Item 1A. Risk Factors.
Other than as described below, there have been no material changes to the risk factors disclosed in Part I—Item 1A of the Company’s Annual Report on Form 10-K for the year ended December 31, 2019.
The ongoing coronavirus (COVID-19) pandemic may negatively impact our business, financial condition, results of operations and growth.
The global spread of the COVID-19 pandemic and measures introduced by local, state and federal governments to contain the virus and mitigate its public health effects have created significant impact to the global economy. The duration and severity of this pandemic is unknown and the extent of the business disruption and financial impact depend on factors beyond our knowledge and control.
Given the uncertainty around the duration and extent of the COVID-19 pandemic, we expect the evolving COVID-19 pandemic to continue to impact our business, results of operations, and financial condition and liquidity, but cannot accurately predict at this time the future potential impact on our business, results of operations, financial condition and liquidity. In March 2020 and to date, community self-isolation practices and shelter-in-place requirements reduced in-office visits, negatively affecting our net patient service revenue and which may not be replaced by insurance coverage or government funding. Continued shelter-in-place, quarantine, executive order or related measures to combat the spread of COVID-19, as well as the perceived need by individuals to continue such practices to avoid infection, among other factors, have negatively impacted and are expected to continue to negatively impact our results of operations and net revenue, business and financial condition. These measures and practices have resulted in temporary closures of some of our near-site offices and most of our on-site offices, have resulted in delays in openings of our new medical offices, and may result in delays in entry into new markets and expansion in existing markets. Governmental authorities in certain of our markets, including California, have begun re-opening and lifting or relaxing shelter-in-place and quarantine measures only to revert such restrictions in the face of increases in new COVID-19 cases. In addition, in markets where our health network partners receive visit revenue in return for paying us a fixed price PMPM, a decrease in in-office utilization also reduces the visit revenue received by our health network partners, potentially negatively impacting their ability or willingness to pay us. In addition, due to the shelter-in-place orders across the country, we have implemented work-from-home policies for many employees which may impact productivity and disrupt our business operations, as well as those of our employer customers. While outbreaks such as COVID-19 have resulted in increased membership, such increased membership levels may not be sustained, and our consumer membership and enterprise customer retention may fall following the outbreak. The United States has seen an unprecedented unemployment rate since the start of the pandemic. As a result, we may see a decline in membership or per member usage of our services, resulting in a decline in net patient revenue. Moreover, as part of our rapid response to the COVID-19 pandemic, we have implemented new services and products, including specimen collection and other testing related services for COVID-19 based on continuously evolving regulatory standards, which may not be reimbursable or billable services. Further, the average reimbursement for any such billable services have been, and will likely continue to be, lower than traditional in-office visits, and we cannot be certain when in-office visits will return to pre-COVID levels, if at all. These new services and products could also result in inaccurate results or other member or employer customer dissatisfaction with such services and products, potentially resulting in legal disputes or claims. In addition, the COVID-19 pandemic may continue to negatively impact our operations, and net revenues, expenses, collectability of accounts receivables and other money owed, capital expenditures, liquidity, and overall financial condition by disrupting or delaying delivery of materials and products in the supply chain for our offices, including protective equipment for healthcare providers, by causing staffing shortages, by increasing capital expenditures due to the need to buy incremental hardware, or by reducing the liquidity and value of our short-term marketable securities.
41
Health care organizations around the world, including our health network partners in the United States, have faced and will continue to face, substantial challenges in treating patients with COVID-19, such as the diversion of hospital staff and resources from ordinary functions to the treatment of COVID-19, supply, resource and capital shortages and overburdening of staff and resource capacity. In the United States, governmental authorities have also recommended, and in certain cases required, that elective, specialty and other procedures and appointments, including certain primary care services, be suspended or canceled to avoid non-essential patient exposure to medical environments and potential infection with COVID-19 and to focus limited resources and personnel capacity toward the treatment of COVID-19. Some of these measures and challenges will likely continue for the duration of the pandemic, which is uncertain, and will harm the results of operations, liquidity and financial condition of these health care organizations, including certain of our health network partners. We cannot accurately predict at this time the ultimate severity or duration that the foregoing measures and challenges may have on these health care organizations, including us and our health network partners. Our health network partners rely, among other things, on the visit revenue they receive from members to offset the costs of the fixed price PMPM arrangement with us. As a result, our partners may also seek contractual accommodations from us. Given our dependence on our health network partners for a portion of our net revenue, our own business, financial condition and results of operations may be negatively impacted.
The COVID-19 pandemic and similar crises could also diminish the public’s trust in healthcare facilities, especially facilities that fail to accurately or timely diagnose, or are treating (or have treated) patients affected by infectious diseases. As certain of our medical offices treat patients with COVID-19 or other infectious disease, patients may be discouraged from visiting our offices, including cancelling appointments or failing to seek other care at the One Medical PCs. On the other hand, we are seeing patients book appointments for remote visits with our providers in lieu of office appointments. There can be no assurances that patients will continue booking remote visit appointments at the same level or at all for the duration of the pandemic. Our providers also face an increased risk of infection with COVID-19, which may result in staffing shortages at our offices or increased workers’ compensation claims. Our medical offices could also become overburdened with requests for visits or lab testing, and our virtual care teams may also become overburdened with member requests. In order to provide testing services in certain markets and to comply with certain local requirements, we opened temporary testing facilities. We may be required in the future to similarly make alterations to our operations, which increase our costs and diverts resources from managing our business and growth.
State and federal regulators have promulgated a variety of different emergency orders, laws, and regulations intended to permit health care providers to provide care to COVID-19 and other patients in need of medical care during the COVID-19 crisis, including through the relaxation of licensure requirements and privacy restrictions for telehealth and various waivers intended to limit liability for providers treating patients during the COVID-19 pandemic. We are undertaking many new programs to rapidly respond to the COVID-19 pandemic, including telehealth visits and testing arrangements, in reliance on these new initiatives. Although we believe that our arrangements comply with the requirements of these new initiatives, there can be no assurance that such emergency orders, laws and regulations will continue to apply or that regulators or other governmental entities will agree with our interpretation of these arrangements under applicable law, and any regulatory or governmental investigations or other disputes as a result of these arrangements, or the failure of various waivers for limitations of liability or other provisions under such emergency orders, laws and regulations to apply to us could divert resources and harm our business, financial condition and results of operations.
While the potential economic impact brought by and the duration of COVID-19 may be difficult to assess or predict, the widespread pandemic has resulted in, and may continue to result in, significant disruption of global financial markets, potentially reducing our ability to access capital, which could in the future negatively affect our liquidity. In addition, a recession or market correction resulting from the spread of COVID-19 could materially affect our business and the value of our common stock. Further, a recession or prolonged economic contraction could also harm the business and results of operations of our enterprise customers, resulting in potential business closures and layoffs of employees. The COVID-19 pandemic has also resulted in a significant increase in unemployment in the United States which may continue even after the pandemic. The occurrence of any such events may lead to reduced disposable income for members, cutbacks in employer benefits programs and reduced size of workforces, which could reduce our membership revenue and in-clinic and onsite clinic utilization and harm our business, financial condition and results of operations.
The global outbreak of COVID-19 continues to rapidly evolve. The ultimate impact of the COVID-19 pandemic or a similar health epidemic is highly uncertain and subject to change. We cannot at this time precisely predict what effects the COVID-19 outbreak will have on our business, results of operations and financial condition, including due to uncertainties relating to the severity of the disease, the duration of the pandemic and the governmental responses to the pandemic.
In addition, given the inherent uncertainty surrounding COVID-19 due to rapidly changing governmental directives, public health challenges and economic disruption and the duration of the foregoing, the potential impact that COVID-19 could have on the other Risk Factors described in this “Risk Factors” section and the Risk Factors contained in our Annual Report on Form 10-K for the year ended December 31, 2020 and incorporated by reference herein remain unclear.
42
Our business model and future growth are substantially dependent on the success of our strategic relationships with third parties.
We will continue to substantially depend on our relationships with third parties, including health network partners and enterprise clients to grow our business. We have historically derived a significant portion of our membership revenue from annual membership fees sponsored by our enterprise clients for their employees and patient visit revenue from such employees. In addition, our growth depends on maintaining existing, and developing new strategic affiliations with health network partners. Further, we rely on a number of partners such as benefits enrollment platforms, professional employment organizations, consultants and other distribution partners in order to sell our solutions and services and enroll members onto our platform.
