively beneficially own at least 5% of the Original Amount. If TCO Group Holdings, L.P., the investment vehicle through which the Principal Shareholders hold their investment, is dissolved, then each of the Principal Shareholders will be permitted to nominate (i) up to three directors so long as it owns at least 25% of the Original Amount, (ii) up to two directors so long as it owns at least 15% of the Original Amount and (iii) one director so long as it owns at least 5% of the Original Amount. The Principal Shareholders may also assign such right to their affiliates. The Director Nomination Agreement also provides for certain consent rights for each of the Principal Shareholders so long as such shareholder owns at least 5% of the Original Amount, including for any changes to the size of our Board.
The Principal Shareholders and their affiliates engage in a broad spectrum of activities, including investments in the healthcare industry generally. The Principal Shareholders and their affiliates engage in a broad spectrum of activities, including investments in the healthcare industry generally. In the ordinary course of their business activities, the Principal Shareholders and their affiliates may engage in activities where their interests conflict with our interests or those of our other shareholders, such as investing in or advising businesses that directly or indirectly compete with certain portions of our business or are suppliers or customers of ours. Our certificate of incorporation provides that neither the Principal Shareholders, any of their affiliates or any of their respective directors (including any who also serve as our officers or directors) or their affiliates have any duty to refrain from engaging, directly or indirectly, in the same business activities or similar business activities or lines of business in which we operate. Our certificate of incorporation provides that neither the Principal Shareholders, any of their affiliates or any director who is not employed by us (including any non-employee director who serves as one of our officers in both her or his director and officer capacities) or its affiliates have any duty to refrain from engaging, directly or indirectly, in the same business activities or similar business activities or lines of business in which we operate. The Principal Shareholders also may pursue business and investment opportunities that may be complementary to our business, and, as a result, those opportunities may not be available to us. In addition, the Principal Shareholders may have an interest in pursuing acquisitions, divestitures and other transactions that, in their judgment, could enhance their investment, even though such transactions might involve risks to our other shareholders.
We are a “controlled company” within the meaning of the rules of Nasdaq and, as a result, we qualify for, and intend to continue relying on, exemptions from certain corporate governance requirements. We are a “controlled company” within the meaning of the rules of Nasdaq and, as a result, we qualify for, and intend to continue relying on, exemptions from certain corporate governance requirements. Therefore, shareholders do not have the same protections as those afforded to shareholders of companies that are subject to such governance requirements. Therefore, you do not have the same protections as those afforded to stockholders of companies that are subject to such governance requirements.
The Principal Shareholders control a majority of the voting power of our outstanding common stock. The Principal Shareholders control a majority of the voting power of our outstanding common stock. As a result, we are a “controlled company” within the meaning of the corporate governance standards of the Nasdaq Global Select Market (“Nasdaq”). Under these rules, a company of which more than 50% of the voting power for the election of directors is held by an individual, group or another company is a “controlled company” and may elect not to comply with certain corporate governance requirements, including:
•the requirement that a majority of our Board consist of independent directors;
•the requirement that nominees to our Board are to be selected, or recommended for the Board’s selection, either by independent directors constituting a majority of the Board’s independent directors or by a nominations committee that is composed entirely of independent directors;
•the requirement that we have a compensation committee that is composed entirely of independent directors with a written charter addressing the committee’s purpose and responsibilities; and
•the requirement for an annual performance evaluation of the Board and its committees.
We currently utilize and intend to continue utilizing certain of these exemptions as long as they are available to us, and in the future, we could utilize additional exemptions. We currently utilize and intend to continue utilizing certain of these exemptions as long as they are available to us, and in the future, we could utilize additional exemptions. Accordingly, shareholders do not have the same protections afforded to shareholders of companies that are subject to all of the corporate governance requirements of Nasdaq. Accordingly, you do not have the same protections afforded to shareholders of companies that are subject to all of the corporate governance requirements of Nasdaq.
42
We qualify as an “emerging growth company” and a “smaller reporting company” and we have elected to comply with reduced public company reporting requirements, which could make our common stock less attractive to investors.
