10-K 1 hcat-20231231.htm 10-K hcat-20231231
00016364222023FYfalsehttp://fasb.org/us-gaap/2023#AccountingStandardsUpdate202006MemberP3YP18MP1Y0.0326797P3MP18MP3Y00016364222023-01-012023-12-3100016364222023-06-30iso4217:USD00016364222024-02-15xbrli:shares00016364222023-12-3100016364222022-12-31iso4217:USDxbrli:shares0001636422hcat:TechnologyMember2023-01-012023-12-310001636422hcat:TechnologyMember2022-01-012022-12-310001636422hcat:TechnologyMember2021-01-012021-12-310001636422hcat:ProfessionalServicesMember2023-01-012023-12-310001636422hcat:ProfessionalServicesMember2022-01-012022-12-310001636422hcat:ProfessionalServicesMember2021-01-012021-12-3100016364222022-01-012022-12-3100016364222021-01-012021-12-310001636422us-gaap:CommonStockIncludingAdditionalPaidInCapitalMember2020-12-310001636422us-gaap:RetainedEarningsMember2020-12-310001636422us-gaap:AccumulatedOtherComprehensiveIncomeMember2020-12-3100016364222020-12-310001636422us-gaap:CommonStockIncludingAdditionalPaidInCapitalMember2021-01-012021-12-310001636422us-gaap:RetainedEarningsMember2021-01-012021-12-310001636422us-gaap:AccumulatedOtherComprehensiveIncomeMember2021-01-012021-12-310001636422us-gaap:CommonStockIncludingAdditionalPaidInCapitalMember2021-12-310001636422us-gaap:RetainedEarningsMember2021-12-310001636422us-gaap:AccumulatedOtherComprehensiveIncomeMember2021-12-3100016364222021-12-310001636422us-gaap:CommonStockIncludingAdditionalPaidInCapitalMemberus-gaap:AccountingStandardsUpdate202006Member2021-12-310001636422us-gaap:AccountingStandardsUpdate202006Memberus-gaap:RetainedEarningsMember2021-12-310001636422us-gaap:AccountingStandardsUpdate202006Member2021-12-310001636422us-gaap:CommonStockIncludingAdditionalPaidInCapitalMember2022-01-012022-12-310001636422us-gaap:RetainedEarningsMember2022-01-012022-12-310001636422us-gaap:AccumulatedOtherComprehensiveIncomeMember2022-01-012022-12-310001636422us-gaap:CommonStockIncludingAdditionalPaidInCapitalMember2022-12-310001636422us-gaap:RetainedEarningsMember2022-12-310001636422us-gaap:AccumulatedOtherComprehensiveIncomeMember2022-12-310001636422us-gaap:CommonStockIncludingAdditionalPaidInCapitalMember2023-01-012023-12-310001636422us-gaap:RetainedEarningsMember2023-01-012023-12-310001636422us-gaap:AccumulatedOtherComprehensiveIncomeMember2023-01-012023-12-310001636422us-gaap:CommonStockIncludingAdditionalPaidInCapitalMember2023-12-310001636422us-gaap:RetainedEarningsMember2023-12-310001636422us-gaap:AccumulatedOtherComprehensiveIncomeMember2023-12-31hcat:segment0001636422srt:MinimumMemberhcat:TechnologyAndProfessionalServicesMember2023-01-012023-12-310001636422srt:MaximumMember2023-01-012023-12-310001636422hcat:TechnologyAndProfessionalServicesMember2023-01-012023-12-310001636422srt:MinimumMemberus-gaap:ComputerEquipmentMember2023-12-310001636422us-gaap:ComputerEquipmentMembersrt:MaximumMember2023-12-310001636422srt:MinimumMemberus-gaap:FurnitureAndFixturesMember2023-12-310001636422us-gaap:FurnitureAndFixturesMembersrt:MaximumMember2023-12-310001636422srt:MinimumMemberus-gaap:SoftwareAndSoftwareDevelopmentCostsMember2023-12-310001636422us-gaap:SoftwareAndSoftwareDevelopmentCostsMembersrt:MaximumMember2023-12-310001636422srt:MinimumMemberus-gaap:SoftwareDevelopmentMember2023-12-310001636422us-gaap:SoftwareDevelopmentMembersrt:MaximumMember2023-12-310001636422srt:MinimumMemberus-gaap:DevelopedTechnologyRightsMember2023-12-310001636422srt:MaximumMemberus-gaap:DevelopedTechnologyRightsMember2023-12-310001636422srt:MinimumMemberhcat:ClientRelationshipsAndContractsMember2023-12-310001636422hcat:ClientRelationshipsAndContractsMembersrt:MaximumMember2023-12-310001636422srt:MinimumMemberus-gaap:ComputerSoftwareIntangibleAssetMember2023-12-310001636422us-gaap:ComputerSoftwareIntangibleAssetMembersrt:MaximumMember2023-12-310001636422srt:MinimumMemberus-gaap:TrademarksMember2023-12-310001636422us-gaap:TrademarksMembersrt:MaximumMember2023-12-310001636422us-gaap:AccountsReceivableMemberus-gaap:CustomerConcentrationRiskMemberhcat:OneClientMember2022-01-012022-12-31xbrli:pure0001636422hcat:ERSCorporationMember2023-10-022023-10-020001636422hcat:ERSCorporationMember2023-10-020001636422us-gaap:RestrictedStockMemberhcat:ERSCorporationMember2023-10-022023-10-020001636422us-gaap:CustomerRelationshipsMemberhcat:ERSCorporationMember2023-10-020001636422hcat:ERSCorporationMemberus-gaap:DevelopedTechnologyRightsMember2023-10-020001636422us-gaap:TrademarksMemberhcat:ERSCorporationMember2023-10-020001636422hcat:ARMUSCorporationMember2022-04-292022-04-290001636422hcat:ARMUSCorporationMember2022-04-290001636422hcat:ARMUSCorporationMemberus-gaap:RestrictedStockMember2022-04-292022-04-290001636422hcat:ARMUSCorporationMemberus-gaap:DevelopedTechnologyRightsMember2022-04-290001636422hcat:ARMUSCorporationMemberus-gaap:CustomerRelationshipsMember2022-04-290001636422us-gaap:TrademarksMemberhcat:ARMUSCorporationMember2022-04-290001636422hcat:ARMUSCorporationMember2023-01-012023-12-310001636422hcat:ARMUSCorporationMember2022-01-012022-12-310001636422hcat:ARMUSCorporationMember2023-12-310001636422hcat:ARMUSCorporationMemberus-gaap:RestrictedStockMember2023-01-012023-12-310001636422hcat:KPINinjaMember2022-02-242022-02-240001636422hcat:KPINinjaMember2022-02-240001636422us-gaap:RestrictedStockMemberhcat:KPINinjaMember2022-02-242022-02-240001636422hcat:KPINinjaMemberus-gaap:DevelopedTechnologyRightsMember2022-02-240001636422us-gaap:CustomerRelationshipsMemberhcat:KPINinjaMember2022-02-240001636422us-gaap:TrademarksMemberhcat:KPINinjaMember2022-02-240001636422hcat:KPINinjaMember2023-01-012023-12-310001636422hcat:KPINinjaMember2022-01-012022-12-310001636422hcat:KPINinjaMember2023-12-310001636422hcat:TwistleIncMember2021-07-012021-07-010001636422hcat:TwistleIncMember2021-07-010001636422hcat:RevenueBasedEarnOutPerformanceTargetsMemberhcat:TwistleIncMember2022-07-012022-09-300001636422us-gaap:RestrictedStockMemberhcat:TwistleIncMember2021-07-012021-07-010001636422srt:MinimumMemberhcat:TwistleIncMember2021-07-012021-07-010001636422hcat:TwistleIncMembersrt:MaximumMember2021-07-012021-07-010001636422hcat:TwistleIncMemberus-gaap:DevelopedTechnologyRightsMember2021-07-010001636422us-gaap:CustomerRelationshipsMemberhcat:TwistleIncMember2021-07-010001636422us-gaap:TrademarksMemberhcat:TwistleIncMember2021-07-010001636422hcat:RecurringTechnologyMember2023-01-012023-12-310001636422hcat:RecurringTechnologyMember2022-01-012022-12-310001636422hcat:RecurringTechnologyMember