Risk Factors - SEM

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

$SEM Risk Factor changes from 00/02/24/22/2022 to 00/02/22/24/2024

Item 1A. Risk Factors.

In addition to the factors discussed elsewhere in this Form 10-K, the following are important factors which could cause actual results or events to differ materially from those contained in any forward-looking statements made by or on behalf of us.Risks Related to Our BusinessIf there are changes in the rates or methods of Medicare reimbursements for our services, our revenue and profitability could decline.Revenues from providing services to patients covered under the Medicare program represented approximately 23%, 23%, and 22% of our revenue for the years ended December 31, 2021, 2022, and 2023, respectively. In recent years, through legislative and regulatory actions, the federal government has made substantial changes to various payment systems under the Medicare program.In recent years, through legislative and regulatory actions, the federal government has made substantial changes to various payment systems under the Medicare program. Reforms or other changes to these payment systems, including modifications to the conditions on qualification for payment, bundling payments to cover both acute and post-acute care, or the imposition of enrollment limitations on new providers, may be proposed or could be adopted, either by Congress or CMS. Additional reforms or other changes to these payment systems, including modifications to the conditions on qualification for payment, bundling payments to cover both acute and post-acute care, or the imposition of enrollment limitations on new providers, may be proposed or could be adopted, either by Congress or CMS. If revised regulations are adopted, the availability, methods, and rates of Medicare reimbursements for services of the type furnished at our facilities could change. Reductions in Medicare reimbursements could also adversely affect payments under some of our commercial payor contracts that follow Medicare payment methodologies. For example, the rules and regulations related to patient criteria for our critical illness recovery hospitals could become more stringent and reduce the number of patients we admit. Some of these changes and proposed changes could adversely affect our business strategy, operations, and financial results. In addition, there can be no assurance that any increases in Medicare reimbursement rates established by CMS will fully reflect increases in our operating costs. Adverse economic conditions including an inflationary economic environment in the U.S. or globally could adversely affect us.Our business is exposed to fluctuating market conditions, including rising interest rates. A continued economic downturn or recession, or slowing or stalled recovery therefrom, may have a material adverse effect on our business, financial condition or results of operations, as it could negatively impact our current and prospective patients, adversely affect the financial ability of health insurers to pay claims, adversely impact our ability to pay our expenses, and limit our ability to obtain financing for our operations. Healthcare spending in the U.S. could be negatively affected in the event of a downturn in economic conditions. For example, patients who have lost their jobs or healthcare coverage may no longer be covered by an employer-sponsored health insurance plan and patients reducing their overall spending may elect to decrease the frequency of visits to our facilities or forgo elective treatments or procedures, thereby reducing demand for our services. patients who have lost their jobs or healthcare coverage may no longer be covered by an employer-sponsored health insurance plan, and patients reducing their overall spending may elect to decrease the frequency of visits to our facilities or forgo elective treatments or procedures, thereby reducing demand for our services. A reduction in workforce may also lead to declines in workers’ compensation claims, which may adversely affect Concentra’s business. Approximately 60% of Concentra’s revenue was generated from the treatment of workers’ compensation claims in 2023.Approximately 56% of Concentra’s revenue in 2021 was generated from the treatment of workers’ compensation claims. Inflation has increased throughout the U.S. economy. In an inflationary environment, we may continue to experience increases in the prices of labor and other costs of doing business. Cost increases may outpace our expectations, causing us to use our cash and other liquid assets faster than forecasted. If we are unable to successfully manage the effects of inflation, our business, operating results, cash flows and financial condition may be adversely affected. Labor shortages, increased employee turnover, increases in employee-related costs, and union activity could have adverse effects including significant increases in our operating costs.We have experienced and may continue to experience decreased profitability due to increased employee-related costs.We have experienced and may continue to experience increased operating costs due to increased employee-related costs. A number of factors contribute to increased labor costs, such as constrained staffing due to a shortage of healthcare workers, increased dependence on contract clinical workers, the cost of recruiting and training new employees, the cost of retaining existing staff, and other government regulations, which include laws and regulations related to workers’ health and safety. A number of factors contribute to increased labor costs, such as constrained staffing due to a shortage of healthcare workers, increased dependence on contract clinical workers, the loss of unvaccinated employees in jurisdictions requiring vaccination, federal unemployment subsidies, including unemployment benefits offered in response to the COVID-19 pandemic, and other government regulations, which include laws and regulations related to workers’ health and safety. Our critical illness recovery hospitals and our rehabilitation hospitals are highly dependent on nurses, our outpatient rehabilitation division is highly dependent on therapists for patient care, and Concentra is highly dependent upon the ability of its affiliated professional groups to recruit and retain qualified physicians and other licensed providers to provide services to our existing occupation health centers and onsite health clinics. The market for qualified healthcare professionals is highly competitive. Difficulties in attracting and retaining qualified healthcare personnel can limit our ability to staff our facilities. It has also led us to use agency clinical staff in our facilities, which can increase our costs and lower our margins. Additionally, the cost of attracting, training, and retaining qualified healthcare personnel may be higher than historical trends and, as a result, our profitability could decline. Additionally, the cost of attracting and retaining qualified healthcare personnel may be higher than we anticipate, and as a result, our profitability could decline. 34Table of ContentsWhile we have historically experienced some level of ordinary course employee turnover, the continuing impact of the COVID-19 pandemic and its aftermath have exacerbated labor shortages and increased employee turnover. Increased employee turnover rates within our employee base can lead to decreased efficiency and increased costs, such as increased overtime to meet demand, increased compensation and bonuses to attract and retain employees, and incremental training costs.An overall or prolonged labor shortage, lack of skilled labor, increased employee turnover or continued increase in the cost of recruiting and retaining employees could have a material adverse impact on our operations, results of operations, liquidity or cash flows.In addition, United States healthcare providers are continuing to see an increase in the amount of union activity. Though we cannot predict the degree to which we will be affected by future union activity, there may be legislative or executive actions that could result in increased union activity. Public health threats such as a global pandemic, or widespread outbreak of infectious disease, similar to the COVID-19 pandemic, may create uncertainties about our future operating results and financial conditions.Public health threats, such as the ongoing effects of COVID-19 or any other pandemic, may have an impact on our business and results of operations, financial position, and cash flows. Prolonged volatility or significant disruption of global financial markets due in part to a public health threat could have a negative impact on our business and overall financial position. Other factors and uncertainties include, but are not limited to, adverse impacts on patient volumes and revenue, increased operational costs associated with operating during and after a pandemic; evolving macroeconomic factors, including general economic uncertainty, increased labor costs, and recessionary pressures; capital and other resources needed to respond to a pandemic; along with the severity and duration of a pandemic. These risks and their impacts are difficult to predict and could continue to otherwise disrupt and adversely affect our operations and our financial performance. Our critical illness recovery hospitals and rehabilitation hospitals may continue to experience constrained staffing levels and increased operating costs resulting from increased usage of contract clinical labor due to the overwhelming need for healthcare professionals, particularly in areas that are heavily impacted by the COVID-19 pandemic. As a result of the COVID-19 pandemic and its aftermath, our hospitals have experienced and continue to experience more variable demand for its services as well as increases in costs relating to less efficient operating procedures, increased cost of supplies, and increased salaries, wages and benefits.Unfavorable global economic conditions brought about by material global crises, military conflicts or war, geopolitical and trade disputes or other factors, may adversely affect our business and financial results.Our business may be sensitive to global economic conditions, which can be adversely affected by political and military conflict, trade and other international disputes, significant natural disasters (including as a result of climate change) or other events that disrupt macroeconomic conditions. For example, trade policies and geopolitical disputes (including as a result of China-Taiwan relations) and other international conflicts can result in tariffs, sanctions and other measures that restrict international trade, and may adversely affect our business. Countries may also adopt other measures, such as controls on imports or exports of goods, technology or data, that could adversely impact our operations. Further, military conflicts or wars (such as the ongoing conflicts between Russia and Ukraine and Israel