We are an “emerging growth company,” as defined in the JOBS Act and a “smaller reporting company” as defined by the Exchange Act. We are an “emerging growth company,” as defined in the JOBS Act and a “smaller reporting company” as defined by the Exchange Act. For as long as we continue to qualify as an emerging growth company, we are eligible for certain exemptions from various public company reporting requirements. These exemptions include, but are not limited to, (i) not being required to comply with the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act, (ii) reduced disclosure obligations regarding executive compensation in our periodic reports, proxy statements and registration statements, (iii) exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and shareholder approval of any golden parachute payments not previously approved, and (iv) an extended transition period to comply with new or revised accounting standards applicable to public companies. We have chosen to take advantage of the extended transition period to comply with new or revised accounting standards applicable to public companies. Additionally, as long as we qualify as a smaller reporting company, we are required to present only the two most recent fiscal years of audited financial statements in our Annual Reports on Form 10-K.
We expect to qualify as an emerging growth company until the end of fiscal year 2026, which is five fiscal years following the first sale of our common stock pursuant to an effective registration statement under the Securities Act of 1933, as amended (the “Securities Act”), which occurred in March 2021. Even after fiscal year 2026 when we no longer qualify as an “emerging growth company,” we may still qualify as a “smaller reporting company” if the market value of our common stock held by non-affiliates is below $250 million (or $700 million if our annual revenue is less than $100 million) as of December 31 in any given year, which would allow us to continue taking advantage of certain of these exemptions.
As a result, the information that we provide to holders of our common stock may be different than those shareholders might receive from other public reporting companies in which they hold equity interests.As a result, the information that we provide to holders of our common stock may be different than you might receive from other public reporting companies in which you hold equity interests. Investors may find our common stock less attractive as a result of reliance on these exemptions. If some investors find our common stock less attractive as a result of any choice we make to reduce disclosure, there may be a less active trading market for our common stock and the market price for our common stock may be more volatile.
The requirements of being a public company may strain our resources and distract our management, which could make it difficult to manage our business, particularly after we no longer qualify as an “emerging growth company” or a “smaller reporting company. The requirements of being a public company may strain our resources and distract our management, which could make it difficult to manage our business, particularly after we no longer qualify as an “emerging growth company” or a “smaller reporting company. ”
As a public company, we are subject to the reporting requirements of the Exchange Act and the Sarbanes-Oxley Act, the listing requirements of Nasdaq and other applicable securities rules and regulations. Compliance with these rules and regulations creates legal and financial compliance costs, makes some activities more difficult, time-consuming and costly and increases demand on our systems and resources, particularly after we no longer qualify as an “emerging growth company” or “smaller reporting company.”
The Sarbanes-Oxley Act requires, among other things, that we establish and maintain effective internal controls and procedures for financial reporting. If we fail to achieve and maintain the adequacy of our internal controls, as such standards are modified, supplemented or amended from time to time, we or our auditors may conclude that we do not have effective internal controls over financial reporting in accordance with Section 404 of the Sarbanes-Oxley Act. If we fail to achieve and maintain the adequacy of our internal controls, as such standards are modified, supplemented or amended from time to time, we may not be able to ensure that we can conclude on an ongoing basis that we have effective internal controls over financial reporting in accordance with Section 404 of the Sarbanes-Oxley Act. The existence of any material weaknesses or significant deficiency in internal controls over financial reporting would require management to devote significant time and incur significant expenses to remediate any such issue. The existence of any material weaknesses or significant deficiency in internal controls over financial reporting would require management to devote significant time and incur significant expenses to remediate any such issue and management may not be able to remediate the issue in a timely manner. The existence of any material weaknesses or significant deficiency could cause us to reissue our financial statements, fail to meet reporting deadlines or undermine shareholders’ confidence in our reported financial statements, any of which could materially and adversely impact our stock price.