2021-01-012021-12-310001636422hcat:OnetimeTechnologyMember2023-01-012023-12-310001636422hcat:OnetimeTechnologyMember2022-01-012022-12-310001636422hcat:OnetimeTechnologyMember2021-01-012021-12-310001636422us-gaap:GeographicConcentrationRiskMemberus-gaap:RevenueFromContractWithCustomerMembercountry:US2023-01-012023-12-310001636422us-gaap:GeographicConcentrationRiskMemberus-gaap:RevenueFromContractWithCustomerMembercountry:US2022-01-012022-12-310001636422us-gaap:GeographicConcentrationRiskMemberus-gaap:RevenueFromContractWithCustomerMembercountry:US2021-01-012021-12-310001636422hcat:TechnologyMember2023-12-310001636422hcat:TechnologyMember2022-12-310001636422hcat:ProfessionalServicesMember2023-12-310001636422hcat:ProfessionalServicesMember2022-12-310001636422us-gaap:DevelopedTechnologyRightsMember2023-12-310001636422hcat:ClientRelationshipsAndContractsMember2023-12-310001636422us-gaap:ComputerSoftwareIntangibleAssetMember2023-12-310001636422us-gaap:TrademarksMember2023-12-310001636422us-gaap:DevelopedTechnologyRightsMember2022-12-310001636422hcat:ClientRelationshipsAndContractsMember2022-12-310001636422us-gaap:ComputerSoftwareIntangibleAssetMember2022-12-310001636422us-gaap:TrademarksMember2022-12-310001636422us-gaap:ComputerEquipmentMember2023-12-310001636422us-gaap:ComputerEquipmentMember2022-12-310001636422us-gaap:LeaseholdImprovementsMember2023-12-310001636422us-gaap:LeaseholdImprovementsMember2022-12-310001636422us-gaap:FurnitureAndFixturesMember2023-12-310001636422us-gaap:FurnitureAndFixturesMember2022-12-310001636422us-gaap:SoftwareDevelopmentMember2023-12-310001636422us-gaap:SoftwareDevelopmentMember2022-12-310001636422us-gaap:SoftwareAndSoftwareDevelopmentCostsMember2023-12-310001636422us-gaap:SoftwareAndSoftwareDevelopmentCostsMember2022-12-310001636422hcat:LeaseholdImprovementsAndFurnitureAndFixturesMember2023-01-012023-12-310001636422hcat:LeaseholdImprovementsAndFurnitureAndFixturesMember2022-01-012022-12-310001636422hcat:LeaseholdImprovementsAndFurnitureAndFixturesMember2021-01-012021-12-310001636422hcat:A2023RestructuringPlanMember2023-01-012023-12-310001636422hcat:A2023RestructuringPlanMember2022-01-012022-12-310001636422us-gaap:MoneyMarketFundsMember2023-12-310001636422us-gaap:CashEquivalentsMemberus-gaap:MoneyMarketFundsMember2023-12-310001636422us-gaap:MoneyMarketFundsMemberhcat:ShortTermMarketableSecurityMember2023-12-310001636422us-gaap:USTreasurySecuritiesMember2023-12-310001636422us-gaap:USTreasurySecuritiesMemberus-gaap:CashEquivalentsMember2023-12-310001636422us-gaap:USTreasurySecuritiesMemberhcat:ShortTermMarketableSecurityMember2023-12-310001636422us-gaap:CommercialPaperMember2023-12-310001636422us-gaap:CommercialPaperMemberus-gaap:CashEquivalentsMember2023-12-310001636422us-gaap:CommercialPaperMemberhcat:ShortTermMarketableSecurityMember2023-12-310001636422us-gaap:CorporateBondSecuritiesMember2023-12-310001636422us-gaap:CashEquivalentsMemberus-gaap:CorporateBondSecuritiesMember2023-12-310001636422us-gaap:CorporateBondSecuritiesMemberhcat:ShortTermMarketableSecurityMember2023-12-310001636422us-gaap:USGovernmentAgenciesDebtSecuritiesMember2023-12-310001636422us-gaap:USGovernmentAgenciesDebtSecuritiesMemberus-gaap:CashEquivalentsMember2