and Palestine) can cause exacerbated volatility and disruptions to various aspects of the global economy. The uncertain nature, magnitude, and duration of hostilities stemming from such conflicts, including the potential effects of sanctions and counter-sanctions, or retaliatory cyber-attacks on the world economy and markets, have contributed to increased market volatility and uncertainty, which could have an adverse impact on macroeconomic factors that affect our business and operations, such as worldwide supply chain issues. It is not possible to predict the short and long-term implications of military conflicts or wars or geopolitical tensions which could include further sanctions, uncertainty about economic and political stability, increases in inflation rate and energy prices, cyber-attacks, supply chain challenges and adverse effects on currency exchange rates and financial markets.If Concentra loses several significant employer customers, payor partners, or relationships with workers’ compensation provider networks and employer services networks, its results may be adversely affected.Concentra has strong and longstanding relationships with major employer customers, payors, workers’ compensation provider networks and third-party employer services networks. Concentra’s results may decline if we lose several significant employer customers, payor relationships, or ability to participate in networks. One or more of Concentra’s significant employer customers, payors, or networks could be acquired. One or more of Concentra’s significant employer customers could be acquired. As employer customers, payor partners and networks make strategic business decisions in response to market conditions, financial pressure, competitive pricing pressures or other reasons, they may choose 35Table of Contentsto discontinue their relationship with us. The loss of several significant employer customers, payor or network relationships could cause a material decline in Concentra’s profitability and operating performance. The loss of several significant employer customers or payor contracts could cause a material decline in Concentra’s profitability and operating performance. If the frequency of workplace injuries and illnesses decline, Concentra’s results may be negatively affected. If the frequency of workplace injuries and illnesses decline, Concentra’s results may be negatively affected. Because of improvements in workplace safety, greater access to health insurance, and the continued transition from a manufacturing-based economy to a service-based economy, workers are generally healthier and less prone to injuries. Increases in employer-sponsored wellness and health promotion programs have led to fitter and healthier employees who may be less likely to injure themselves on the job. A decline in workplace injuries and illness may cause the number of workers’ compensation claims to decrease, which may adversely affect Concentra’s business.CMS finalized a record increase to the high cost outlier fixed loss amount for LTCH-PPS standard Federal payment rate cases in FY 2024 and, unless there are significant reforms, the fixed loss amount will likely increase again in FY 2025, which will result in fewer cases qualifying for high cost outlier payments and often lower payments for the cases that do qualify.Under the LTCH-PPS, CMS makes additional payments to LTCHs for high cost outlier cases that have extraordinarily high costs relative to the costs of most discharges. Each year, CMS sets a fixed loss amount that represents the maximum loss an LTCH will incur for a case before qualifying for a high cost outlier payment. For each case, CMS determines the high cost outlier threshold, which is an amount equal to the LTCH-PPS adjusted Federal payment for the case, plus the fixed loss amount. Payments for qualifying high cost outlier cases are based on 80% of the estimated cost of the case above the high cost outlier threshold. When CMS increases the fixed loss amount, our LTCHs have fewer cases that qualify for outlier payments and often lower payments for the cases that do qualify. In the FY 2024 IPPS/LTCH Proposed Rule, CMS proposed an unprecedented increase to the fixed loss amount, from $38,518 to $94,378. In the FY 2024 IPPS/LTCH-PPS Final Rule, CMS set the fixed loss amount at $59,873 after considering comments and making some methodological changes. Although this was a lower fixed loss amount than initially proposed, it was still the largest one-year increase to the fixed loss amount for the LTCH-PPS. There are several factors that have likely caused the recent increases to the fixed loss amount, including the COVID-19 pandemic, the LTCH-PPS dual payment rate structure with the site neutral payment rate, and inflation. These factors may continue to impact the LTCH-PPS rate setting in future years, including the upcoming FY 2025 rate setting for the Federal fiscal year that begins on October 1, 2024. As a result, there is a risk that CMS will continue to increase the fixed loss amount, which would reduce the Medicare payment for many of the most costly patients treated at our LTCHs. The effects of the COVID-19 pandemic on the dataset CMS uses for rate setting is one factor that is contributing to the recent increases to the LTCH-PPS high cost outlier fixed loss amount for standard Federal payment rate cases. The standard methodology CMS uses to calculate the fixed loss amount is based on claims data that are two years old and cost report data that are three years old. Therefore, even though the COVID-19 public health emergency ended on May 11, 2023, the data used to calculate the fixed-loss amount will continue to be affected by abnormal LTCH utilization and case-mix that occurred during the COVID-19 pandemic until June 2026. As long as CMS uses data impacted by the COVID-19 public health emergency and associated waivers, the fixed loss amount will reflect increased costs and utilization patterns that were unique to the pandemic. Another contributing factor to the recent increases to the fixed loss amount is the dual payment rate structure of the LTCH-PPS. CMS has not accounted for the effects of the dual payment rate structure on high cost outliers. The site neutral payment rate has significantly reduced the number of standard Federal payment rate cases in the dataset used for setting the fixed loss amount and has caused some operators to close LTCHs, which further reduces the dataset. The site neutral payment rate also has led to more concentration of patients assigned to DRGs likely to meet the patient criteria. Despite these changes to the LTCH-PPS, CMS has not modified its high cost outlier rate setting process to account for their effects.Finally, recent increases to the fixed loss amount may be attributable to rising inflation in the United States, and in the healthcare sector specifically. LTCHs have been subject to relatively large increases in labor, supply, and drug costs in recent years. However, CMS has not directly accounted for these cost increases when calculating the fixed loss amount. If CMS does not address these factors, it is likely that the fixed loss amount for FY 2025 will increase further, which will reduce the Medicare payment for high cost outlier cases.We conduct business in a heavily regulated industry, and changes in regulations, new interpretations of existing regulations, or violations of regulations may result in increased costs or sanctions that reduce our revenue and profitability. 34Table of ContentsWe conduct business in a heavily regulated industry, and changes in regulations, new interpretations of existing regulations, or violations of regulations may result in increased costs or sanctions that reduce our revenue and profitability. The healthcare industry is subject to extensive federal, state, and local laws and regulations relating to: (i) facility and professional licensure, including certificates of need; (ii) conduct of operations, including financial relationships among healthcare providers, Medicare fraud and abuse, and physician self-referral; (iii) addition of facilities and services and enrollment of newly developed facilities in the Medicare program; (iv) payment for services; and (v) safeguarding protected health information.36Table of ContentsBoth federal and state regulatory agencies inspect, survey, and audit our facilities to review our compliance with these laws and regulations.Both federal and state regulatory agencies inspect, survey, and audit our facilities to review our compliance with these laws and regulations. While our facilities intend to comply with existing licensing, Medicare certification requirements, and accreditation standards, there can be no assurance that these regulatory authorities will determine that all applicable requirements are fully met at any given time. A determination by any of these regulatory authorities that a facility is not in compliance with these requirements could lead to the imposition of requirements that the facility takes corrective action, assessment of fines and penalties, or loss of licensure, Medicare certification, or accreditation. These consequences could have an adverse effect on our company.In addition, there have been heightened coordinated civil and criminal enforcement efforts by both federal and state government agencies relating to the healthcare industry. The ongoing investigations relate to, among other things, various referral practices, billing practices, and physician ownership. In the future, different interpretations or enforcement of these laws and regulations could subject us to allegations of impropriety or illegality or could require us to make changes in our facilities, equipment, personnel, services, and capital expenditure programs. These changes may increase our operating expenses and reduce our operating revenues. If we fail to comply with these extensive laws and government regulations, we could become ineligible to receive government program reimbursement, suffer civil or criminal penalties, or be required to make significant changes to our operations. In addition, we could be forced to expend considerable resources responding to any related investigation or other enforcement action.If our critical illness recovery hospitals fail to maintain their certifications as LTCHs or if our facilities operated as HIHs fail to qualify as hospitals separate from their host hospitals, our revenue and profitability may decline.As of December 31, 2023, we operated 107 critical illness recovery hospitals, all of which are currently certified by Medicare as LTCHs. LTCHs must meet certain conditions of participation to enroll in, and seek payment from, the Medicare program as an LTCH, including, among other things, maintaining an average length of stay for Medicare patients in excess of 25 days. An LTCH that fails to maintain this average length of stay for Medicare patients in excess of 25 days during a single cost reporting period is generally allowed an opportunity to show that