Our agreements with our enterprise clients often provide for fees based on the number of members that are covered by such clients’ programs each month, known as capitation arrangements. Certain of our enterprise clients also pay us a fixed fee per year regardless of the number of registered members. The number of individuals who register as members through our enterprise clients is often affected by factors outside of our control, such as plan endorsement by the employer and member outreach and retention initiatives. Enterprise clients may also prohibit us from engaging in direct outreach with employees as potential members, or we may be unsuccessful in spreading brand awareness among employees who perceive competitors as offering better solutions and services, which would decrease growth in membership and reduce our net revenue. Increasing rates of unemployment may also result in loss of members at our enterprise clients, and economic recessions or slowdowns can result in our enterprise clients terminating their employee sponsorship arrangements with us for budgetary reasons. In addition, during periods of economic slowdown, enterprise clients may face less competition for new hires or may not need to hire as many employees, and as a result, they may not need to sponsor memberships with us as a means to attract new hires. For example, economic pressures arising from the COVID-19 pandemic have resulted in certain of our clients implementing cost-cutting measures such as layoffs. If the number of members covered by a client were to be reduced, including due to benefits reductions or layoffs during and after the COVID-19 pandemic, such reductions would lead to a reduction of membership fees, a decrease in our patient service revenue and may also result in the enterprise client electing not to renew our contract for another year. Even if we maintain a contract with an enterprise client to sponsor membership fees, employees of that customer may not sign up as members due to lack of awareness, inadequate marketing penetration due to information overflow at that customer or otherwise, or perceived inadequacy of our solutions or services as compared to those of competitors sponsored by the same customer. In addition, the growth forecasts of our clients are subject to significant uncertainty, including after the COVID-19 pandemic and any prolonged ensuing economic recession, and are based on assumptions and estimates that may prove to be inaccurate. Even if the markets in which our customers and partners compete meet the size estimates and growth forecasted, their program membership could fail to grow at similar rates, if at all. Historical activation rates within a given enterprise client may also not be indicative of future membership levels at that enterprise client or activation rates of similarly situated enterprise clients. Further, high activation rates do not necessarily result in increased patient service revenue or membership revenue. We define estimated activation rate for any enterprise client at a given time as the percentage of eligible lives enrolled as members. Some of our enterprise clients offer membership benefits to the dependents of their employees, for which we assume eligible lives include one dependent per employee.
We also derive a portion of our revenue from partnership revenue. For the years ended December 31, 2018 and 2019 and for the six months ended June 30, 2020, we derived 12%, 29% and 40%, respectively, of our net revenue from partnership revenue. A substantial portion of our partnership revenue is derived from contracts with health network partners. Under these contracts, we closely collaborate with each health network on certain strategic initiatives such as the expansion of practice sites in a particular jurisdiction or service area, and clinical and digital integration between our primary care and their specialty care services. Our contracts with the health network partners are typically bespoke, with varying terms across health network partners. However, each contract generally provides for fees on a PMPM basis or a fee-for-service basis. Under contracts providing for PMPM fees, when our medical offices provide professional clinical services to covered members, we, as administrator, perform billing and collection services on behalf of the health network, and the health network receives the fees for services provided, including those paid by members’ insurance plans. If we do not adequately satisfy the objectives of our partners and perform against contractual obligations, we may lose revenue under the applicable health network partner contract and the health network partner may become dissatisfied with the terms or our performance under the contract, which could result in its early termination or amendment, if permitted, and as a result, harm to our business and results of operations, including reduction in net revenue. We cannot guarantee that our health network partners will continue to be satisfied with the terms or circumstances under existing contracts as well, even if unrelated to our performance under the contracts, particularly given constraints and challenges posed by the COVID-19 pandemic. We have experienced contractual disputes and renegotiations with health network partners in the past and may experience additional disputes and renegotiations in the future. Our contracts with health network partners are often exclusive in the applicable jurisdiction; as a result, in new potential markets should we pursue a health network partnership, we would need to successfully contract with a sufficiently competitively viable health network partner, as we may not be able to terminate any such contract for several years without penalty or be able to partner with other health network partners in the same market due to competitive pressures or lack of counterparties. If we are unable to successfully continue our strategic relationships with our health network partners, on terms favorable to us or at all, or if we do not successfully contract with health network partners in new jurisdictions, our business and results of operations could be harmed.
43
Identifying partners, and negotiating and documenting relationships with them, requires significant time and resources. Our competitors may be more effective in executing such relationships and performing against them. If we are unsuccessful in establishing or maintaining our relationships with third parties, our ability to compete in the marketplace or to grow our net revenue could be impaired and our results of operations may suffer. Even if we are successful, we cannot assure you that these relationships will result in increased member use of our solutions and services or increased net revenue.
We conduct business in a heavily regulated industry, and if we fail to comply with applicable healthcare laws and government regulations, we could incur financial penalties, become excluded from participating in government healthcare programs, be required to make significant operational changes or experience adverse publicity, which could harm our business.
The U.S. healthcare industry is heavily regulated and closely scrutinized by federal, state and local authorities. Comprehensive statutes and regulations govern the manner in which we provide and bill for services and collect reimbursement from governmental programs and private payers, our contractual relationships with our providers, vendors, health network partners and customers, our marketing activities and other aspects of our operations. Of particular importance are:
|
•
|
state laws that prohibit general business corporations, such as us, from practicing medicine, controlling physicians’ medical decisions or engaging in practices such as splitting fees with physicians;
|
|
•
|
federal and state laws pertaining to non-physician practitioners, such as nurse practitioners and physician assistants, including requirements for physician supervision of such practitioners and reimbursement-related requirements;
|
|
•
|
the federal physician self-referral law, commonly referred to as the Stark Law, which, subject to certain exceptions, prohibits physicians from referring Medicare or Medicaid patients to an entity for the provision of certain “designated health services” if the physician or a member of the physician’s immediate family has a direct or indirect financial relationship (including an ownership interest or a compensation arrangement) with the entity;
|
|
•
|
the federal Anti-Kickback Statute, which, subject to certain exceptions known as “safe harbors,” prohibits the knowing and willful offer, payment, solicitation or receipt of any bribe, kickback, rebate or other remuneration, in cash or in kind, in return for the referral of an individual for, or the lease, purchase, order or recommendation of, items or services covered, in whole or in part, by government healthcare programs such as Medicare and Medicaid;
|
|
•
|
the federal False Claims Act, which imposes civil and criminal liability on individuals or entities that knowingly or recklessly submit false or fraudulent claims to Medicare, Medicaid, and other government-funded programs or make or cause to be made false statements in order to have a claim paid;
|
|
•
|
a provision of the Social Security Act that imposes criminal penalties on healthcare providers who fail to disclose or refund known overpayments;
|
|
•
|
the criminal healthcare fraud provisions of the federal Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act, or HITECH, and their implementing regulations, or collectively, HIPAA, and related rules that prohibit knowingly and willfully executing a scheme or artifice to defraud any healthcare benefit program or falsifying, concealing or covering up a material fact or making any material false, fictitious or fraudulent statement in connection with the delivery of or payment for healthcare benefits, items or services;
|
|
•
|
the Civil Monetary Penalties Law, which prohibits the offering or giving of remuneration to Medicare and Medicaid beneficiaries that is likely to influence the beneficiary’s selection of a particular provider or supplier;
|
|
•
|
federal and state laws that prohibit providers from billing and receiving payment from Medicare and Medicaid for services unless the services are medically necessary, adequately and accurately documented, and billed using codes that accurately reflect the type and level of services rendered;
|
|
•
|
laws that regulate debt collection practices;
|
|
•
|
federal and state laws and policies related to healthcare providers’ licensure, certification, accreditation, Medicare and Medicaid program enrollment and reassignment of benefits;
|
|
•
|
federal and state laws and policies related to the prescribing and dispensing of pharmaceuticals and controlled substances;
|
|
•
|
state laws related to the advertising and marketing of services by healthcare providers;
|
|
•
|
federal and state laws related to confidentiality, privacy and security of personal information, including medical information and records, that limit the manner in which we may use and disclose that information, impose obligations to safeguard such information and require that we notify third parties in the event of a breach;
|
44
|
•
|
federal laws that impose civil administrative sanctions for, among other violations, inappropriate billing of services to government healthcare programs or employing or contracting with individuals who are excluded from participation in government healthcare programs;
|
|
•
|
laws and regulations limiting the use of funds in health savings accounts for individuals with high deductible health plans;
|
|
•
|
state laws pertaining to anti-kickback, fee splitting, self-referral and false claims, some of which are not limited to relationships involving government-funded programs; and
|
|
•
|
state laws governing healthcare entities that bear financial risk.
|
Because of the breadth of these laws and the narrowness of the statutory exceptions and safe harbors available, it is possible that some of our business activities could be subject to challenge under one or more of such laws. Achieving and sustaining compliance with these laws may prove costly. The risk of our being found in violation of these laws and regulations is increased by the fact that many of them have not been fully interpreted by regulatory authorities or the courts, and their provisions are sometimes complex and open to a variety of interpretations. Failure to comply with these laws and other laws can result in civil and criminal penalties such as fines, damages, recoupments of overpayments, imprisonment, loss of enrollment status and exclusion from the Medicare and Medicaid programs. Our failure to accurately anticipate the application of these laws and regulations to our business or any other failure to comply with regulatory requirements could create liability for us and negatively affect our business. Any action against us for violation of these laws or regulations, even if we successfully defend against it, could cause us to incur significant legal expenses, divert our management’s attention from the operation of our business and result in adverse publicity.