023-12-310001636422us-gaap:USGovernmentAgenciesDebtSecuritiesMemberhcat:ShortTermMarketableSecurityMember2023-12-310001636422us-gaap:CashEquivalentsMember2023-12-310001636422hcat:ShortTermMarketableSecurityMember2023-12-310001636422us-gaap:MoneyMarketFundsMember2022-12-310001636422us-gaap:CashEquivalentsMemberus-gaap:MoneyMarketFundsMember2022-12-310001636422us-gaap:MoneyMarketFundsMemberhcat:ShortTermMarketableSecurityMember2022-12-310001636422us-gaap:USTreasurySecuritiesMember2022-12-310001636422us-gaap:USTreasurySecuritiesMemberus-gaap:CashEquivalentsMember2022-12-310001636422us-gaap:USTreasurySecuritiesMemberhcat:ShortTermMarketableSecurityMember2022-12-310001636422us-gaap:CommercialPaperMember2022-12-310001636422us-gaap:CommercialPaperMemberus-gaap:CashEquivalentsMember2022-12-310001636422us-gaap:CommercialPaperMemberhcat:ShortTermMarketableSecurityMember2022-12-310001636422us-gaap:CorporateBondSecuritiesMember2022-12-310001636422us-gaap:CashEquivalentsMemberus-gaap:CorporateBondSecuritiesMember2022-12-310001636422us-gaap:CorporateBondSecuritiesMemberhcat:ShortTermMarketableSecurityMember2022-12-310001636422us-gaap:USGovernmentAgenciesDebtSecuritiesMember2022-12-310001636422us-gaap:USGovernmentAgenciesDebtSecuritiesMemberus-gaap:CashEquivalentsMember2022-12-310001636422us-gaap:USGovernmentAgenciesDebtSecuritiesMemberhcat:ShortTermMarketableSecurityMember2022-12-310001636422us-gaap:CashEquivalentsMember2022-12-310001636422hcat:ShortTermMarketableSecurityMember2022-12-310001636422us-gaap:FairValueMeasurementsRecurringMemberus-gaap:MoneyMarketFundsMemberus-gaap:FairValueInputsLevel1Member2023-12-310001636422us-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:MoneyMarketFundsMember2023-12-310001636422us-gaap:FairValueInputsLevel3Memberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:MoneyMarketFundsMember2023-12-310001636422us-gaap:FairValueMeasurementsRecurringMemberus-gaap:MoneyMarketFundsMember2023-12-310001636422us-gaap:USTreasurySecuritiesMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel1Member2023-12-310001636422us-gaap:USTreasurySecuritiesMemberus-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2023-12-310001636422us-gaap:FairValueInputsLevel3Memberus-gaap:USTreasurySecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2023-12-310001636422us-gaap:USTreasurySecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2023-12-310001636422us-gaap:CommercialPaperMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel1Member2023-12-310001636422us-gaap:CommercialPaperMemberus-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2023-12-310001636422us-gaap:FairValueInputsLevel3Memberus-gaap:CommercialPaperMemberus-gaap:FairValueMeasurementsRecurringMember2023-12-310001636422us-gaap:CommercialPaperMemberus-gaap:FairValueMeasurementsRecurringMember2023-12-310001636422us-gaap:CorporateBondSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel1Member2023-12-310001636422us-gaap:FairValueInputsLevel2Memberus-gaap:CorporateBondSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2023-12-310001636422us-gaap:FairValueInputsLevel3Memberus-gaap:CorporateBondSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2023-12-310001636422us-gaap:CorporateBondSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2023-12-310001636422us-gaap:USGovernmentAgenciesDebtSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel1Member2023-12-310001636422us-gaap:USGovernmentAgenciesDebtSecuritiesMemberus-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2023-12-310001636422us-gaap:FairValueInputsLevel3Memberus-gaap:USGovernmentAgenciesDebtSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2023-12-310001636422us-gaap:USGovernmentAgenciesDebtSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2023-12-310001636422us-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel1Member2023-12-310001636422us-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2023-12-310001636422us-gaap:FairValueInputsLevel3Memberus-gaap:FairValueMeasurementsRecurringMember2023-12-310001636422us-gaap:FairValueMeasurementsRecurringMember2023-12-310001636422us-gaap:FairValueMeasurementsRecurringMemberus-gaap:MoneyMarketFundsMemberus-gaap:FairValueInputsLevel1Member2022-12-310001636422us-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:MoneyMarketFundsMember2022-12-310001636422us-gaap:FairValueInputsLevel3Memberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:MoneyMarketFundsMember2022-12-310001636422us-gaap:FairValueMeasurementsRecurringMemberus-gaap:MoneyMarketFundsMember2022-12-310001636422us-gaap:USTreasurySecuritiesMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel1Member2022-12-310001636422us-gaap:USTreasurySecuritiesMemberus-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2022-12-310001636422us-gaap:FairValueInputsLevel3Memberus-gaap:USTreasurySecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2022-12-310001636422us-gaap:USTreasurySecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2022-12-310001636422us-gaap:CommercialPaperMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel1Member2022-12-310001636422us-gaap:CommercialPaperMemberus-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2022-12-310001636422us-gaap:FairValueInputsLevel3Memberus-gaap:CommercialPaperMemberus-gaap:FairValueMeasurementsRecurringMember2022-12-310001636422us-gaap:CommercialPaperMemberus-gaap:FairValueMeasurementsRecurringMember2022-12-310001636422us-gaap:CorporateBondSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel1Member2022-12-310001636422us-gaap:FairValueInputsLevel2Memberus-gaap:CorporateBondSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2022-12-310001636422us-gaap:FairValueInputsLevel3Memberus-gaap:CorporateBondSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2022-12-310001636422us-gaap:CorporateBondSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2022-12-310001636422us-gaap:USGovernmentAgenciesDebtSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel1Member2022-12-310001636422us-gaap:USGovernmentAgenciesDebtSecuritiesMemberus-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2022-12-310001636422us-gaap:FairValueInputsLevel3Memberus-gaap:USGovernmentAgenciesDebtSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2022-12-310001636422us-gaap:USGovernmentAgenciesDebtSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2022-12-310001636422us-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel1Member2022-12-310001636422us-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2022-12-310001636422us-gaap:FairValueInputsLevel3Memberus-gaap:FairValueMeasurementsRecurringMember2022-12-310001636422us-gaap:FairValueMeasurementsRecurringMember2022-12-310001636422hcat:SeniorNotesDue2025Memberus-gaap:ConvertibleNotesPayableMember2023-12-310001636422hcat:HealthfinchIncMemberhcat:RevenueBasedEarnOutPerformanceTargetsMember2021-07-012021-09-300001636422hcat:HealthfinchIncMemberhcat:RevenueBasedEarnOutPerformanceTargetsMember2022-01-012022-03-310001636422hcat:TwistleIncMember2023-12-310001636422hcat:RightOfUseAssetsLeaseholdImprovementsAndFurnitureAndFixturesMember2023-01-012023-12-310001636422hcat:RightOfUseAssetsLeaseholdImprovementsAndFurnitureAndFixturesMember2022-01-012022-12-310001636422hcat:RightOfUseAssetsLeaseholdImprovementsAndFurnitureAndFixturesMember2021-01-012021-12-310001636422srt:MinimumMember2023-12-310001636422srt:MaximumMember2023-12-310001636422hcat:CorporateHeadquartersMember2020-12-31utr:sqft0001636422hcat:CorporateHeadquartersMember2023-12-310001636422srt:MinimumMember2023-01-012023-12-310001636422hcat:RightOfUseAssetMember2023-01-012023-12-310001636422hcat:RightOfUseAssetMember2022-01-012022-12-310001636422hcat:RightOfUseAssetMember2021-01-012021-12-310001636422hcat:LongTermLeasesWithTermsOfGreaterThan12MonthsMember2023-01-012023-12-310001636422hcat:LongTermLeasesWithTermsOfGreaterThan12MonthsMember2022-01-012022-12-310001636422hcat:LongTermLeasesWithTermsOfGreaterThan12MonthsMember2021-01-012021-12-310001636422hcat:ShortTermLeasesWithTermsOf12MonthsOrLessMember2023-01-012023-12-310001636422hcat:ShortTermLeasesWithTermsOf12MonthsOrLessMember2022-01-012022-12-310001636422hcat:ShortTermLeasesWithTermsOf12MonthsOrLessMember2021-01-012021-12-310001636422hcat:SeniorNotesDue2025Memberus-gaap:ConvertibleNotesPayableMember2020-04-140001636422hcat:SeniorNotesDue2025Memberus-gaap:ConvertibleNotesPayableMember2020-04-142020-04-14hcat:day00016364222020-04-140001636422hcat:SeniorNotesDue2025Memberhcat:DebtInstrumentConvertibleSalePriceOfStockThresholdMemberus-gaap:ConvertibleNotesPayableMember2020-04-142020-04-140001636422hcat:SeniorNotesDue2025Memberus-gaap:ConvertibleNotesPayableMember2023-01-012023-12-310001636422hcat:SeniorNotesDue2025Memberus-gaap:ConvertibleNotesPayableMember2022-01-012022-12-310001636422hcat:SeniorNotesDue2025Memberus-gaap:ConvertibleNotesPayableMember2021-01-012021-12-310001636422hcat:CappedCallMemberus-gaap:CashFlowHedgingMemberus-gaap:DesignatedAsHedgingInstrumentMember2020-04-092020-04-090001636422hcat:CappedCallMemberus-gaap:CashFlowHedgingMemberus-gaap:DesignatedAsHedgingInstrumentMember2020-04-08iso4217:USDhcat:instrument0001636422hcat:A2023RestructuringPlanMemberhcat:TechnologyMember2023-01-012023-12-310001636422hcat:A2023RestructuringPlanMemberhcat:ProfessionalServiceExpenseMember2023-01-012023-12-310001636422hcat:A2023RestructuringPlanMemberus-gaap:SellingAndMarketingExpenseMember2023-01-012023-12-310001636422hcat:A2023RestructuringPlanMemberus-gaap:ResearchAndDevelopmentExpenseMember2023-01-012023-12-310001636422hcat:A2023RestructuringPlanMemberus-gaap:GeneralAndAdministrativeExpenseMember2023-01-012023-12-310001