In addition, changing laws, regulations and standards relating to corporate governance and public disclosure, such as disclosures related to climate emissions, and their varying interpretations, are creating uncertainty for public companies, increasing legal and financial compliance costs and making some activities more time consuming.In addition, changing laws, regulations and standards relating to corporate governance and public disclosure, such as disclosures related to climate emissions, are creating uncertainty for public companies, increasing legal and financial 41compliance costs and making some activities more time consuming. The application of these laws may evolve over time as new guidance is provided by regulatory and governing bodies, resulting in continuing uncertainty regarding compliance matters and higher costs necessitated by ongoing revisions to disclosure and governance practices. The consequences associated with violating corporate practice of medicine laws vary by state and may result in physicians or other clinicians being subject to disciplinary action, as well as forfeiture of revenues from government payors for services rendered. If our efforts to comply with new laws, regulations and standards differ from the activities intended by regulatory or governing bodies due to ambiguities related to their application and practice, regulatory authorities may initiate legal proceedings against us and there could be a material adverse effect on our business, financial condition and results of operations.
43
Provisions of our corporate governance documents could make an acquisition of us more difficult and may prevent attempts by our shareholders to replace or remove our current management, even if beneficial to our shareholders.
In addition to the Principal Shareholders’ beneficial ownership of a combined 83% of our common stock, our Director Nomination Agreement, certificate of incorporation and bylaws and the Delaware General Corporation Law (the “DGCL”), contain provisions that could make it more difficult for a third party to acquire us without the consent of our Board or the Principal Shareholders, even if doing so might be beneficial to our shareholders. In addition to the Principal Shareholders’ beneficial ownership of a combined 83% of our common stock, our Director Nomination Agreement, certificate of incorporation and bylaws and the Delaware General Corporation Law (the “DGCL”), contain provisions that could make it more difficult for a third party to acquire us without the consent of our Board or the Principal Shareholders, even if doing so might be beneficial to our shareholders. Among other things, these provisions:
•allow us to authorize the issuance of undesignated preferred stock, the terms of which may be established and the shares of which may be issued without shareholder approval, and which may include supermajority voting, special approval, dividend, or other rights or preferences superior to the rights of shareholders;
•provide for a classified board of directors with staggered three-year terms;
•prohibit shareholder action by written consent from and after the date on which the Principal Shareholders beneficially own, in the aggregate, less than 35% of our common stock then outstanding;
•provide that, from and after the date on which the Principal Shareholders beneficially own less than 50% of our common stock then outstanding, any amendment, alteration, rescission or repeal of our bylaws by our shareholders will require the affirmative vote of the holders of at least 66 2∕3% in voting power of all the then-outstanding shares of our stock entitled to vote thereon, voting together as a single class; and
•establish advance notice requirements for nominations for elections to our Board or for proposing matters that can be acted upon by shareholders at shareholder meetings, provided, however, that at any time when a Principal Shareholder beneficially owns at least 5% of our common stock then outstanding, such advance notice procedure will not apply to such Principal Shareholder.
Our certificate of incorporation contains a provision that provides us with protections similar to Section 203 of the DGCL, and prevents us from engaging in a business combination with a person (excluding the Principal Shareholders and any of their direct or indirect transferees and any group as to which such persons are a party) who acquires at least 15% of our common stock for a period of three years from the date such person acquired such common stock, unless Board or shareholder approval is obtained prior to the acquisition. Our certificate of incorporation contains a provision that provides us with protections similar to Section 203 of the DGCL, and prevents us from engaging in a business combination with a person (excluding the Principal Shareholders and any of their direct or indirect transferees and any group as to which such persons are a party) who acquires at least 85% of our common stock for a period of three years from the date such person acquired such common stock, unless Board or shareholder approval is obtained prior to the acquisition. These provisions could discourage, delay or prevent a transaction involving a change in control of our Company. These provisions could also discourage proxy contests and make it more difficult for minority shareholders to elect directors of their choosing and cause us to take other corporate actions shareholders desire, including actions that other shareholders may deem advantageous, or negatively affect the trading price of our common stock. These provisions could also discourage proxy contests and make it more difficult for you and other shareholders to elect directors of your choosing and cause us to take other corporate actions you desire, including actions that you may deem advantageous, or negatively affect the trading price of our common stock. In addition, because our Board is responsible for appointing the members of our management team, these provisions could in turn affect any attempt by our shareholders to replace current members of our management team. The existence of these provisions could negatively affect the price of our common stock and limit opportunities for shareholders to realize value in a corporate transaction.