To enforce compliance with the federal laws, the U.S. Department of Justice and the OIG of the HHS regularly scrutinize healthcare providers, which has led to a number of investigations, prosecutions, convictions and settlements in the healthcare industry. Responding to and managing government investigations can be time- and resource-consuming, divert management’s attention from the business and generate adverse publicity. Any such investigation or settlement could increase our costs or otherwise have a negative impact on our business, even if we are ultimately found to be in compliance with the relevant laws. Moreover, if one of our health system partners or another third party fails to comply with applicable laws and becomes the target of a government investigation, government authorities could require our cooperation in the investigation, which could cause us to incur additional legal expenses and result in adverse publicity.
In addition, because of the potential for large monetary exposure under the federal False Claims Act, which provides for treble damages and penalties of $11,463 to $22,927 per false claim or statement (as of 2019, and subject to annual adjustments for inflation), healthcare providers often resolve allegations without admissions of liability for significant amounts to avoid the uncertainty of treble damages that may be awarded in litigation proceedings. Such settlements often contain additional compliance and reporting requirements as part of a consent decree, settlement agreement or corporate integrity agreement. Given the significant size of actual and potential settlements, it is expected that the government will continue to devote substantial resources to investigating healthcare providers’ compliance with the healthcare reimbursement rules and fraud and abuse laws.
The One Medical PCs’ operation of medical practices is also subject to various state laws. Among other things, states regulate the licensure of healthcare providers, the supervision by physicians of non-physician practitioners such as physician assistants, nurse practitioners and registered nurses, the retention and storage of medical records, patient privacy and the protection of health information, and the prescribing and dispensing of pharmaceuticals and controlled substances. All such laws, and interpretations thereof, are subject to change. We could be subject to financial penalties and fines, criminal prosecution or other sanctions if our operations are found to not comply with these laws.
In addition, our ability to provide our full range of services in each state is dependent upon a state’s treatment of telemedicine and emerging technologies (such as digital health services), which are subject to changing political, regulatory and other influences. Many states have laws that limit or restrict the practice of telemedicine, such as laws that require a provider to be licensed and/or physically located in the same state where the patient is located. For example, many of the states in which we operate are not members of the Interstate Medical Licensure Compact, which streamlines the process by which physicians licensed in one state are able to practice in other participating states. Failure to comply with these laws could result in denials of reimbursement for our services (to the extent such services are billed), recoupments of prior payments, professional discipline for our providers or civil or criminal penalties.
45
We have also had to adapt our business to changes in the healthcare regulatory landscape with the enactment of the CARES Act and other emergency orders, laws and regulations in response to the COVID-19 pandemic. While some of these changes have allowed us to rapidly respond to the COVID-19 pandemic including via expanded telehealth visits and testing arrangements, they have also required us to adapt to new requirements for insurers to pay for certain forms of diagnostic testing for COVID-19, prohibitions on cost-sharing or patient deductibles and new resources to help uninsured individuals pay for testing services. Although we believe that our arrangements comply with the requirements of these new initiatives, there can be no assurance that such emergency orders, laws and regulations will continue to apply or that regulators or other governmental entities will agree with our interpretation of these arrangements under applicable law, and any regulatory or governmental investigations or other disputes as a result of these arrangements, or the failure of various waivers for limitations of liability or other provisions under such emergency orders, laws and regulations to apply to us could divert resources and harm our business, financial condition and results of operations.
The laws, regulations and standards governing the provision of healthcare services may change significantly in the future. New or changed healthcare laws, regulations or standards may harm our business. A review of our business by judicial, law enforcement, regulatory or accreditation authorities could result in challenges or actions against us that could harm our business and operations.
We rely on internet infrastructure, bandwidth providers, other third parties and our own systems to provide a proprietary services platform to our members and clients, and any failure or interruption in the services provided by these third parties or our own systems could expose us to litigation and hurt our reputation and relationships with members and clients.
Our ability to maintain our proprietary services platform, including our digital health services, is dependent on the development and maintenance of the infrastructure of the internet and other telecommunications services by third parties. This includes maintenance of a reliable network connection with the necessary speed, data capacity and security for providing reliable internet access and services and reliable telephone and facsimile services. Our platform is designed to operate without perceptible interruption in accordance with our service level commitments.
We have, however, experienced limited interruptions in these systems in the past, including server failures that temporarily slow down the performance of our platform, and we may experience similar or more significant interruptions in the future. We rely on internal systems as well as third-party suppliers, including bandwidth and telecommunications equipment providers, to maintain our platform and related services. Interruptions in these systems or services, whether due to system failures, cyber incidents (the risk of which may be higher due to the significant increase in remote work across the technology industry as a result of COVID19 and related shelter-in-place orders). We do not currently maintain redundant systems or facilities for some of these services. Interruptions in these systems or services, whether due to system failures, cyber incidents, physical or electronic break-ins or other events, could affect the security or availability of our platform or services and prevent or inhibit the ability of our members to access our platform or services. In the event of a catastrophic event with respect to one or more of these systems or facilities, we may experience an extended period of system unavailability, which could result in substantial costs to remedy those problems or harm our relationship with our members and our business.
Additionally, any disruption in the network access, telecommunications or co-location services provided by third-party providers or any failure of or by third-party providers’ systems or our own systems to handle current or higher volume of use could significantly harm our business. We exercise limited control over our third-party suppliers, which increases our vulnerability to problems with services they provide. Any errors, failures, interruptions or delays experienced in connection with these third-party technologies and information services or our own systems could hurt our relationships with health network partners, enterprise clients and members and expose us to third-party liabilities.
The reliability and performance of our internet connection may be harmed by increased usage or by denial-of-service attacks or related cyber incidents, which may increase due to more opportunities for such incident to occur as a result of the remote work necessitated by COVID19 and related shelter-in-place orders. The services of other companies delivered through the internet have experienced a variety of outages and other delays as a result of damages to portions of the internet’s infrastructure, and such outages and delays could affect our systems and services in the future. These outages and delays could reduce the level of internet usage as well as the availability of the internet to us for delivery of our internet-based services. Any of the foregoing could harm our competitive position, business, financial condition, results of operations and prospects.
46
We rely on third-party vendors to host and maintain our technology platform.
We rely on third-party vendors to host and maintain our technology platform. Our ability to offer our solutions and services and operate our business is dependent on maintaining our relationships with third-party vendors and entering into new relationships to meet the changing needs of our business. Any deterioration in our relationships with such vendors or our failure to enter into agreements with vendors in the future could harm our business and our ability to pursue our growth strategy. Because of the large amount of data that we collect and manage, it is possible that, despite precautions taken at our vendors’ facilities, the occurrence of a natural disaster, cyber incident, decision to close the facilities without adequate notice or other unanticipated problems could result in our non-compliance with privacy laws and regulations, loss of proprietary information, personal information, or PII, and other confidential information, and in lengthy interruptions in our service. These service interruptions could also cause our platform to be unavailable to our health network partners, enterprise clients and members, and impair our ability to deliver solutions and services and to manage our relationships with new and existing health network partners, enterprise clients and members.
If our third-party vendors are unable or unwilling to provide the services necessary to support our business, or if our agreements with such vendors are terminated, our operations could be significantly disrupted. Some of our vendor agreements may be unilaterally terminated by the vendor for convenience, including with respect to Amazon Web Services, and if such agreements are terminated, we may not be able to enter into similar relationships in the future on reasonable terms or at all. We may also incur substantial costs, delays and disruptions to our business in transitioning such services to ourselves or other third-party vendors. In addition, third-party vendors may not be able to provide the services required in order to meet the changing needs of our business. Any of the foregoing could harm our competitive position, business, financial condition, results of operations and prospects.