it meets the length of stay criteria during a subsequent cure period. If the LTCH can show that it meets the length of stay criteria during this cure period, it will continue to be paid under the LTCH-PPS. If the LTCH again fails to meet the average length of stay criteria during the cure period, it will be paid under the general acute care hospital IPPS at rates generally lower than the rates under the LTCH-PPS. If the LTCH again fails to meet the average length of stay criteria during the cure period, it will be paid under the general acute care IPPS at rates generally lower than the rates under the LTCH-PPS. CMS issued temporary waivers that exempt LTCHs from the 25 day average length of stay requirement for all cost reporting periods that include the COVID-19 pandemic public health emergency. Medicare cost reporting periods for our LTCHs that begin after May 11, 2023, will again be required to comply with this rule. See “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Regulatory Changes.”Similarly, our HIHs must meet conditions of participation in the Medicare program and additional criteria establishing separateness from the hospital with which the HIH shares space.”Similarly, our HIHs must meet conditions of participation in the Medicare program, which include additional criteria establishing separateness from the hospital with which the HIH shares space. If our critical illness recovery hospitals fail to meet or maintain the standards for certification as LTCHs, they will receive payment under the general acute care hospitals IPPS which is generally lower than payment under the system applicable to LTCHs. Payments at rates applicable to general acute care hospitals would result in our hospitals receiving significantly less Medicare reimbursement than they currently receive for their patient services.Decreases in Medicare reimbursement rates received by our outpatient rehabilitation clinics may reduce our future revenue and profitability.35Table of ContentsDecreases in Medicare reimbursement rates received by our outpatient rehabilitation clinics may reduce our future revenue and profitability. Our outpatient rehabilitation clinics receive payments from the Medicare program under the Medicare physician fee schedule. In the calendar year 2024 physician fee schedule final rule, CMS announced that Medicare payments for the therapy specialty are expected to decrease 3% in 2024. Congress passed the Health Extenders, Improving Access to Medicare, Medicaid, and CHIP, and Strengthening Public Health Act of 2022, which provided a one-time 2.5% increase in payments in calendar year 2023 to offset some of the 4.5% cut to payments for therapy and other services paid under the physician fee schedule that otherwise would have occurred in calendar year 2023, and a one-time 1.75% cut to payments for therapy services and other services paid under the physician fee schedule that otherwise would have occurred in calendar year 2022. 25% increase in payments in calendar year 2024. However, these one-time increases have only partially offset CMS’s cuts to the physician fee schedule conversion factor. Even with the statutory 1.25% increase, the calendar year 2024 conversion factor is still 3.4% less than the calendar year 2023 conversion factor.37Table of ContentsIn addition, the Medicare Access and CHIP Reauthorization Act of 2015 requires that payments under the physician fee schedule be adjusted starting in 2019 based on performance in a MIPS and additional incentives for participation in APMs.In addition, the Medicare Access and CHIP Reauthorization Act of 2015 requires that payments under the physician fee schedule be adjusted starting in 2019 based on performance in a MIPS and additional incentives for participation in APMs. The specifics of the MIPS and incentives for participation in APMs will be subject to future notice and comment rule-making. In 2019, CMS added physical and occupational therapists to the list of MIPS eligible clinicians. For these therapists in private practice, payments under the fee schedule are subject to adjustment in a later year based on their performance in MIPS according to established performance standards. Calendar year 2021 was the first year that payments were adjusted, based upon the therapist’s performance under MIPS in 2019. Each year from 2019 through 2024 eligible clinicians who receive a significant share of their revenues through an advanced APM (such as accountable care organizations or bundled payment arrangements) that involves risk of financial losses and a quality measurement component will receive a 5% bonus. As required under the Consolidated Appropriations Act, 2023, the bonus payment will be 3.5% in 2025. The bonus payment for APM participation is intended to encourage participation and testing of new APMs and to promote the alignment of incentives across payors. Providers in facility-based outpatient therapy settings are excluded from MIPS eligibility and therefore not subject to this payment adjustment. Providers in facility-based outpatient therapy settings are excluded from MIPS eligibility and therefore not subject to this payment adjustment. It is unclear what impact, if any, the MIPS and incentives for participation in alternative payment models will have on our business and operating results, but any resulting administrative burden or decrease in payment may reduce our future revenue and profitability. It is unclear what impact, if any, the MIPS and incentives for participation in alternative payment models will have on our business and operating results, but any resulting administrative burden or decrease in payment may reduce our future revenue and profitability. In the calendar year 2022 physician fee schedule final rule, CMS also adopted its plan to transition the MIPS program to MVPs. CMS began the transition to MVPs in 2023 with an initial set of MVPs in which reporting is voluntary. CMS will begin the transition to MVPs in 2023 with an initial set of MVPs in which reporting is voluntary. In the calendar year 2023 physician fee schedule final rule, CMS revised the initial set of MVPs and added five new MVPs. In the calendar year 2022 physician fee schedule final rule, CMS announced that Medicare payments for the therapy specialty are expected to decrease 1% in 2022. In the same final rule, CMS added five new MVPs including the Rehabilitative Support of Musculoskeletal Care MVP that will be applicable to physical therapists and occupational therapists. Beginning in 2026, multispecialty groups must form subgroups to report MVPs. CMS plans to develop more MVPs from 2024 to 2027 and is considering that MVP reporting would become mandatory in 2028. Each MVP would include population health claims-based measures and require clinicians to report on the Promoting Interoperability performance category measures. In addition, MVP participants would select certain quality measures and improvement activities and then report data for such measures and activities. At this time, it is unclear the impact that the transition to MVPs will have on our business and operating results, however, any resulting administrative burden or decrease in reimbursement rates may reduce our future revenue and profitability.The nature of the markets that Concentra serves may constrain its ability to raise prices at rates sufficient to keep pace with the inflation of its costs.Rates of reimbursement for work-related injury or illness visits in Concentra’s occupational health services business are established through a legislative or regulatory process within each state that Concentra serves. Currently, Concentra has operations in 36 states and the District of Columbia, which have fee schedules pursuant to which all healthcare providers are uniformly reimbursed. Currently, 36 states in which Concentra has operations have fee schedules pursuant to which all healthcare providers are uniformly reimbursed. The fee schedules are determined by each state and generally prescribe the maximum amounts that may be reimbursed for a designated procedure. In the states without fee schedules, healthcare providers are generally reimbursed based on usual, customary and reasonable rates charged in the particular state in which the services are provided. Given that Concentra does not control these processes, it may be subject to financial risks if individual jurisdictions reduce rates or do not routinely raise rates of reimbursement in a manner that keeps pace with the inflation of Concentra’s costs of service.Additionally, in Concentra’s employer services business, while we can directly set the price for these services, the market rates for this portion of Concentra’s business are substantially lower than the fees we receive for workers’ compensation services. The average rate of reimbursement per visit could increase at rates lower than the rate of inflation in our costs and could cause us to have decreases in the rate of profitability we receive for services that are provided.In addition to the risks we face in Concentra’s occupational health services business, we also face competitive and market pressures in Concentra’s onsite health clinics that may constrain our ability to raise our pricing for services in a manner that is commensurate with the increases in our costs.If our rehabilitation hospitals fail to comply with the 60% Rule or admissions to IRFs are limited due to changes to the diagnosis codes on the presumptive compliance list, our revenue and profitability may decline.As of December 31, 2023, we operated 33 rehabilitation hospitals, all of which were certified by Medicare as IRFs.As of December 31, 2021, we operated 30 rehabilitation hospitals, all of which were certified as Medicare providers and operating as IRFs. Our rehabilitation hospitals must meet certain conditions of participation to enroll in, and seek payment from, the Medicare program as an IRF. Among other things, at least 60% of the IRF’s total inpatient population must require treatment for one or more of 13 conditions specified by regulation. This requirement is now commonly referred to as the “60% Rule.” Compliance with the 60% Rule is demonstrated through a two-step process. The first step is the “presumptive” method, in which patient diagnosis codes are compared to a “presumptive compliance” list. IRFs that fail to demonstrate compliance with the 60% Rule using this presumptive test may demonstrate compliance through a second step involving an audit of the facility’s medical records to assess compliance.38Table of ContentsIf an IRF does not demonstrate compliance with the 60% Rule by either the presumptive method or through a review of medical records, then the facility’s classification as an IRF may be terminated at the start of its next cost reporting period causing the facility to be paid as a general acute care hospital under IPPS. If our rehabilitation hospitals fail to demonstrate compliance with the 60% Rule through both methods and are classified as general acute care hospitals, our