Our certificate of incorporation designates the Court of Chancery of the State of Delaware as the exclusive forum for certain litigation that may be initiated by our shareholders and the federal district courts of the United States as the exclusive forum for litigation arising under the Securities Act, which could limit our shareholders’ ability to obtain a favorable judicial forum for disputes with us. Our certificate of incorporation designates the Court of Chancery of the State of Delaware as the exclusive forum for certain litigation that may be initiated by our shareholders and the federal district courts of the United States as the 42exclusive forum for litigation arising under the Securities Act, which could limit our shareholders’ ability to obtain a favorable judicial forum for disputes with us.
Pursuant to our certificate of incorporation, unless we consent in writing to the selection of an alternative forum, the Court of Chancery of the State of Delaware (or, if the Court of Chancery does not have jurisdiction, the United States District Court for the District of Delaware) will, to the fullest extent permitted by law, be the sole and exclusive forum for (i) any derivative action or proceeding brought on behalf of us, (ii) any action asserting a claim of breach of fiduciary duty owed by, or other wrongdoing by, any our directors, officers, employees or agents to us or our shareholders, creditors or other constituents, or a claim of aiding and abetting any such breach of fiduciary duty, (iii) any action asserting a claim against the us or any of our directors or officers or other employees arising pursuant to any provision of the DGCL or our certificate of incorporation or our Bylaws (as either may be amended, restated, modified, supplemented or waived from time to time), (iv) any action to interpret, apply, enforce or determine the validity of our certificate of incorporation or our bylaws, (v) any action asserting a claim against us or any of our directors or officers or other employees governed by the internal affairs doctrine or (vi) any action asserting an “internal corporate claim” as that term is defined in Section 115 of the DGCL. Pursuant to our certificate of incorporation, unless we consent in writing to the selection of an alternative forum, the Court of Chancery of the State of Delaware (or, if the Court of Chancery does not have jurisdiction, the United States District Court for the District of Delaware) will, to the fullest extent permitted by law, be the sole and exclusive forum for (i) any derivative action or proceeding brought on behalf of us, (ii) any action asserting a claim of breach of fiduciary duty owed by, or other wrongdoing by, any our directors, officers, employees or agents to us or our stockholders, creditors or other constituents, or a claim of aiding and abetting any such breach of fiduciary duty, (iii) any action asserting a claim against the us or any of our directors or officers or other employees arising pursuant to any provision of the DGCL or our certificate of incorporation or our Bylaws (as either may be amended, restated, modified, supplemented or waived from time to time), (iv) any action to interpret, apply, enforce or determine the validity of our certificate of incorporation or our bylaws, (v) any action asserting a claim against us or any of our directors or officers or other employees governed by the internal affairs doctrine or (vi) any action asserting an “internal corporate claim” as that term is defined in Section 115 of the DGCL. Our certificate of incorporation also provides that, unless we consent in writing to the selection of an alternative forum, the federal district courts of the United States shall be the exclusive forum for the resolution of any complaint asserting a cause of action arising under the Securities Act. However, Section 22 of the Securities Act creates concurrent jurisdiction for federal and state courts over all suits brought to enforce a duty or liability created by the Securities Act or
44
the rules and regulations thereunder; accordingly, we cannot be certain that a court would enforce such provision. Our certificate of incorporation further provides that any person or entity purchasing or otherwise acquiring any interest in shares of our capital stock is deemed to have notice of and consented to the provisions of our certificate of incorporation described above; however, our shareholders will not be deemed to have waived our compliance with the federal securities laws and the rules and regulations thereunder. The forum selection provisions in our certificate of incorporation may have the effect of discouraging lawsuits against us or our directors and officers and may limit our shareholders’ ability to obtain a favorable judicial forum for disputes with us. If the enforceability of our forum selection provision were to be challenged, we may incur additional costs associated with resolving such a challenge. While we currently have no basis to expect any such challenge would be successful, if a court were to find our forum selection provision to be inapplicable or unenforceable, we may incur additional costs associated with having to litigate in other jurisdictions, which could have an adverse effect on our business, financial condition and results of operations and result in a diversion of the time and resources of our employees, management and Board.