If our or our vendors’ security measures fail or are breached and unauthorized access to our employees’, contractors’, members’, clients’ or partners’ data is obtained, our services may be perceived as insecure, we may incur significant liabilities, including through private litigation or regulatory action, our reputation may be harmed, and we could lose members, clients and partners.
Our services and operations involve the storage and transmission of health network partners’ and our enterprise clients’ proprietary information, sensitive or confidential data, including valuable intellectual property and personal information of employees, contractors, clients, customers, members and others, as well as the PHI of our members. Because of the extreme sensitivity of the information we store and transmit, the security features of our and our third-party vendors’ computer, network, and communications systems infrastructure are critical to the success of our business. A breach or failure of our or our third-party vendors’ security measures could result from a variety of circumstances and events, including third-party action, employee negligence or error, malfeasance, computer viruses, cyber-attacks by computer hackers, failures during the process of upgrading or replacing software and databases, power outages, hardware failures, telecommunication failures, user errors, or catastrophic events. Information security risks have generally increased in recent years because of the proliferation of new technologies and the increased number, sophistication and activities of perpetrators of cyber-attacks. The risk of cyber-attacks may be heightened during the COVID19 emergency as we and our vendors move to remote work which may pose more cyber security vulnerabilities, including those susceptible to exploitation. As cyber threats continue to evolve, we may be required to expend additional resources to further enhance our information security measures and/or to investigate and remediate any information security vulnerabilities. If our or our third-party vendors’ security measures fail or are breached, it could result in unauthorized access to sensitive patient or member data (including PHI) or other personal information of employees, contractors, clients, members or others, a loss of or damage to our data, an inability to access data sources, or process data or provide our services to our members, health network partners and enterprise clients. Such failures or breaches of our or our third-party vendors’ security measures, or our or our third-party vendors’ inability to effectively resolve such failures or breaches in a timely manner, could severely damage our reputation, adversely impact customer, partner, member or investor confidence in us, and reduce the demand for our solutions and services. In addition, we could face litigation, significant damages for contract breach or other breaches of law, significant monetary penalties, or regulatory actions for violation of applicable laws or regulations, and incur significant costs for remedial measures to prevent future occurrences and mitigate past violations. Although we maintain insurance covering certain security and privacy damages and claim expenses, we may not carry insurance or maintain coverage sufficient to compensate for all liability and in any event, insurance coverage would not address the reputational damage that could result from a security incident.
We or our third-party vendors may experience cybersecurity and other breach incidents that remain undetected for an extended period. Because techniques used to obtain unauthorized access or to sabotage systems change frequently and generally are not recognized until launched, we or our third-party vendors may be unable to anticipate these techniques or to implement adequate preventive measures. If an actual or perceived breach of our or our third-party vendors’ security occurs, or if we or our third-party vendors are unable to effectively resolve such breaches in a timely manner, the market perception of the effectiveness of our security measures could be harmed and we could lose current and potential members, partners and clients, which could harm our business, results of operations, financial condition and prospects.
47
Our proprietary software may not operate properly, which could damage our reputation, give rise to claims against us or divert application of our resources from other purposes, any of which could harm our business.
Our proprietary technology platform provides members with the ability to, among other things, register for our services, request a visit (either scheduled or on demand) and communicate and interact with providers, and allows our providers to, among other things, chart patient notes, maintain medical records, and conduct visits (via video, phone or the internet). Proprietary software development is time-consuming, expensive and complex, and may involve unforeseen difficulties. We may encounter technical obstacles, and it is possible that we may discover additional problems that prevent our proprietary software from operating properly. Due to COVID19, use of virtual care has increased, which places a heavier demand on our technology platform and may cause performance levels to deteriorate. In addition, we are quickly introducing new features and functions within our technology platform to meet the needs of our members and providers during the COVID19 emergency. These features and functions may contain bugs or errors that could impact usability and technology and clinical operations. We continue to implement software with respect to a number of new applications and services. If our solutions do not function reliably or fail to achieve member, provider, partner or client expectations in terms of performance, we may lose or fail to grow member usage, fail to retain provider talent, members, partners and clients could assert liability claims against us, and partners and clients may attempt to cancel their contracts with us. This could damage our reputation and impair our ability to attract or maintain health network partners, enterprise clients, members and providers.
If we cannot implement or optimize our technology solutions for members, integrate our systems with health network partners or resolve technical issues in a timely manner, we may lose clients and partners and our reputation may be harmed.
Our health network partners utilize a variety of data formats, applications, systems and infrastructure. Moreover, each health network partner may have a unique technology ecosystem and infrastructure. To maintain our strategic relationships with such partners, our solutions and services must be seamlessly integrated and interoperable with our partners’ complex systems, which may cause us to incur significant upfront and maintenance costs. Additionally, we do not control our partners’ integration schedules. As a result, if our partners do not allocate the internal resources necessary to meet their integration responsibilities, which resources can be significant as many of them are large healthcare institutions with substantial operations to manage, or if we face unanticipated integration difficulties, the integration may be delayed. In addition, competitors with more efficient operating models with lower integration costs could jeopardize our partner relationships. If the integration process with our partners is not executed successfully or if execution is delayed, we could incur significant costs, partners could become dissatisfied and decide not to continue a strategic contractual relationship with us beyond an initial period during their term commitment or, in some cases, revenue recognition could be delayed, any of which could harm our business and results of operations.
Our members depend on our technology solutions, digital health platform, including our mobile app, and support services to access on-demand digital health services or schedule in-office visits. We may be unable to respond quickly enough to accommodate increases in member demand for support services, particularly as we increase the size of our membership base and as COVID-19 drive more member demand for our digital health services. We also may be unable to modify the format of our technology solutions and support services to compete with changes in such solutions and services provided by competitors. If we are unable to address members’ needs or preferences in a timely fashion or further develop and enhance our technology solutions, or if members are not satisfied with the quality of work performed by us or with the technical support services rendered, then we could incur additional costs to redress the situation, and our business may be impaired and members’ and clients’ dissatisfaction with our technology solutions could damage our ability to maintain or expand our membership base. While we have not issued refunds or credits for membership fees for these reasons, and historically any refunds or credits issued have not had a significant impact on net revenue, there can be no assurance as to whether we may need to issue additional refunds or credits for membership fees in the future as a result of member or client dissatisfaction. For example, our members expect on-demand healthcare services through our mobile app and rapid in-office visit scheduling. Failure to maintain these standards may reduce our overall NPS, harm our reputation and cause us to lose members. Moreover, negative publicity related to our technology solutions, regardless of its accuracy, may further damage our business by affecting our reputation, NPS or ability to compete for new members and enterprise clients. If our technology solutions or support services are perceived as subpar or if we fail to meet the standards requested or preferred by our members, we may lose current and potential members, and our enterprise clients may terminate or decide not to renew their contracts with us. In addition, our enterprise clients expect our technology solutions to facilitate long-term cost of care reductions through high employee digital engagement, which we market as potential benefits for employers in providing employees with memberships for our solutions and services. If employers do not perceive our solutions and services as providing such efficiencies and cost savings, they may terminate their contracts with us or elect not to renew. Any such outcomes could also negatively affect our ability to contract with new enterprise clients through damage to our reputation. If any of these were to occur, our revenue may decline and our business, results of operations, financial condition and prospects could be harmed.
48
Our use and disclosure of PII, including PHI, is subject to federal and state privacy and security regulations, and our failure to comply with those regulations or to adequately secure such information we hold could result in significant liability or reputational harm and, in turn, substantial harm to our health network partner and enterprise client base, membership base and revenue.
We receive, store, process and use personal information as part of our business. Numerous state and federal laws and regulations inside the United States govern the collection, dissemination, use, privacy, confidentiality, security, availability and integrity of PII including PHI. These laws and regulations include HIPAA, as amended by the HITECH Act, and their implementing regulations, as well as state privacy and data protection laws. HIPAA establishes a set of baseline national privacy and security standards for the protection of PHI, by health plans, healthcare clearinghouses and certain healthcare providers, referred to as covered entities, which includes the One Medical PCs, and the business associates with whom such covered entities contract for services that involve the use or disclosure of PHI, which includes us. States may enforce more stringent privacy and data protection laws exceeding the requirements of HIPAA. Compliance with data protection laws and regulations in the United States could cause us to incur substantial costs or require us to change our business practices and compliance procedures in a manner adverse to our business. We strive to comply with applicable laws, regulations, policies and other legal obligations relating to privacy, data protection and information security. However, the various regulatory frameworks for privacy and data protection is, and is likely to remain, uncertain for the foreseeable future, and it is possible that these or other actual or alleged obligations may be interpreted and applied in a manner that is inconsistent from one jurisdiction to another and may conflict with other rules and subject our business practices to uncertainty.