revenue and profitability may be adversely affected.CMS issued temporary waivers in response to the COVID-19 pandemic that allowed IRFs, IRF units and hospitals and units applying to be classified as IRFs to exclude patients admitted solely to respond to the public health emergency from the 60% Rule.CMS has issued temporary waivers in response to the COVID-19 pandemic that allow IRFs, IRF units and hospitals and units applying to be classified as IRFs to exclude patients admitted solely to respond to the public health emergency from the 60% Rule. These waivers expired on May 11, 2023, when the COVID-19 public health emergency ended and admissions to our IRFs are once again counted for purposes of the 60% Rule. See “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Regulatory Changes.”As a result of post-payment reviews of claims we submit to Medicare for our services, we may incur additional costs and may be required to repay amounts already paid to us.We are subject to regular post-payment inquiries, investigations, and audits of the claims we submit to Medicare for payment for our services. These post-payment reviews include medical necessity reviews for Medicare patients admitted to LTCHs and IRFs, and audits of Medicare claims under the Recovery Audit Contractor program. These post-payment reviews may require us to incur additional costs to respond to requests for records and to pursue the reversal of payment denials, and ultimately may require us to refund amounts paid to us by Medicare that are determined to have been overpaid.Beginning August 21, 2023, CMS implemented a five-year review choice demonstration (“RCD”) for IRF services in Alabama. CMS plans to expand RCD to Pennsylvania, Texas, and California, but the timing of this expansion is not known. We operate inpatient rehabilitation hospitals in Pennsylvania, Texas and California. CMS has announced it will expand RCD to include additional IRFs based on the Medicare Administrative Contractor to which those IRFs submit claims. Under RCD, participating IRFs have an initial choice between pre-claim or post-payment review of 100% of claims submitted to demonstrate compliance with applicable Medicare coverage and clinical documentation requirements. If a certain percentage of the claims reviewed are found to be valid, the IRF may then opt out of the 100% review. That percentage will initially be 80% or greater and eventually increase to 90% or greater in subsequent review cycles. In opting out, the IRF may elect spot prepayment reviews of samples consisting of 5% of total claims or selective post-payment review of a statistically valid random sample. RCD does not create new documentation requirements. We cannot predict the impact, if any, the RCD may have on the collectability of our Medicare claims over its five-year term and ultimately our financial position, results of operations, and cash flows.On September 15, 2022, the HHS-OIG updated its work plan to conduct a nationwide audit of IRF claims in order to determine the extent to which CMS could clarify the Medicare IRF claim payment criteria. The HHS-OIG expects to issue a report on this in fiscal year 2024. An HHS-OIG work plan, audit or similar future efforts could result in proposed changes to the payment systems for providers or increased denials of Medicare claims for patients notwithstanding the referring physicians’ judgment that treatment is appropriate.CMS has also instructed Medicare Administrative Contractors to conduct targeted probe and educate reviews of providers, in which the contractors select providers for up to three rounds of claim reviews. The contractor provides education to the provider after each round of review regarding any identified issues. These reviews can be conducted post-payment, but the contractors can also subject providers to pre-payment review of claims. In addition to the additional costs and burdens discussed above, providers can be further subject to withholding of Medicare payments during this review process.Most of our critical illness recovery hospitals are subject to short-term leases, and the loss of multiple leases close in time could materially and adversely affect our business, financial condition, and results of operations.We lease most of our critical illness recovery hospitals under short-term leases with terms of less than ten years. These leases generally cannot be renewed or extended without the written consent of the landlords thereunder. If we cannot renew or extend a significant number of our existing leases, or if the terms for lease renewal or extension offered by landlords on a significant number of leases are unacceptable to us, then the loss of multiple leases close in time could materially and adversely affect our business, financial condition, and results of operations. If we cannot renew or extend a significant number of our existing leases, or if the terms for lease renewal or extension offered by landlords on a significant number of leases are unacceptable to us, then the loss of multiple leases close in time could materially and adversely affect our business, financial condition, and results of operations. 39Table of ContentsOur facilities are subject to extensive federal and state laws and regulations relating to the privacy of individually identifiable information.Our facilities are subject to extensive federal and state laws and regulations relating to the privacy of individually identifiable information. HIPAA required the United States Department of Health and Human Services to adopt standards to protect the privacy and security of individually identifiable health information. The department released final regulations containing privacy standards in December 2000 and published revisions to the final regulations in August 2002. The privacy regulations extensively regulate the use and disclosure of individually identifiable health information. The regulations also provide patients with significant new rights related to understanding and controlling how their health information is used or disclosed. The security regulations require healthcare providers to implement administrative, physical and technical practices to protect the security of individually identifiable health information that is maintained or transmitted electronically. HITECH, which was signed into law in February 2009, enhanced the privacy, security, and enforcement provisions of HIPAA by, among other things, establishing security breach notification requirements, allowing enforcement of HIPAA by state attorneys general, and increasing penalties for HIPAA violations. Violations of HIPAA or HITECH could result in civil or criminal penalties. For example, HITECH permits HHS to conduct audits of HIPAA compliance and impose penalties even if we did not know or reasonably could not have known about the violation and increases civil monetary penalty amounts up to $50,000 per violation with a maximum of $1.5 million in a calendar year for violations of the same requirement.In addition to HIPAA, there are numerous federal and state laws and regulations addressing patient and consumer privacy concerns, including unauthorized access, or theft of patient’s identifiable health information. State statutes and regulations vary from state to state. Lawsuits, including class actions and action by state attorneys general, directed at companies that have experienced a privacy or security breach also can occur.In the conduct of our business, we process, maintain, and transmit sensitive data, including our patient’s individually identifiable health information. We have developed a comprehensive set of policies and procedures in our efforts to comply with HIPAA and other privacy laws. Our compliance officer, privacy officer, and information security officer are responsible for implementing and monitoring compliance with our privacy and security policies and procedures at our facilities. We believe that the cost of our compliance with HIPAA and other federal and state privacy laws will not have a material adverse effect on our business, financial condition, results of operations, or cash flows. However, there can be no assurance that a breach of privacy or security will not occur. If there is a breach, we may be subject to various lawsuits, penalties and damages and may be required to incur costs to mitigate the impact of the breach on affected individuals.We may be adversely affected by a security breach of our, or our third-party vendors’, information technology systems, such as a cyber attack, which may cause a violation of HIPAA or HITECH and subject us to potential legal and reputational harm.37Table of ContentsWe may be adversely affected by a security breach of our, or our third-party vendors’, information technology systems, such as a cyber attack, which may cause a violation of HIPAA or HITECH and subject us to potential legal and reputational harm. In the normal course of business, our information technology systems hold sensitive patient information including patient demographic data, eligibility for various medical plans including Medicare and Medicaid, and protected health information, which is subject to HIPAA and HITECH. Additionally, we utilize those same systems to perform our day-to-day activities, such as receiving referrals, assigning medical teams to patients, documenting medical information, maintaining an accurate record of all transactions, processing payments, and maintaining our employee’s personal information. We also contract with third-party vendors to maintain and store our patient’s individually identifiable health information. Numerous state and federal laws and regulations address privacy and information security concerns resulting from our access to our patients’ and employees’ personal information.Our information technology systems and those of our vendors that process, maintain, and transmit such data are subject to computer viruses, cyber attacks, or breaches. We adhere to policies and procedures reasonably designed to promote compliance with HIPAA and other applicable privacy and information security laws. We adhere to policies and procedures designed to promote compliance with HIPAA and other privacy and information security laws and require our third-party vendors to do so as well. Employees are required to complete annual training regarding these laws. Additionally, we perform security risk assessments of third-party vendors and continuously monitor compliance with HIPAA and other applicable privacy laws. Failure to maintain the security and functionality of our information systems and related software, or to defend a cybersecurity attack or other attempt to gain unauthorized access to our or third-party’s systems, facilities, or patient health information could expose us to a number of adverse consequences, including but not limited to disruptions in our operations, regulatory and other civil and criminal penalties, reputational harm, investigations and enforcement actions (including, but not limited to, those arising from the SEC, Federal Trade Commission, the OIG or state attorneys general), fines, litigation with those affected by the data breach, loss of customers, disputes with payors, and increased operating expense, which either individually or in the aggregate could have a material adverse effect on our business, financial position, results of operations, and liquidity. Although we maintain cyber liability insurance to protect us from losses related to cyber attacks and breaches, not every risk or liability can be insured, and for risks that are insurable, our policy limits and terms of coverage may not be sufficient to cover all actual losses or liabilities incurred. 