A significant portion of our total outstanding shares may be sold into the market. This could cause the market price of our common stock to drop significantly, even if our business is doing well.
Sales of a substantial number of shares of our common stock in the public market could occur at any time. These sales, or the perception in the market that the holders of a large number of shares intend to sell shares, could reduce the market price of our common stock.
We are party to a registration rights agreement with TCO Group Holdings, L.P., the investment vehicle through which the Principal Shareholders hold their investment, which requires us to effect the registration of the Principal Shareholders’ shares in certain circumstances. The Principal Shareholders are also entitled to participate in certain of our registered offerings, subject to the restrictions in the registration rights agreement. These registration rights would facilitate the resale of such securities into the public market, and any such resale would increase the number of shares of our common stock available for public trading.
In addition, we have registered shares of common stock that we may issue under our equity compensation plans. Such shares can be freely sold in the public market upon issuance, subject to vesting, and Rule 144 under the Securities Act.
In the future, we may also issue our securities in connection with investments or acquisitions. The number of shares issued in connection with an investment or acquisition could constitute a material portion of our then-outstanding common stock.
Our Board has in the past approved, and may in the future approve, a share repurchase program that would subject us to certain risks, which could be exacerbated because our stock is thinly traded.
Our Board has in the past, and may in the future approve, a repurchase program to repurchase shares of our common stock. A share repurchase program would not generally obligate us to acquire any common stock, and generally could be discontinued at any time. If we fail to meet any expectations related to share repurchases in conjunction with an approved share repurchase program, we may lose market and investor confidence. If we fail to meet any expectations related to share repurchases, we may lose market and investor confidence. In addition, our common stock is thinly traded. Thinly traded stocks pose several risks for investors because they have wider spreads and less displayed size than other stocks that trade in higher volumes. Other risks posed by thinly traded stocks include difficulty selling the stock, challenges attracting market makers to make markets in the stock, and difficulty with financings. Because our common stock is thinly traded, repurchases under future repurchase programs could impact the price of our common stock on a given day or period. Because our common stock is thinly traded, repurchases under the repurchase program can impact the price of our common stock on a given day or period.
Future offerings of debt or equity securities by us may materially adversely affect the market price of our common stock. Future offerings of debt or equity securities by us may materially adversely affect the market price of our common stock.
In the future, we may attempt to obtain financing or to further increase our capital resources by issuing additional shares of our common stock or offering debt or other equity securities, including senior or subordinated notes, debt securities convertible into equity or shares of preferred stock. In the future, we may attempt to obtain financing or to further increase our capital resources by issuing additional shares of our common stock or offering debt or other equity securities, including senior or subordinated notes, debt securities convertible into equity or shares of preferred stock. In addition, we may seek to expand operations in the future to other markets which we would expect to finance through a combination of additional issuances of equity, corporate indebtedness and/or cash from operations.
Issuing additional shares of our common stock or other equity securities or securities convertible into equity may dilute the economic and voting rights of our existing shareholders or reduce the market price of our common stock or both. Issuing additional shares of our common stock or other equity securities or securities convertible into equity may dilute the economic and voting rights of our existing stockholders or reduce the market price of our common stock or both. Upon liquidation, holders of such debt securities and preferred shares, if issued, and lenders with respect to other borrowings would receive a distribution of our available assets prior to the holders of our common stock. Debt securities convertible
45
into equity could be subject to adjustments in the conversion ratio pursuant to which certain events may increase the number of equity securities issuable upon conversion. Preferred shares, if issued, could have a preference with respect to liquidating distributions or a preference with respect to dividend payments that could limit our ability to pay dividends to the holders of our common stock. Our decision to issue securities in any future offering will depend on market conditions and other factors beyond our control, which may adversely affect the amount, timing or nature of our future offerings. Thus, holders of our common stock bear the risk that our future offerings may reduce the market price of our common stock and dilute their stockholdings in us.
If we are unable to comply with the continued listing requirements of the Nasdaq, our common stock could be delisted, affecting our common stock’s market price and liquidity and reducing our ability to raise capital.