HIPAA requires healthcare providers like us to develop and maintain policies and procedures with respect to PHI that is used or disclosed, including the adoption of administrative, physical and technical safeguards to protect such information. HIPAA also implemented the use of standard transaction code sets and standard identifiers that covered entities must use when submitting or receiving certain electronic healthcare transactions, including activities associated with the billing and collection of healthcare claims.
Penalties for violations of these laws vary. For example, penalties for violations of HIPAA and its implementing regulations start at $114 per violation and are not to exceed $57,051 per violation, subject to a cap of $1.7 million for violations of the same standard in a single calendar year (as of 2019, and subject to periodic adjustments for inflation). However, a single breach incident can result in violations of multiple standards, which could result in significant fines. HIPAA also authorizes state attorneys general to file suit on behalf of their residents. Courts will be able to award damages, costs and attorneys’ fees related to violations of HIPAA in such cases, which may be significant. While HIPAA does not create a private right of action allowing individuals to sue us in civil court for violations of HIPAA, its standards have been used as the basis for duty of care in state civil suits such as those for negligence or recklessness in the misuse or breach of PHI. Any such penalties or lawsuits could harm our business, financial condition, results of operations and prospects.
In addition, HIPAA mandates that the Secretary of HHS conduct periodic compliance audits of HIPAA covered entities or business associates for compliance with the HIPAA Privacy and Security Standards and Breach Notification Rule. It also tasks HHS with establishing a methodology whereby harmed individuals who were the victims of breaches of unsecured PHI may receive a percentage of the civil monetary penalty fine or settlement paid by the violator.
HIPAA further requires that patients be notified of any unauthorized acquisition, access, use or disclosure of their unsecured PHI that compromises the privacy or security of such information, with certain exceptions related to unintentional or inadvertent use or disclosure by employees or authorized individuals or where there is a good faith belief that the person who received the impermissible disclosure would not have been able to retain the information. HIPAA specifies that such notifications must be made “without unreasonable delay and in no case later than 60 calendar days after discovery of the breach.” If a breach affects 500 patients or more, it must be reported to HHS without unreasonable delay, and HHS will post the name of the breaching entity on its public web site. Breaches affecting 500 patients or more in the same state or jurisdiction must also be reported to the local media. If a breach involves fewer than 500 people, the covered entity must record it in a log and notify HHS at least annually. Any such notifications, including notifications to the public, could harm our business, financial condition, results of operations and prospects
Numerous other federal and state laws protect the confidentiality, privacy, availability, integrity and security of PII, including PHI. For example, various states, such as California and Massachusetts, have implemented privacy laws and regulations that in many cases are more restrictive than, and may not be preempted by, the HIPAA rules and may be subject to varying interpretations by courts and government agencies, creating complex compliance issues for us and our health network partners and enterprise clients and potentially exposing us to additional expense, adverse publicity and liability.
Further, as public and regulatory focus on privacy issues continues to increase, new laws and regulations, including health information standards, whether implemented pursuant to HIPAA, congressional action or otherwise, could have a significant effect on the manner in which we must handle PII and healthcare-related data, and the cost of complying with standards could be significant and may include providing enhanced data security infrastructure. If we do not comply with existing or new laws and regulations related to PII and PHI, we could be subject to criminal or civil sanctions, as well as reputational harm.
49
Because of the extreme sensitivity of the information we store and transmit, the security features of our technology platform are very important. If our security measures, some of which are managed by third parties, are breached or fail, unauthorized persons may be able to obtain access to sensitive employee, contractor, patient and member data, including HIPAA-regulated PHI. As a result, our reputation could be severely damaged, harming member, client and partner confidence. Members may curtail their use of or stop using our services or our member base could decrease, which would cause our business to suffer. In addition, we could face litigation, significant damages for contract breach, significant penalties and regulatory actions for violation of HIPAA and other applicable laws or regulations and significant costs for remediation, notification to individuals and the public and measures to prevent future occurrences. Any potential security breach could also result in increased costs associated with liability for stolen assets or information, repairing system damage that may have been caused by such breaches, remediation offered to employees, contractors, health network partners, enterprise clients or members in an effort to maintain our business relationships after a breach and implementing measures to prevent future occurrences, including organizational changes, deploying additional personnel and protection technologies, training employees and engaging third-party experts and consultants. While we maintain insurance covering certain security and privacy damages and claim expenses, we may not carry insurance or maintain coverage sufficient to compensate for all liability and in any event, insurance coverage would not address the reputational damage that could result from an incident. In addition, we might not continue to be able to obtain adequate insurance coverage at an acceptable cost.
We outsource important aspects of the storage and transmission of patient and member information, and thus rely on third parties to manage functions that have material cybersecurity risks. We attempt to address these risks by requiring outsourcing subcontractors who handle patient and member information to sign information protection addenda and business associate agreements contractually requiring those subcontractors to adequately safeguard PII, including PHI, to the same extent that applies to us and in some cases by requiring such outsourcing subcontractors to undergo third-party security examinations. In addition, we periodically hire third-party security experts to assess and test our security posture. However, we cannot assure that these contractual measures and other safeguards will adequately protect us from the risks associated with the storage and transmission of employees’, contractors’, patients’ and members’ PII and PHI.
We also publish statements to our members that describe how we handle and protect personal information. If federal or state regulatory authorities or private litigants consider any portion of these statements to be untrue, we may be subject to claims of misrepresentation and/or deceptive practices, which could lead to significant liabilities and consequences, including, without limitation, significant costs of responding to investigations, defending against litigation, settling claims and complying with regulatory or court orders.
We also expect that there will continue to be new laws, regulations and industry standards concerning privacy, data protection and information security proposed and enacted in various jurisdictions. For example, California’s Consumer Privacy Act of 2018, or the CCPA, which affords consumers expanded privacy protections went into effect on January 1, 2020. The potential effects of the CCPA are far-reaching and may require us to modify our data processing practices and policies and to incur substantial costs and expenses in an effort to comply. For example, the CCPA gives California residents expanded rights to access and require deletion of their personal information, opt out of certain personal information sharing and receive detailed information about how their personal information is used. Failure to comply with the CCPA may result in attorney general enforcement action and damage to our reputation. The CCPA also provides for civil penalties for violations, as well as a private right of action for data breaches that may increase data breach litigation.
Additionally, if third parties we work with, such as vendors or developers, violate applicable laws or regulations or our policies, such violations may cause us to incur significant liability and may also put our members’ data at risk, any of which could in turn harm our business. Any significant change to applicable laws, regulations or industry practices regarding the collection, use, retention, security or disclosure of our members’ data content, or regarding the manner in which the express or implied consent for the collection, use, retention or disclosure of such data is obtained, could increase our costs and require us to modify our services and features, possibly in a material manner, which we may be unable to complete and may limit our ability to store and process member data, optimize our operations or develop new services and features. Any of the foregoing could harm our competitive position, business, financial condition, results of operations and prospects.
50
Taxing authorities may successfully assert that we should have collected or in the future should collect sales and use or similar taxes for our membership and enterprise offerings which could negatively impact our results of operations.
We do not collect sales and use and similar taxes in any states for our membership and enterprise offerings based on our belief that our services are not subject to such taxes in any state. Sales and use and similar tax laws and rates vary greatly from state to state. Certain states in which we do not collect such taxes may assert that such taxes are applicable, which could result in tax assessments, penalties and interest with respect to past services, and we may be required to collect such taxes for services in the future. For example, the State of New York audited our sales and use tax records from March 2011 through February 2017 and issued a determination that we owe back taxes, penalties and interest. While we are disputing the results of the audit, we may not be successful, in which case we may be required to make payments in tax assessments, penalties or interest, and may be required to collect sales and use taxes in the future. Such tax assessments, penalties and interest or future requirements may negatively impact our results of operations.
Natural or man-made disasters and other similar events may significantly disrupt our business and negatively impact our business, financial condition and results of operations.