40Table of ContentsFurthermore, while our information technology systems are maintained with safeguards protecting against cyber attacks, including intrusion protection, firewalls, and malware detection, these safeguards do not ensure that a significant cyber attack could not occur. Furthermore, while our information technology systems, and those of our third-party vendors, are maintained with safeguards protecting against cyber attacks, including passive intrusion protection, firewalls, and virus detection software, these safeguards do not ensure that a significant cyber attack could not occur. A cyber attack that bypasses our information technology security systems, or those of our third-party vendors, could cause the loss of protected health information, or other data subject to privacy laws, the loss of proprietary business information, or a material disruption to our or a third-party vendor’s information technology business systems resulting in a material adverse effect on our business, financial condition, results of operations, or cash flows. In addition, our future results could be adversely affected due to the theft, destruction, loss, misappropriation, or release of protected health information, other confidential data or proprietary business information, operational or business delays resulting from the disruption of information technology systems and subsequent clean-up and mitigation activities, negative publicity resulting in reputation or brand damage with clients, members, or industry peers, or regulatory action taken as a result of such incident. We provide our employees with training at least annually on important measures they can take to prevent breaches and other cyber threats. We provide our employees annual training and regular reminders on important measures they can take to prevent breaches and other cyber threats. We routinely identify attempts to gain unauthorized access to our systems. However, given the rapidly evolving nature and proliferation of cyber threats, there can be no assurance our training and security measures or other controls will detect, prevent, or remediate security or data breaches in a timely manner or otherwise prevent unauthorized access to, damage to, or interruption of our systems and operations. However, given the rapidly evolving nature and proliferation of cyber threats, there can be no assurance our training and network security measures or other controls will detect, prevent, or remediate security or data breaches in a timely manner or otherwise prevent unauthorized access to, damage to, or interruption of our systems and operations. For example, it has been widely reported that many well-organized international interests, in certain cases with the backing of sovereign governments, are targeting the theft of patient information through the use of advance persistent threats. Similarly, in recent years, several hospitals have reported being the victim of ransomware attacks in which they lost access to their systems, including clinical systems, during the course of the attacks. While we are not aware of having experienced a material cyber breach or attack to date, we are likely to face attempted attacks in the future. Accordingly, we may be vulnerable to losses associated with the improper functioning, security breach, or unavailability of our information systems as well as any systems used in acquired operations.Our acquisitions require transitions and integration of various information technology systems, and we regularly upgrade and expand our information technology systems’ capabilities. If we experience difficulties with the transition and integration of these systems or are unable to implement, maintain, or expand our systems properly, we could suffer from, among other things, operational disruptions, regulatory problems, working capital disruptions, and increases in administrative expenses. While we make significant efforts to address any information security issues and vulnerabilities with respect to the companies we acquire, we may still inherit risks of security breaches or other compromises when we integrate these companies within our business. Quality reporting requirements may negatively impact Medicare reimbursement.The IMPACT Act requires the submission of standardized data by certain healthcare providers. Specifically, the IMPACT Act requires, among other significant activities, that LTCHs, IRFs, SNFs, and HHAs report standardized patient assessment data to CMS for cross-setting quality measures, resource use measures, and standardized patient assessment data elements. To the extent that such reporting requirements have been incorporated into the Medicare quality reporting programs, failure to report such data as required will subject providers to a 2% reduction to their annual payment update for the fiscal year that follows the reporting period. As CMS adds new measures to the Medicare quality reporting programs to implement the IMPACT Act, the burden to report data increases. Moreover, when CMS adds other measures to the quality reporting programs, provider reporting obligations become more burdensome. For example, CMS recently added a COVID-19 Vaccination Coverage Among Healthcare Personnel measure to the LTCH, IRF, and SNF quality reporting programs. The adoption of additional quality reporting measures for our hospitals to track and report will require additional time and expense and could affect reimbursement in the future. The adoption of these and additional quality reporting measures for our hospitals to track and report will require additional time and expense and could affect reimbursement in the future. In healthcare generally, the burdens associated with collecting, recording, and reporting quality data are increasing. This includes the additional burden from the fiscal year 2023 IRF-PPS final rule to require IRFs, starting with discharges after October 1, 2024, to collect data using the IRF Patient Assessment Instrument for all IRF patients, regardless of payer. Currently, CMS only requires IRFs to complete the IRF Patient Assessment Instrument for Medicare beneficiaries (Part A and Part C). There can be no assurance that all of our hospitals will continue to meet quality reporting requirements in the future which may result in one or more of our hospitals seeing a reduction in its Medicare reimbursements.There can be no assurance that all of our hospitals will continue to meet quality reporting requirements in the future which may result in one or more of our hospitals seeing a reduction in its Medicare reimbursements. Regardless, we, like other healthcare providers, are likely to incur additional expenses in an effort to comply with additional and changing quality reporting requirements.CMS also adopted revised discharge planning requirements for hospitals in 2019 that focus on patients' goals and preferences and on preparing them and, as appropriate, their caregivers, to be active partners in their post-discharge care. As part of these updates to the discharge planning process, CMS began requiring that hospitals assist patients in selecting a post-acute care provider by sharing quality measure and resource use measure data from LTCHs, IRFs, SNFs, and HHAs. The collection of data for these quality and resource use measures, and the use of these data in the discharge planning process at hospitals, has the potential to affect admission patterns at our LTCHs and IRFs.41Table of ContentsCMS has increased several quality reporting program data completion thresholds for certain provider types. Failure to meet a quality program data completion threshold may result in CMS reducing the provider’s Medicare payments by 2%. The FY 2024 SNF PPS Final Rule increased the SNF QRP data completion threshold from 80% to 90% for Minimum Data Set data items beginning with the CY 2024 data collection period. The FY 2024 IPPS/LTCH Final Rule similarly increased the LTCH QRP data completion threshold for LTCH Continuity Assessment Record and Evaluation Data Set submissions from 80% to 85% effective for the CY 2024 data collection period. Increasing the data completion thresholds reduces the margin for error when submitting quality reporting program data and increases the risk of CMS applying a 2% penalty to our facilities’ Medicare payments. We may be adversely affected by negative publicity which can result in increased governmental and regulatory scrutiny and possibly adverse regulatory changes.We may be adversely affected by negative publicity which can result in increased governmental and regulatory scrutiny and possibly adverse regulatory changes. Negative press coverage, including about the industries in which we currently operate, can result in increased governmental and regulatory scrutiny and possibly adverse regulatory changes. Adverse publicity and increased governmental scrutiny can have a negative impact on our reputation with referral sources and patients and on the morale and performance of our employees, both of which could adversely affect our businesses and results of operations.Current and future acquisitions may use significant resources, may be unsuccessful, and could expose us to unforeseen liabilities.As part of our growth strategy, we may pursue acquisitions of critical illness recovery hospitals, rehabilitation hospitals, outpatient rehabilitation clinics, and other related healthcare facilities and services. These acquisitions, may involve significant cash expenditures, debt incurrence, additional operating losses and expenses, and compliance risks that could have a material adverse effect on our financial condition and results of operations.We may not be able to successfully integrate our acquired businesses into ours, and therefore, we may not be able to realize the intended benefits from an acquisition. If we fail to successfully integrate acquisitions, our financial condition and results of operations may be materially adversely affected. These acquisitions could result in difficulties integrating acquired operations, technologies, and personnel into our business. Such difficulties may divert significant financial, operational, and managerial resources from our existing operations and make it more difficult to achieve our operating and strategic objectives. We may fail to retain employees or patients acquired