Our common stock is currently listed on Nasdaq. If we fail to satisfy the continued listing standards of Nasdaq, such as, for example, Nasdaq’s minimum bid price requirement or stockholders’ equity requirements, Nasdaq may issue a non-compliance letter or initiate delisting proceedings. If we are unable to maintain compliance with the continued listing requirements of Nasdaq, our common stock could be delisted, making it more difficult to buy or sell our securities and to obtain accurate quotations, and the price of our securities could suffer a material decline. Delisting could also impair our ability to raise capital through alternative financing sources on terms acceptable to us, or at all, and may result in the potential loss of confidence by investors and employees and fewer business development opportunities.
Item 1B. UNRESOLVED STAFF COMMENTS
None.
Item 1C. CYBERSECURITY
Risk Management and Strategy
Our Cybersecurity Program (“Program”) is designed from a risk- and compliance-based approach for resilience and protection across our operations and the appropriate access, use, and/or disclosure of PHI and PII. Our Program employs the National Institute of Standards Technology (NIST) Cybersecurity Framework (CSF) and strategy to deliver multi-layered defenses and relevant technologies that are designed to control, audit, monitor, and protect access to sensitive information. Our Program employs the National Institute of Standards Technology (NIST) cybersecurity framework and strategy to deliver multi-layered defenses and relevant technologies that are designed to control, audit, monitor, and protect access to sensitive information. We also leverage government partnerships, industry and government associations, third-party benchmarking, audits, threat intelligence feeds and other similar resources to inform our cybersecurity efforts and allocate resources .
As a company managing the use and disclosure of PHI and PII, we annually undergo internal and/or third-party HIPAA Security Rule risk assessments of our administrative, physical, and technical safeguards. In addition, external assessors periodically evaluate our safeguards against multiple frameworks, including NIST CSF.
46
Governance
Recently Filed
Click on a ticker to see risk factors
| Ticker * | File Date |
|---|---|
| INNV | 9 hours ago |
| ALMU | 9 hours ago |
| CTLP | 1 day, 9 hours ago |
| GROW | 1 day, 9 hours ago |
| TWIN | 4 days, 9 hours ago |
| GDLC | 4 days, 10 hours ago |
| LTCN | 4 days, 10 hours ago |
| BCHG | 4 days, 10 hours ago |
| GCBC | 4 days, 11 hours ago |
| FLWS | 4 days, 13 hours ago |
| CBKM | 4 days, 16 hours ago |
| IBIO | 4 days, 17 hours ago |
| LFVN | 5 days, 10 hours ago |
| PDEX | 5 days, 10 hours ago |
| BRC | 5 days, 19 hours ago |
| CSCO | 6 days, 9 hours ago |
| INTU | 6 days, 10 hours ago |
| RGS | 6 days, 20 hours ago |
| GEG | 1 week ago |
| LDXC | 1 week ago |
| WDSP | 1 week ago |
| STME | 1 week, 4 days ago |
| BMRA | 1 week, 4 days ago |
| GLGI | 1 week, 4 days ago |
| PANW | 1 week, 4 days ago |
| GTIC | 1 week, 4 days ago |
| PROV | 1 week, 4 days ago |
| LTRX | 1 week, 4 days ago |
| ARAY | 1 week, 5 days ago |
| IREN | 1 week, 5 days ago |
| BILL | 1 week, 5 days ago |
| MBUU | 1 week, 5 days ago |
| LUCK | 1 week, 5 days ago |
| PAHC | 1 week, 6 days ago |
| BCRD | 1 week, 6 days ago |
| MCFT | 1 week, 6 days ago |
| PSEC | 2 weeks ago |
| QMCO | 2 weeks ago |
| WOLF | 2 weeks ago |
| ELMD | 2 weeks ago |
| UFI | 2 weeks ago |
| STRT | 2 weeks, 1 day ago |
| NSSC | 2 weeks, 1 day ago |
| JKHY | 2 weeks, 1 day ago |
| OSIS | 2 weeks, 1 day ago |
| ZONE | 2 weeks, 4 days ago |
| KE | 2 weeks, 4 days ago |
| FLXS | 2 weeks, 4 days ago |
| ETD | 2 weeks, 4 days ago |
| PH | 2 weeks, 4 days ago |