Our offices and facilities may be harmed or rendered inoperable by natural or man-made disasters, including earthquakes, power outages, fires, floods, protests and civil unrest, nuclear disasters and acts of terrorism or other criminal activities, which may render it difficult or impossible for us to operate our business for some period of time. In particular, certain of the facilities we lease to house our computer and telecommunications equipment are located in the San Francisco Bay Area, a region known for seismic activity, and our insurance coverage may not compensate us for losses that may occur in the event of an earthquake or other significant natural disaster. Any disruptions in our operations related to the repair or replacement of our offices, could negatively impact our business and results of operations and harm our reputation. Although we maintain an insurance policy covering damage to property we rent, such insurance may not be sufficient to compensate for the different types of associated losses that may occur, including business interruption losses. Any such losses or damages could harm our business, financial condition and results of operations. In addition, our health network partners’ facilities may be harmed or rendered inoperable by such natural or man-made disasters, which may cause disruptions, difficulties or other negative effects on our business and operations.
If our estimates or judgments relating to our critical accounting policies prove to be incorrect, our results of operations could be harmed.
The preparation of financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as provided in Item 7 “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Critical Accounting Policies and Significant Judgments and Estimates.” The results of these estimates form the basis for making judgments about the carrying values of assets, liabilities, and equity and the amount of revenue and expenses that are not readily apparent from other sources. Significant assumptions and estimates used in preparing our consolidated financial statements include those related to revenue recognition, determination of useful lives for property and equipment, intangible assets including goodwill, capitalized internal-use software, allowance for doubtful accounts, valuation of redeemable convertible preferred stock warrant liability, self-insurance reserves, valuation of common stock, stock options valuations, contingent liabilities, income taxes and the fair value of the liability component of our 2025 Notes. Our results of operations may be harmed if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations to fall below the expectations of securities analysts and investors, resulting in a decline in the trading price of our common stock.
If we are unable to obtain, maintain and enforce intellectual property protection for our technology and solutions or if the scope of our intellectual property protection is not sufficiently broad, others may be able to develop and commercialize technology and solutions substantially similar to ours, and our ability to successfully commercialize our technology and solutions may be compromised.
Our business depends on proprietary technology and content, including software, processes, databases, confidential information and know-how, the protection of which is crucial to the success of our business. We rely on a combination of trademark, trade-secret and copyright laws, confidentiality policies and procedures, cybersecurity practices and contractual provisions to protect the intellectual property rights of our proprietary technology and content. We have pending patent applications but do not currently own any issued patents. Accordingly, it is possible that third parties, including our competitors, may obtain patents relating to technologies that overlap or compete with our technology. If third parties obtain patent protection with respect to such technologies, they may assert that our technology infringes their patents and seek to charge us a licensing fee or otherwise preclude the use of our technology. We may, over time, increase our investment in protecting our intellectual property through additional trademark, patent and other intellectual property filings, which could be expensive and time-consuming. We may not be able to obtain protection for our technology and even if we are successful in obtaining effective patent, trademark, trade-secret and copyright protection, it is expensive
51
to maintain these rights and the costs of defending our rights could be substantial. Moreover, our failure to develop and properly manage new intellectual property could hurt our market position and business opportunities. Furthermore, changes to U.S. intellectual property laws may jeopardize the enforceability and validity of our intellectual property portfolio and harm our ability to obtain patent protection of certain inventions.
In addition, these measures may not be sufficient to offer us meaningful protection or provide us with any competitive advantages. If we are unable to adequately protect our intellectual property and other proprietary rights, our competitive position and our business could be harmed, as third parties may be able to commercialize and use technologies and software solutions that are substantially the same as ours to compete with us without incurring the development and licensing costs that we have incurred. Any of our owned or licensed intellectual property rights could be challenged, invalidated, circumvented, infringed, misappropriated or violated, our trade secrets and other confidential information could be disclosed in an unauthorized manner to third parties, or our intellectual property rights may not be sufficient to permit us to take advantage of current market trends or to otherwise to provide us with competitive advantages, which could result in costly redesign efforts, business disruptions, discontinuance of some of our offerings or other competitive harm.
Risks Related Ownership of Our Common Stock
Our stock price may be volatile, and the value of our common stock may decline.
The market price of our common stock may be highly volatile and may fluctuate or decline substantially as a result of a variety of factors, some of which are beyond our control or are related in complex ways, including:
|
•
|
actual or anticipated fluctuations in our financial condition and operating results;
|
|
•
|
variance in our financial performance from expectations of securities analysts or investors;
|
|
•
|
changes in the pricing we offer our members;
|
|
•
|
changes in our projected operating and financial results;
|
|
•
|
the impact of COVID-19 on our financial performance, financial condition and results of operations, and the financial performance and financial condition of our health network partners, on our payers, our enterprise customers and others;
|
|
•
|
the impact of protests and civil unrest;
|
|
•
|
our relationships with our health network partners and any changes to or terminations of our contracts with the health network partners;
|
|
•
|
changes in laws or regulations applicable to our solutions and services;
|
|
•
|
announcements by us or our competitors of significant business developments, acquisitions, or new offerings;
|
|
•
|
publicity associated with issues with our services and technology platform;
|
|
•
|
our involvement in litigation, including medical malpractice claims and consumer class action claims;
|
|
•
|
any governmental investigations or inquiries into or challenges to our relationships with the One Medical PCs under the ASAs or to our relationships with health network partners;
|
|
•
|
future sales of our common stock or other securities, by us or our stockholders, as well as the anticipation of lock-up releases;
|
|
•
|
changes in senior management or key personnel;
|
|
•
|
developments or disputes concerning our intellectual property or other proprietary rights;
|
|
•
|
allegations that we have infringed, misappropriated or otherwise violated any intellectual property of any third party;
|
|
•
|
changes in accounting standards, policies, guidelines, interpretations or principles;
|
|
•
|
actual or anticipated developments in our business, our competitors’ businesses or the competitive landscape generally, including competition or perceived competition from well-known and established companies or entities;
|
|
•
|
the trading volume of our common stock;
|
|
•
|
changes in the anticipated future size and growth rate of our market;
|
52
|
•
|
rates of unemployment; and
|
|
•
|
general economic, regulatory, and market conditions, including economic recessions or slowdowns.
|
Broad market and industry fluctuations, as well as general economic, political, regulatory, and market conditions, may negatively impact the market price of our common stock. In addition, given the relatively small public float of shares of our common stock on The Nasdaq Global Select Market, or Nasdaq, the trading market for our shares may be subject to increased volatility. In the past, securities class action litigation has often been brought against a company following a decline in the market price of its securities. This risk is especially relevant for us, because companies reliant on technology solutions have experienced significant stock price volatility in recent years. If we face such litigation, it could result in substantial costs and a diversion of management’s attention and resources, which could harm our business.
As a result of being a public company, we are obligated to maintain proper and effective internal control over financial reporting and any failure to maintain the adequacy of these internal controls may negatively impact investor confidence in our company and, as a result, the value of our common stock.
We are subject to the reporting requirements of the Securities Exchange Act of 1934, as amended, or the Exchange Act, the Sarbanes-Oxley Act and the rules and regulations of The Nasdaq Global Select Market. In particular, we are required pursuant to Section 404 of the Sarbanes-Oxley Act to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting. This assessment will need to include disclosure of any material weaknesses identified by our management in our internal control over financial reporting. In addition, our independent registered public accounting firm will be required to attest to the effectiveness of our internal control over financial reporting in our first annual report required to be filed with the SEC following the date we are no longer an emerging growth company. We will cease to be an emerging growth company on the date that we become a “large accelerated filer” under the rules of the SEC, including when the market value of our outstanding common stock held by non-affiliates exceeds $700 million as of the previous June 30th. While we will not be deemed a large accelerated filer for 2021, if the market value of our outstanding common stock held by non-affiliates exceeds $700 million as of June 30, 2021, we will be deemed a large accelerated filer, and no longer an emerging growth company, starting on January 1, 2022. We have commenced but not yet completed the costly and challenging process of compiling the system and processing documentation necessary to perform the evaluation required under Section 404. We currently do not have an internal audit group, and we will need to hire additional accounting and financial staff with appropriate public company experience and technical accounting knowledge and compile the system and process documentation necessary to perform the evaluation needed to comply with Section 404. Any failure to maintain effective internal control over financial reporting could severely inhibit our ability to accurately report our financial condition or results of operations. If we are unable to conclude that our internal control over financial reporting is effective, or if our independent registered public accounting firm determines we have a material weakness in our internal control over financial reporting, we could lose investor confidence in the accuracy and completeness of our financial reports, the market price of our common stock could decline, we could be subject to sanctions or investigations by Nasdaq, the SEC or other regulatory authorities and our access to the capital markets could be restricted in the future.