through these acquisitions, which may negatively impact the integration efforts. These acquisitions could also have a negative impact on our results of operations if it is subsequently determined that goodwill or other acquired intangible assets are impaired, thus resulting in an impairment charge in a future period.In addition, these acquisitions involve risks that the acquired businesses will not perform in accordance with expectations; that we may become liable for unforeseen financial or business liabilities of the acquired businesses, including liabilities for failure to comply with healthcare regulations; that the expected synergies associated with acquisitions will not be achieved; and that business judgments concerning the value, strengths, and weaknesses of businesses acquired will prove incorrect, which could have a material adverse effect on our financial condition and results of operations.Future joint ventures may use significant resources, may be unsuccessful, and could expose us to unforeseen liabilities.As part of our growth strategy, we have partnered and may partner with large healthcare systems to provide post-acute care services. These joint ventures have included and may involve significant cash expenditures, debt incurrence, additional operating losses and expenses, and compliance risks that could have a material adverse effect on our financial condition and results of operations.A joint venture involves the combining of corporate cultures and mission. As a result, we may not be able to successfully operate a joint venture, and therefore, we may not be able to realize the intended benefits. If we fail to successfully execute a joint venture relationship, our financial condition and results of operations may be materially adversely affected. A new joint venture could result in difficulties in combining operations, technologies, and personnel. Such difficulties may divert significant financial, operational, and managerial resources from our existing operations and make it more difficult to achieve our operating and strategic objectives. We may fail to retain employees or patients as a result of the integration efforts.A joint venture is operated through a Board of Directors that contains representatives of Select and other parties to the joint venture.A joint venture is operated through a board of directors that contains representatives of Select and other parties to the joint venture. We may not control the board of certain joint ventures and, as a result, such joint ventures may take certain actions that could have adverse effects on our financial condition and results of operations.42Table of ContentsIf we fail to compete effectively with other hospitals, clinics, occupational health centers, and healthcare providers in the local areas we serve, our revenue and profitability may decline.If we fail to compete effectively with other hospitals, clinics, occupational health centers, and healthcare providers in the local areas we serve, our revenue and profitability may decline. The healthcare business is highly competitive, and we compete with other hospitals, rehabilitation clinics, occupational health centers, and other healthcare providers for patients. If we are unable to compete effectively in the critical illness recovery hospital, rehabilitation hospital, outpatient rehabilitation, and occupational health services businesses, our ability to retain customers and physicians, or maintain or increase our revenue growth, price flexibility, control over medical cost trends, and marketing expenses may be compromised and our revenue and profitability may decline. If we are unable to compete effectively in the critical illness recovery, rehabilitation hospital, outpatient rehabilitation, and occupational health services businesses, our ability to retain customers and physicians, or maintain or increase our revenue growth, price flexibility, control over medical cost trends, and marketing expenses may be compromised and our revenue and profitability may decline. Many of our critical illness recovery hospitals and our rehabilitation hospitals operate in geographic areas where we compete with at least one other facility that provides similar services.Our outpatient rehabilitation clinics face competition from a variety of local and national outpatient rehabilitation providers, including physician-owned physical therapy clinics, dedicated locally owned and managed outpatient rehabilitation clinics, and hospital or university owned or affiliated ventures, as well as national and regional providers in select areas. Other competing outpatient rehabilitation clinics in local areas we serve may have greater name recognition and longer operating histories than our clinics. The managers of these competing clinics may also have stronger relationships with physicians in their communities, which could give them a competitive advantage for patient referrals. Because the barriers to entry are not substantial and current customers have the flexibility to move easily to new healthcare service providers, we believe that new outpatient physical therapy competitors can emerge relatively quickly.Concentra’s primary competitors have typically been independent physicians, hospital emergency departments, and hospital-owned or hospital-affiliated medical facilities. Because the barriers to entry in Concentra’s geographic markets are not substantial and its current customers have the flexibility to move easily to new healthcare service providers, new competitors to Concentra can emerge relatively quickly. The markets for Concentra’s consumer health business are also fragmented and competitive. If Concentra’s competitors are better able to attract patients or expand services at their facilities than Concentra is, Concentra may experience an overall decline in revenue. Future cost containment initiatives undertaken by private third-party payors may limit our future revenue and profitability.Initiatives undertaken by major insurers and managed care companies to contain healthcare costs affect our profitability. These payors attempt to control healthcare costs by contracting with hospitals and other healthcare providers to obtain services on a discounted basis. We believe that this trend may continue and may limit reimbursements for healthcare services. If insurers or managed care companies from whom we receive substantial payments reduce the amounts they pay for services, our profit margins may decline, or we may lose patients if we choose not to renew our contracts with these insurers at lower rates.If we fail to maintain established relationships with the physicians in the areas we serve, our revenue may decrease.Our success is partially dependent upon the admissions and referral practices of the physicians in the communities our critical illness recovery hospitals, rehabilitation hospitals, and outpatient rehabilitation clinics serve, and our ability to maintain good relations with these physicians. Physicians referring patients to our hospitals and clinics are generally not our employees and, in many of the local areas that we serve, most physicians have admitting privileges at other hospitals and are free to refer their patients to other providers. If we are unable to successfully cultivate and maintain strong relationships with these physicians, our hospitals’ admissions and our facilities’ and clinics’ businesses may decrease, and our revenue may decline.Our business operations could be significantly disrupted if we lose key members of our management team.40Table of ContentsOur business operations could be significantly disrupted if we lose key members of our management team. Our success depends to a significant degree upon the continued contributions of our senior officers and other key employees, and our ability to retain and motivate these individuals. We currently have employment agreements in place with three executive officers and change in control agreements and/or non-competition agreements with several other officers. Many of these individuals also have significant equity ownership in our company. We do not maintain any key life insurance policies for any of our employees. The loss of the services of certain of these individuals could disrupt significant aspects of our business, could prevent us from successfully executing our business strategy, and could have a material adverse effect on our results of operations.43Table of ContentsIn conducting our business, we are required to comply with applicable laws regarding fee-splitting and the corporate practice of medicine.In conducting our business, we are required to comply with applicable laws regarding fee-splitting and the corporate practice of medicine. Some states prohibit the “corporate practice of medicine” that restricts business corporations from practicing medicine through the direct employment of physicians or from exercising control over medical decisions by physicians. Some states similarly prohibit the “corporate practice of therapy.” The laws relating to corporate practice vary from state to state and are not fully developed in each state in which we have facilities. Typically, however, professional corporations owned and controlled by licensed professionals are exempt from corporate practice restrictions and may employ physicians or therapists to furnish professional services. Also, in some states, hospitals are permitted to employ physicians.Some states also prohibit entities from engaging in certain financial arrangements, such as fee-splitting, with physicians or therapists. The laws relating to fee-splitting also vary from state to state and are not fully developed. Generally, these laws restrict business arrangements that involve a physician or therapist sharing medical fees with a referral source, but in some states, these laws have been interpreted to extend to management agreements between physicians or therapists and business entities under some circumstances.We believe that the Company’s current and planned activities do not constitute fee-splitting or the unlawful corporate practice of medicine as contemplated by these state laws. However, there can be no assurance that future interpretations of such laws will not require structural and organizational modification of our existing relationships with the practices. If a court or regulatory body determines that we have violated these laws or if new laws are introduced that would render our arrangements illegal, we could be subject to civil or criminal penalties, our contracts could be found legally invalid and unenforceable (in whole or in part), or we could be required to restructure our contractual arrangements with our affiliated physicians and other licensed providers.Significant legal actions could subject us to substantial uninsured liabilities.Physicians, hospitals, and other healthcare providers have become subject to an increasing number of legal actions and claims alleging professional malpractice, general liability for property damage, personal and bodily injury, violations of federal and state employment laws, often in the form of wage and hour class action lawsuits, and liability for data breaches. Many of these actions involve large claims and significant defense costs and sometimes, as in the case of wage and hour class actions, are not covered by insurance. We are also subject to lawsuits under federal and state whistleblower statutes designed to combat fraud and abuse in the healthcare industry. These whistleblower lawsuits are not covered by insurance and can involve significant monetary damages and award bounties to private plaintiffs who successfully bring the suits. See “Item 3. Legal Proceedings.” and Note 20 – Commitments and Contingencies in our audited consolidated financial statements.We currently maintain professional malpractice liability insurance and general liability insurance coverages through a number of different programs that are dependent upon such factors as the state where we are operating and whether the operations are wholly owned or are operated through a joint venture. For our wholly owned hospital and outpatient clinic operations, we currently maintain insurance coverages under a combination of policies with a total annual aggregate limit of up to $37. For our wholly owned operations, we currently maintain insurance coverages under a combination of policies with a total annual aggregate limit of up to $37. 0 million for professional malpractice liability insurance and $40.0 million for general liability insurance. For our Concentra center operations, we currently maintain insurance coverages under a combination of policies with a total annual aggregate limit of up to $29. For our wholly owned operations, we currently maintain insurance coverages under a combination of policies with a total annual aggregate limit of up to $37. 0 million for professional malpractice liability and $29.0 million for professional malpractice liability insurance and $40. 0 million for general liability insurance. Our insurance for the professional liability coverage is written on a “claims-made” basis, and our commercial general liability coverage is maintained on an “occurrence” basis. These coverages apply after a self-insured retention limit is exceeded. For our joint venture operations, we have designed a separate insurance program that responds to the risks of specific joint ventures. Most of our joint ventures are insured under a master program with an annual aggregate limit of up to $80.0 million, subject to a sublimit aggregate ranging from $23.0 million to $33.0 million for most joint ventures. The policies are generally written on a “claims-made” basis. Each of these programs has either a deductible or self-insured retention limit. Each of these programs has either a deductible or self-insured retention limit. We also maintain additional types of liability insurance covering claims which, due to their nature or amount, are not covered by or not fully covered by the applicable professional malpractice and general liability insurance policies, including workers compensation, property and casualty, directors and officers, cyber liability insurance, and employment practices liability insurance coverages. We also maintain additional types of liability insurance covering claims which, due to their nature or amount, are not covered by or not fully covered by our professional and general liability insurance policies. Our insurance policies generally are silent with respect to punitive damages so coverage is available to the extent insurance under the law of any applicable jurisdiction and are subject to various deductibles and policy limits. We review our insurance program annually and may make adjustments to the amount of insurance coverage and self-insured retentions in future years. See “Business—Government Regulations—Other Healthcare Regulations”44Table of ContentsConcentration of ownership among our existing executives and directors may prevent new investors from influencing significant corporate decisions.Our executives and directors, beneficially own, in the aggregate, approximately 17.53% of Holdings’ outstanding common stock as of February 1, 2024. As a result, these stockholders have significant control over our management and policies and are able to exercise influence over all matters requiring stockholder approval, including the election of directors, amendment of our certificate of incorporation, and approval of significant corporate transactions. The directors elected by these stockholders are able to make decisions affecting our capital structure, including decisions to issue additional capital stock, implement stock repurchase programs, and incur indebtedness. This influence may have the effect of deterring hostile takeovers, delaying or preventing changes in control or changes in management, or limiting the ability of our other stockholders to approve transactions that they may deem to be in their best interest.45Table of ContentsRisks Related to Our Capital StructureOur substantial indebtedness may limit the amount of cash flow available to invest in the ongoing needs of our business.We have a substantial amount of indebtedness. As of December 31, 2023, we had approximately $3,658. As of December 31, 2021, we had approximately $3,574. 0 million of total indebtedness. Our indebtedness could have important consequences to you. For example, it:•requires us to dedicate a substantial portion of our cash flow from operations to payments on our indebtedness, reducing the availability of our cash flow to fund working capital, capital expenditures, development activity, acquisitions, and other general corporate purposes;•increases our vulnerability to adverse general economic or industry conditions;•limits our flexibility in planning for, or reacting to, changes in our business or the industries in which we operate;•makes us more vulnerable to increases in interest rates, as borrowings under our senior secured credit facilities are at variable rates, subject to our interest rate cap agreement;•limits our ability to obtain additional financing in the future for working capital or other purposes; and•places us at a competitive disadvantage compared to our competitors that have less indebtedness.Any of these consequences could have a material adverse effect on our business, financial condition, results of operations, prospects, and ability to satisfy our obligations under our indebtedness. In addition, there would be a material adverse effect on our business, financial condition, results of operations, and cash flows if we were unable to service our indebtedness or obtain additional financing, as needed. See “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Liquidity and Capital Resources.”Our credit facilities and the indenture governing our 6.250% senior notes require us to comply with certain covenants and obligations, the default of which may result in the acceleration of certain of our indebtedness. In the case of an event of default under the agreements governing our credit facilities or our Indenture (as defined below), the lenders or noteholders under such agreements could elect to declare all amounts borrowed, together with accrued and unpaid interest and other fees, to be due and payable. If we are unable to obtain a waiver from the requisite lenders or noteholders under such circumstances, these lenders or noteholders could exercise their rights, then our financial condition and results of operations could be adversely affected, and we could become bankrupt or insolvent.Our credit agreement contains several covenants such as limitations on mergers, consolidations and dissolutions; sales of assets; investments and acquisitions; indebtedness; liens; affiliate transactions; and dividends and restricted payments. Our revolving facility also requires us to maintain a leverage ratio (based upon the ratio of indebtedness to consolidated EBITDA as defined in the agreements governing our credit facilities), which is tested quarterly. Our credit facilities also require us to maintain a leverage ratio (based upon the ratio of indebtedness to consolidated EBITDA as defined in the agreements governing our credit facilities), which is tested quarterly. Failure to comply with any of these covenants would result in an event of default under our credit facilities. As of December 31, 2023, we were required to maintain our leverage ratio (the ratio of total indebtedness to consolidated EBITDA for the prior four consecutive fiscal quarters) at less than 7.00 to 1.00. At December 31, 2023, our leverage ratio was 4.54 to 1.00 to 1. 00.Our indenture, dated August 1, 2019, by and among Select, the guarantors named therein and U.S. Bank National Association, as trustee (the “Indenture”), contains covenants that, among other things, limit our ability and the ability of certain of our subsidiaries, which unconditionally guarantee on a joint and several basis the senior notes under the Indenture, to (i) grant liens on its assets, (ii) make dividend payments, other distributions or other restricted payments, (iii) incur restrictions on the ability of Select’s restricted subsidiaries to pay dividends or make other payments, (iv) enter into sale and leaseback transactions, (v) merge, consolidate, transfer or dispose of substantially all of their assets, (vi) incur additional indebtedness, (vii) make investments, (viii) sell assets, including capital stock of subsidiaries, (ix) use the proceeds from sales of assets, including capital stock of restricted subsidiaries, and (x) enter into transactions with affiliates. In addition, the Indenture requires us, among other things, to provide financial and current reports to holders of the notes or file such reports electronically with the SEC. 46Table of ContentsOur inability to comply with any of these covenants could result in a default under our credit facilities or our Indenture. In the event of any default under the credit facilities, the revolving lenders could elect to terminate borrowing commitments and declare all borrowings outstanding, together with accrued and unpaid interest and other fees, to be immediately due and payable. In the event of any default under our Indenture, the trustee or holders of 25% of the 6.250% senior notes could declare all outstanding notes immediately due and payable. A breach of a covenant under our credit agreement or Indenture could result in a default under that debt instrument and, due to cross-default provisions, could result in a default under the other debt instrument. A default under our credit facilities or our indenture could have a material adverse effect on our business, financial condition, results of operations, prospects, and may even lead to bankruptcy or insolvency. A default under our credit facilities or our indenture could have a material adverse effect on our business, financial condition, results of operations, prospects, and may even lead to bankruptcy or insolvency. Payment of interest on, and