We have identified material weaknesses in our internal control over financial reporting resulting from an ineffective risk assessment process, which led to improperly designed controls. A material weakness is a deficiency, or combination of deficiencies, in internal control over financial reporting such that there is a reasonable possibility that a material misstatement of a company’s annual or interim financial statements will not be prevented or detected on a timely basis. Specifically, as a result of the ineffective risk assessment, we identified the following material weaknesses in connection with the audit of our 2018 and 2019 financial statements as we did not effectively design, implement and maintain: (i) adequate controls over the accounting for significant and unusual transactions (ii) adequate controls to address segregation of duties and (iii) adequate controls over information technology general controls including the following: program change management, user access, computer operations controls and program development.
These IT deficiencies, when aggregated, could impact effective segregation of duties as well as the effectiveness of IT-dependent controls that could result in misstatements potentially impacting all financial statement accounts and disclosures that would not be prevented or detected. Accordingly, our management has determined these deficiencies in the aggregate constitute a material weakness.
In addition, the material weakness related to significant and unusual transactions resulted in a prior restatement of previously issued financial statements related primarily to the original accounting for the consolidation of the PCs and subsequent allocation of losses to noncontrolling interest. The material weaknesses related to segregation of duties and IT general controls did not result in any material misstatements of our financial statements or disclosures. Each of these material weaknesses could, however, result in a misstatement of account balances or disclosures that would result in a material misstatement to the annual or interim financial statements that would not be prevented or detected.
53
We are implementing measures designed to improve our internal control over financial reporting and remediate the control deficiencies contributed to the material weaknesses noted above. Specifically, we are designing and implementing controls related to (i) the preparation and review of accounting for significant and unusual transactions, (ii) implementing formal processes and controls to identify, monitor and mitigate segregation of duties conflicts and (iii) enhancing existing policies and implementing appropriate processes to strengthen our information technology general controls across the relevant IT domains (access to programs and data, program changes, computer operations and program development). We cannot assure you that the measures we are taking will be sufficient to avoid potential future material weaknesses. Accordingly, there could continue to be a possibility that a material misstatement of our financial statements would not be prevented or detected on a timely basis.
A significant portion of our total outstanding common stock may be sold into the market in the near future. This could cause the market price of our common stock to drop significantly, even if our business is doing well.
We, our directors (though not the entities with which certain of our directors are affiliated), our executive officers and the selling stockholders have entered into lock-up agreements in connection with our June 2020 secondary offering that for 90 days after the date of the secondary offering, subject to certain exceptions, such parties would not, directly or indirectly, dispose of any of our common stock or securities convertible into or exercisable or exchangeable for our common stock. However, following the expiration on July 28, 2020 of the lock-up agreements entered into in connection with our initial public offering, approximately 70.5 million shares of common stock became tradable in the public market, subject to the restrictions of Rule 144 in the case of shares held by entities affiliated with certain of our directors. In addition, certain of the lock-up agreements entered into permit our executive officers to sell shares of common stock pursuant to existing trading plans pursuant to Rule 10b5-1 under the Exchange Act following the public release of our financial results for the quarter ended June 30, 2020. Sales of a substantial number of shares of our common stock in the public market could occur at any time, subject to the restrictions and limitations described above. If our stockholders sell, or the market perceives that our stockholders intend to sell, substantial amounts of our common stock in the public market, the market price of our common stock could decline significantly.
In addition, we filed a registration statement on Form S-8 registering the issuance of approximately 47.7 million shares of common stock subject to options or other equity awards issued or reserved for future issuance under our equity incentive plans. Shares registered under this registration statement on Form S-8 will be available for sale in the public market subject to vesting arrangements and exercise of options, outstanding lock-up agreements and, in the case of our affiliates, the restrictions of Rule 144.
Certain holders of our common stock and warrants to purchase common stock, or their transferees, have rights, subject to some conditions, to require us to file one or more registration statements covering their shares or to include their shares in registration statements that we may file for ourselves or other stockholders. If we were to register the resale of these shares, they could be freely sold in the public market without limitation. If these additional shares are sold, or if it is perceived that they will be sold, in the public market, the trading price of our common stock could decline.
Concentration of ownership of our common stock among our executive officers, directors and principal stockholders may prevent new investors from influencing significant corporate decisions.
Certain stockholders, including our executive officers, directors and holders of greater than 5% of our common stock outstanding, including certain of the selling stockholders, will continue to own a substantial portion of our outstanding common stock. These stockholders, acting together, will be able to significantly influence all matters requiring stockholder approval, including the election and removal of directors and any merger or other significant corporate transactions. The interests of this group of stockholders may not coincide with the interests of other stockholders.
Anti-takeover provisions in our charter documents, under Delaware law and under the indenture governing our 2025 Notes could make an acquisition of our company more difficult, limit attempts by our stockholders to replace or remove our current management and limit the market price of our common stock.
Provisions in our amended and restated certificate of incorporation and amended and restated bylaws may have the effect of delaying or preventing a change of control or changes in our management. Our amended and restated certificate of incorporation and amended and restated bylaws include provisions that:
|
•
|
provide for a classified board of directors whose members serve staggered terms;
|
|
•
|
authorize our board of directors to issue, without further action by the stockholders, shares of undesignated preferred stock with terms, rights, and preferences determined by our board of directors that may be senior to our common stock;
|
54
|
•
|
require that any action to be taken by our stockholders be effected at a duly called annual or special meeting and not by written consent;
|
|
•
|
specify that special meetings of our stockholders can be called only by our board of directors, the chairperson of our board of directors, or our chief executive officer;
|
|
•
|
establish an advance notice procedure for stockholder proposals to be brought before an annual meeting, including proposed nominations of persons for election to our board of directors;
|
|
•
|
prohibit cumulative voting in the election of directors;
|
|
•
|
provide that our directors may be removed for cause only upon the vote of the holders of at least 662⁄3% of our outstanding shares of common stock;
|
|
•
|
provide that vacancies on our board of directors may be filled only by a majority of directors then in office, even though less than a quorum; and
|
|
•
|
require the approval of our board of directors or the holders of at least 662/3% of our outstanding shares of common stock to amend our bylaws and certain provisions of our certificate of incorporation.
|
These provisions may frustrate or prevent any attempts by our stockholders to replace or remove our current management by making it more difficult for stockholders to replace members of our board of directors, which is responsible for appointing the members of our management. In addition, because we are incorporated in Delaware, we are governed by the provisions of Section 203 of the Delaware General Corporation Law, which generally, subject to certain exceptions, prohibits a Delaware corporation from engaging in any of a broad range of business combinations with any “interested” stockholder for a period of three years following the date on which the stockholder became an “interested” stockholder. Furthermore, the indenture governing our 2025 Notes requires us to repurchase such notes for cash if we undergo certain fundamental changes and, in certain circumstances, to increase the conversion rate for a holder of our 2025 Notes. A takeover of us may trigger the requirement that we purchase our 2025 Notes and/or increase the conversion rate, which could make it more costly for a potential acquiror to engage in a business combination transaction with us. Any delay or prevention of a change of control transaction or changes in our management could cause the market price of our common stock to decline.
Our amended and restated certificate of incorporation provides that the Court of Chancery of the State of Delaware or, under certain circumstances, the federal district courts of the United States of America will be the exclusive forums for certain types of actions and proceedings that may be initiated by our stockholders, which could limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us or our directors, officers, employees or agents.
Our amended and restated certificate of incorporation provides that the Court of Chancery of the State of Delaware (or, if the Court of Chancery of the State of Delaware lacks subject matter jurisdiction, any state court located within the State of Delaware or, if all such state courts lack subject matter jurisdiction, the federal district court for the District of Delaware) is the sole and exclusive forum for the following types of actions or proceedings under Delaware statutory or common law for:
|
•
|
any derivative action or proceeding brought on our behalf;
|
|
•
|
any action asserting a breach of fiduciary duty;
|
|
•
|
any action arising pursuant to the Delaware General Corporation Law, our amended and restated certificate of incorporation, or our amended and restated bylaws; and
|
|
•
|
any action asserting a claim against us that is governed by the internal-affairs doctrine.
|
These provisions would not apply to suits brought to enforce a duty or liability created by the Exchange Act or any claim for which the federal district courts of the United States of America have exclusive jurisdiction. Furthermore, Section 22 of the Securities Act creates concurrent jurisdiction for federal and state courts over all such Securities Act actions. Accordingly, both state and federal courts have jurisdiction to entertain such claims.