repayment of principal of, our indebtedness is dependent in part on cash flow generated by our subsidiaries.Payment of interest on, and repayment of, principal of our indebtedness will be dependent in part upon cash flow generated by our subsidiaries and their ability to make such cash available to us, by dividend, debt repayment, or otherwise. Our subsidiaries may not be able to, or be permitted to, make distributions to enable us to make payments in respect of our indebtedness. Each of our subsidiaries is a distinct legal entity and, under certain circumstances, legal and contractual restrictions may limit our ability to obtain cash from our subsidiaries. In the event that we do not receive distributions from our subsidiaries, we may be unable to make required principal and interest payments on our indebtedness. In addition, any payment of interest, dividends, distributions, loans, or advances by our subsidiaries to us could be subject to restrictions on dividends or repatriation of distributions under applicable local law, monetary transfer restrictions, and foreign currency exchange regulations in the jurisdictions in which the subsidiaries operate or under arrangements with local partners. Furthermore, the ability of our subsidiaries to make such payments of interest, dividends, distributions, loans, or advances may be contested by taxing authorities in the relevant jurisdictions.Despite our substantial level of indebtedness, we and our subsidiaries may be able to incur additional indebtedness. This could further exacerbate the risks described above, especially in the current rising interest rate environment. This could further exacerbate the risks described above. We and our subsidiaries may be able to incur additional indebtedness in the future. Although our credit facilities and the Indenture contain restrictions on the incurrence of additional indebtedness, these restrictions are subject to a number of qualifications and exceptions, and the indebtedness incurred in compliance with these restrictions could be substantial. Also, these restrictions do not prevent us or our subsidiaries from incurring obligations that do not constitute indebtedness. As of December 31, 2023, we had $434. As of December 31, 2021, we had $434. 2 million of availability under our revolving facility (as defined below) (after giving effect to $280.0 million of outstanding borrowings and $55.8 million of outstanding letters of credit). In addition, to the extent new debt is added to us and our subsidiaries’ current debt levels, the substantial leverage risks described above would increase.Further, the U.S. Federal Reserve has raised, and has indicated its intent to continue raising, certain benchmark interest rates in an effort to combat inflation. Changing interest rates may have unpredictable effects on markets, may result in heightened market volatility and may detract from our performance to the extent we are exposed to such interest rates and/or volatility. In periods of rising interest rates, such as the current interest rate environment, to the extent we borrow money subject to a floating interest rate, our operating costs would increase, which could reduce our net income.We may be unable to refinance our debt on terms favorable to us or at all, which would negatively impact our business and financial condition.44Table of ContentsWe may be unable to refinance our debt on terms favorable to us or at all, which would negatively impact our business and financial condition. We are subject to risks normally associated with debt financing, including the risk that our cash flow will be insufficient to meet required payments of principal and interest. While we intend to refinance all of our indebtedness before it matures, there can be no assurance that we will be able to refinance any maturing indebtedness, that such refinancing will be on terms as favorable to us as the terms of the maturing indebtedness or, if the indebtedness cannot be refinanced, that we will be able to otherwise obtain funds by selling assets or raising equity to make required payments on our maturing indebtedness. Furthermore, if prevailing interest rates or other factors at the time of refinancing result in higher interest rates upon refinancing, then the interest expense relating to that refinanced indebtedness would increase. If we are unable to refinance our indebtedness at or before maturity or otherwise meet our payment obligations, our business and financial condition will be negatively impacted, and we may be in default under our indebtedness. Any default under our credit facilities would permit lenders to foreclose on our assets and would also be deemed a default under the Indenture governing our 6.250% senior notes, which may also result in the acceleration of that indebtedness.See “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Liquidity and Capital Resources.”Item 1B. Unresolved Staff Comments. None.47Table of ContentsItem 1C.45Table of Contents. Cybersecurity.The proper confidentiality, integrity, and availability of the Company’s information systems are critical to the business. Securing the Company’s business information, customer, patient and employee data, and technology systems is essential for the continuity of its businesses, meeting applicable regulatory requirements, and maintaining the trust of its stakeholders. As part of its enterprise risk management program, the Company has processes in place to assess, identify, and manage material business, operational and legal risks from cybersecurity threats. Such risks include business disruption, fraud, extortion, reputational harm, violations of laws and regulations, litigation, and harm to employees, patients, customers and business partners.Cybersecurity Program OverviewThe Company’s cybersecurity program is structured around the cybersecurity framework (“Cybersecurity Framework”) of the National Institute of Standards and Technology (“NIST”), an agency of the U.S. Department of Commerce. The Cybersecurity Framework provides best practices to prevent, detect, identify, respond to, and recover from cyber-attacks. The Company’s cybersecurity program involves establishing information security policies, procedures and standards, investing in and implementing information protection processes, security measures and technologies, ongoing monitoring of systems and networks on which the Company relies, assessing cybersecurity risk profiles of key third-parties, implementing cybersecurity training and collaborating with public and private organizations on cyber threat information and best practices. The Company actively monitors the current threat landscape in an effort to identify material risks arising from new and evolving cybersecurity threats. The Company engages an external third-party cybersecurity assessor to perform an annual assessment or validation of the cybersecurity program in accordance with the Cybersecurity Framework and the HIPAA Security Risk Assessment Tool of the U.S. Health and Human Services Office for Civil Rights.Board Oversight of Cybersecurity RisksThe Board of Directors of the Company provides strategic oversight on cybersecurity matters, including risks associated with cybersecurity threats. The Company’s Chief Information Officer (“CIO”) and Chief Information Security Officer (“CISO”) provide annual written reports and quarterly briefings on the Company’s cybersecurity program to the Board of Directors. They also provide quarterly cybersecurity updates to the Audit and Compliance Committee. The reports to the Board of Directors include details and metrics on, among other things, the Company’s quarterly Cybersecurity Framework assessment updates, internal and external threat intelligence, quarterly information security program progress, business associate risk assessments and ongoing monitoring, company-wide awareness training, device security compliance, routine resilience efforts including disaster recovery exercises, tabletop security incident response exercises, and cyber penetration tests.Management's Role in Cybersecurity Risk Management The Company’s management, including the Company’s CIO and CISO, is responsible for assessing and managing material risks from cybersecurity threats. The Company’s CIO and CISO each have more than 20 years of experience in cybersecurity. The Company provides formalized cybersecurity training for newly-hired employees and annually for existing employees. In addition, the Company provides cybersecurity awareness training and education throughout the year. The annual cybersecurity training curriculum includes modules on information security, the employee’s role in protecting Company information, recognizing different cybersecurity incidents, identifying phishing emails, understanding the appropriate personnel to approach with information or questions, and acceptance of the Company’s Information Security Policy. The Company’s management is informed of cybersecurity incidents through ongoing monitoring and, in some cases, through receipt of notifications from third-party service providers. The CISO maintains and annually updates a Cybersecurity Incident Response Plan, which is a guide for the Company’s cybersecurity team to respond effectively to cybersecurity incidents in a coordinated manner in the interest of minimizing the risk of harm. The team works with colleagues in various departments throughout the Company, including Information Technology, Legal, Risk Management and Compliance, to prevent, mitigate and remediate cybersecurity incidents impacting the Company.48Table of ContentsAssessment of Cybersecurity RiskManagement continuously assesses the potential impact of risks from cybersecurity threats on the Company, and regularly evaluates how such risks could materially affect the Company’s business strategy, operational results, and financial condition. As noted above, an assessment of the cybersecurity program leveraging the Cybersecurity Framework is completed annually by an independent and qualified external third-party cybersecurity assessor. Additionally, Concentra receives a certified System and Organization Controls 2, Type 1 assessment, a voluntary compliance standard for ensuring that the Company properly manages and protects the sensitive data in its care, conducted by an independent and qualified external third-party assessor. The Company has not experienced a cybersecurity breach or information security breach during the past three fiscal years. The Company, from time to time, has been notified of third-party information cybersecurity breaches, but none of them has had a material impact on the Company's operations or financial results. The Company annually purchases a cybersecurity risk insurance policy to help defray the costs associated with any covered cybersecurity incident. Although the Company did not experience a material cybersecurity incident during the year ended December 31, 2023, the scope and impact of any future incident cannot be predicted.49Table of Contents.