Our stockholders cannot waive compliance with the federal securities laws and the rules and regulations thereunder. Any person or entity purchasing or otherwise acquiring any interest in shares of our capital stock will be deemed to have notice of, and consented to, the provisions of our amended and restated certificate of incorporation described in the preceding sentences.
55
To prevent having to litigate claims in multiple jurisdictions and the threat of inconsistent or contrary rulings by different courts, among other considerations, our amended and restated certificate of incorporation further provides that the federal district courts of the United States will be the exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act. While the Delaware courts have determined that such choice of forum provisions are facially valid, a stockholder may nevertheless seek to bring a claim in a venue other than those designated in the exclusive forum provisions. In such instance, we would expect to vigorously assert the validity and enforceability of the exclusive forum provisions of our amended and restated certificate of incorporation. This may require significant additional costs associated with resolving such action in other jurisdictions and there can be no assurance that the provisions will be enforced by a court in those other jurisdictions.
These exclusive forum provisions may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers, or other employees, which may discourage lawsuits against us and our directors, officers and other employees. If a court were to find either exclusive-forum provision in our amended and restated certificate of incorporation to be inapplicable or unenforceable in an action, we may incur further significant additional costs associated with resolving the dispute in other jurisdictions, all of which could harm our business.
Risks Related to our Outstanding Notes
Servicing our debt requires a significant amount of cash, and we may not have sufficient cash flow from our business to pay our substantial debt.
Our ability to make scheduled payments of the principal of, to pay interest on or to refinance our indebtedness, including the notes, depends on our future performance, which is subject to economic, financial, competitive and other factors beyond our control. Our business may not continue to generate cash flow from operations in the future sufficient to service our debt and make necessary capital expenditures. If we are unable to generate such cash flow, we may be required to adopt one or more alternatives, such as selling assets, restructuring debt or obtaining additional equity capital on terms that may be onerous or highly dilutive. Our ability to refinance our indebtedness will depend on the capital markets and our financial condition at such time. We may not be able to engage in any of these activities or engage in these activities on desirable terms, which could result in a default on our debt obligations.
Regulatory actions and other events may adversely impact the trading price and liquidity of the notes.
We expect that many investors in, and potential purchasers of, the notes will employ, or seek to employ, a convertible arbitrage strategy with respect to the notes. Investors would typically implement such a strategy by selling short the common stock underlying the notes and dynamically adjusting their short position while continuing to hold the notes. Investors may also implement this type of strategy by entering into swaps on our common stock in lieu of or in addition to short selling the common stock.
The SEC and other regulatory and self-regulatory authorities have implemented various rules and taken certain actions, and may in the future adopt additional rules and take other actions, that may impact those engaging in short selling activity involving equity securities (including our common stock). Such rules and actions include Rule 201 of SEC Regulation SHO, the adoption by the Financial Industry Regulatory Authority, Inc. and the national securities exchanges of a “Limit Up-Limit Down” program, the imposition of market-wide circuit breakers that halt trading of securities for certain periods following specific market declines, and the implementation of certain regulatory reforms required by the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010. Any governmental or regulatory action that restricts the ability of investors in, or potential purchasers of, the notes to effect short sales of our common stock, borrow our common stock or enter into swaps on our common stock could adversely impact the trading price and the liquidity of the notes.
We may not have the ability to raise the funds necessary to settle conversions of the 2025 Notes in cash or to repurchase the notes upon a fundamental change, and our future debt may contain limitations on our ability to pay cash upon conversion or repurchase of the 2025 Notes.
Subject to limited exceptions, holders of the 2025 Notes will have the right to require us to repurchase all or a portion of their 2025 Notes upon the occurrence of a fundamental change at a fundamental change repurchase price equal to 100% of the principal amount of the 2025 Notes to be repurchased, plus accrued and unpaid interest, if any, as described under Note 9 to our consolidated financial statements included elsewhere in this Quarterly Report on Form 10-Q. In addition, upon conversion of the 2025 Notes, unless we elect to deliver solely shares of our common stock to settle such conversion (other than paying cash in lieu of delivering any fractional share), we will be required to make cash payments in respect of the 2025 Notes being converted as described under Note 9 to our consolidated financial statements included elsewhere in this Quarterly Report on Form 10-Q. However, we may not have enough available cash or be able to obtain financing at the time we are required to make repurchases of 2025 Notes surrendered therefor or 2025 Notes being converted. In addition, our ability to repurchase the 2025 Notes or to pay cash upon conversions of the
56
2025 Notes may be limited by law, by regulatory authority or by agreements governing our existing or future indebtedness. Our failure to repurchase 2025 Notes at a time when the repurchase is required by the indenture or to pay any cash payable on future conversions of the 2025 Notes as required by the indenture would constitute a default under the indenture governing the 2025 Notes. A default under the indenture or the fundamental change itself could also lead to a default under agreements governing our existing or future indebtedness. If the repayment of the related indebtedness were to be accelerated after any applicable notice or grace periods, we may not have sufficient funds to repay the indebtedness and repurchase the 2025 Notes or make cash payments upon conversions thereof.
The conditional conversion feature of the 2025 Notes, if triggered, may adversely impact our financial condition and operating results.
In the event the conditional conversion feature of the 2025 Notes is triggered, holders of 2025 Notes will be entitled to convert the 2025 Notes at any time during specified periods at their option. If one or more holders elect to convert their 2025 Notes, unless we elect to satisfy our conversion obligation by delivering solely shares of our common stock (other than paying cash in lieu of delivering any fractional share), we would be required to settle a portion or all of our conversion obligation through the payment of cash, which could adversely impact our liquidity. In addition, even if holders do not elect to convert their 2025 Notes, we could be required under applicable accounting rules to reclassify all or a portion of the outstanding principal of the 2025 Notes as a current rather than long-term liability, which would result in a significant reduction of our net working capital.
The accounting method for convertible debt securities that may be settled in cash, such as the notes, could have a material effect on our reported financial results.
Under ASC Topic 470-20, “Debt with conversion and other options” (“ASC 470-20”), an entity must separately account for the liability and equity components of the convertible debt instruments (such as the notes) that may be settled entirely or partially in cash upon conversion in a manner that reflects the issuer’s economic interest cost. The effect of ASC 470-20 on the accounting for the notes is that the equity component is required to be included in the additional paid-in capital section of stockholders’ equity on our consolidated balance sheet at issuance, and the value of the equity component would be treated as original issue discount for purposes of accounting for the debt component of the notes. As a result, we will be required to record a greater amount of non-cash interest expense in current periods presented as a result of the amortization of the discounted carrying value of the notes to their face amount over the term of the notes. We will report larger net losses or lower net income in our financial results because ASC 470-20 will require interest to include both the current period’s amortization of the debt discount and the instrument’s non-convertible coupon interest rate, which could adversely impact our reported or future financial results, the trading price of our common stock and the trading price of the notes.
In addition, under certain circumstances, convertible debt instruments (such as the notes) that may be settled entirely or partly in cash are currently accounted for utilizing the treasury stock method for earnings per share purposes, the effect of which is that the shares issuable upon conversion of such notes are not included in the calculation of diluted earnings per share except to the extent that the conversion value of the notes exceeds their principal amount. Under the treasury stock method, for diluted earnings per share purposes, the transaction is accounted for as if the number of shares of common stock that would be necessary to settle such excess, if we elected to settle such excess in shares, are issued. We cannot be certain that the accounting standards in the future will continue to permit the use of the treasury stock method. If we are unable or otherwise elect not to use the treasury stock method in accounting for the shares issuable upon conversion of the notes, then the “if converted” method of accounting would be applied and accordingly, the full number of shares that could be issued would be included in the calculation of diluted earnings per share, which would negatively impact our diluted earnings per share. For example, the Financial Accounting Standards Board published an exposure draft proposing to amend the accounting standards to eliminate the treasury stock method for convertible instruments and instead require application of the “if-converted” method. Under that method, diluted earnings per share would generally be calculated assuming that all the notes were converted solely into shares of common stock at the beginning of the reporting period, unless the result would be anti-dilutive. The application of the “if-converted” method may reduce our reported diluted earnings (or further increase our diluted net loss, as the case may be) per share.
57