636422hcat:A2023RestructuringPlanMemberhcat:SeveranceAndOtherTeamMemberCostsMember2022-12-310001636422hcat:A2023RestructuringPlanMemberhcat:SeveranceAndOtherTeamMemberCostsMember2023-01-012023-12-310001636422hcat:A2023RestructuringPlanMemberhcat:SeveranceAndOtherTeamMemberCostsMember2023-12-310001636422srt:MinimumMemberhcat:A2023RestructuringPlanMember2023-01-012023-12-310001636422hcat:A2023RestructuringPlanMembersrt:MaximumMember2023-01-012023-12-310001636422hcat:A2023RestructuringPlanMember2023-12-310001636422hcat:A2022RestructuringPlanMemberhcat:TechnologyMember2023-01-012023-12-310001636422hcat:ProfessionalServiceExpenseMemberhcat:A2022RestructuringPlanMember2023-01-012023-12-310001636422us-gaap:SellingAndMarketingExpenseMemberhcat:A2022RestructuringPlanMember2023-01-012023-12-310001636422hcat:A2022RestructuringPlanMemberus-gaap:ResearchAndDevelopmentExpenseMember2023-01-012023-12-310001636422hcat:A2022RestructuringPlanMemberus-gaap:GeneralAndAdministrativeExpenseMember2023-01-012023-12-310001636422hcat:A2022RestructuringPlanMember2023-01-012023-12-310001636422hcat:A2022RestructuringPlanMemberhcat:TechnologyMember2022-01-012022-12-310001636422hcat:ProfessionalServiceExpenseMemberhcat:A2022RestructuringPlanMember2022-01-012022-12-310001636422us-gaap:SellingAndMarketingExpenseMemberhcat:A2022RestructuringPlanMember2022-01-012022-12-310001636422hcat:A2022RestructuringPlanMemberus-gaap:ResearchAndDevelopmentExpenseMember2022-01-012022-12-310001636422hcat:A2022RestructuringPlanMemberus-gaap:GeneralAndAdministrativeExpenseMember2022-01-012022-12-310001636422hcat:A2022RestructuringPlanMember2022-01-012022-12-310001636422hcat:A2022RestructuringPlanMemberhcat:SeveranceAndOtherTeamMemberCostsMember2021-12-310001636422hcat:A2022RestructuringPlanMemberhcat:SeveranceAndOtherTeamMemberCostsMember2022-01-012022-12-310001636422hcat:A2022RestructuringPlanMemberhcat:SeveranceAndOtherTeamMemberCostsMember2022-12-310001636422hcat:A2022RestructuringPlanMemberhcat:SeveranceAndOtherTeamMemberCostsMember2023-01-012023-12-310001636422hcat:A2022RestructuringPlanMemberhcat:SeveranceAndOtherTeamMemberCostsMember2023-12-310001636422hcat:VitalwareLLCMemberhcat:AbleHealthInc.Member2023-12-310001636422hcat:VitalwareLLCMemberhcat:AbleHealthInc.Member2022-12-31hcat:vote0001636422hcat:ShareRepurchasePlanMember2022-08-020001636422hcat:ShareRepurchasePlanMember2023-01-012023-12-310001636422hcat:ShareRepurchasePlanMember2023-12-310001636422hcat:SecondaryOfferingMember2021-08-012021-08-310001636422us-gaap:OverAllotmentOptionMember2021-08-012021-08-310001636422hcat:SecondaryOfferingMember2021-08-310001636422us-gaap:EmployeeStockOptionMember2023-01-012023-12-310001636422us-gaap:EmployeeStockOptionMember2022-01-012022-12-310001636422us-gaap:EmployeeStockOptionMember2021-01-012021-12-310001636422us-gaap:RestrictedStockUnitsRSUMember2023-01-012023-12-310001636422us-gaap:RestrictedStockUnitsRSUMember2022-01-012022-12-310001636422us-gaap:RestrictedStockUnitsRSUMember2021-01-012021-12-310001636422us-gaap:PhantomShareUnitsPSUsMember2023-01-012023-12-310001636422us-gaap:PhantomShareUnitsPSUsMember2022-01-012022-12-310001636422us-gaap:PhantomShareUnitsPSUsMember2021-01-012021-12-310001636422us-gaap:SeniorNotesMember2023-01-012023-12-310001636422us-gaap:SeniorNotesMember2022-01-012022-12-310001636422us-gaap:SeniorNotesMember2021-01-012021-12-310001636422hcat:ContingentConsiderationMember2023-01-012023-12-310001636422hcat:ContingentConsiderationMember2022-01-012022-12-310001636422hcat:ContingentConsiderationMember2021-01-012021-12-310001636422us-gaap:RestrictedStockMember2023-01-012023-12-310001636422us-gaap:RestrictedStockMember2022-01-012022-12-310001636422us-gaap:RestrictedStockMember2021-01-012021-12-310001636422hcat:StockIncentivePlan2011Member2023-12-310001636422hcat:StockIncentivePlan2019Member2023-12-310001636422hcat:StockIncentivePlan2011Member2023-01-012023-12-310001636422hcat:StockIncentivePlan2019Member2023-01-010001636422hcat:StockIncentivePlanMember2023-12-310001636422hcat:StockIncentivePlanMember2022-12-310001636422hcat:StockIncentivePlanMember2021-12-310001636422us-gaap:EmployeeStockOptionMember2023-01-012023-12-310001636422us-gaap:EmployeeStockOptionMember2022-01-012022-12-310001636422us-gaap:EmployeeStockOptionMember2021-01-012021-12-310001636422us-gaap:RestrictedStockUnitsRSUMember2023-01-012023-12-310001636422us-gaap:RestrictedStockUnitsRSUMember2022-01-012022-12-310001636422us-gaap:RestrictedStockUnitsRSUMember2021-01-012021-12-310001636422us-gaap:PhantomShareUnitsPSUsMember2023-01-012023-12-310001636422us-gaap:PhantomShareUnitsPSUsMember2022-01-012022-12-310001636422us-gaap:PhantomShareUnitsPSUsMember2021-01-012021-12-310001636422us-gaap:EmployeeStockMember2023-01-012023-12-310001636422us-gaap:EmployeeStockMember2022-01-012022-12-310001636422us-gaap:EmployeeStockMember2021-01-012021-12-310001636422us-gaap:RestrictedStockMember2023-01-012023-12-310001636422us-gaap:RestrictedStockMember2022-01-012022-12-310001636422us-gaap:RestrictedStockMember2021-01-012021-12-310001636422us-gaap:CostOfSalesMember2023-01-012023-12-310001636422us-gaap:CostOfSalesMember2022-01-012022-12-310001636422us-gaap:CostOfSalesMember2021-01-012021-12-310001636422us-gaap:SellingAndMarketingExpenseMember2023-01-012023-12-310001636422us-gaap:SellingAndMarketingExpenseMember2022-01-012022-12-310001636422us-gaap:SellingAndMarketingExpenseMember2021-01-012021-12-310001636422us-gaap:ResearchAndDevelopmentExpenseMember2023-01-012023-12-310001636422us-gaap:ResearchAndDevelopmentExpenseMember2022-01-012022-12-310001636422us-gaap:ResearchAndDevelopmentExpenseMember2021-01-012021-12-310001636422us-gaap:GeneralAndAdministrativeExpenseMember2023-01-012023-12-310001636422us-gaap:GeneralAndAdministrativeExpenseMember2022-01-012022-12-310001636422us-gaap:GeneralAndAdministrativeExpenseMember2021-01-012021-12-310001636422us-gaap:RestrictedStockUnitsRSUMemberus-gaap:ShareBasedCompensationAwardTrancheOneMember2023-01-012023-12-310001636422us-gaap:RestrictedStockUnitsRSUMember2022-12-310001636422us-gaap:RestrictedStockUnitsRSUMember2023-12-310001636422srt:MinimumMemberus-gaap:PhantomShareUnitsPSUsMember2022-01-012022-12-310001636422us-gaap:PhantomShareUnitsPSUsMemberus-gaap:ShareBasedCompensationAwardTrancheOneMember2023-01-012023-12-310001636422us-gaap:PhantomShareUnitsPSUsMemberus-gaap:ShareBasedCompensationAwardTrancheThreeMember2023-01-012023-12-310001636422us-gaap:PhantomShareUnitsPSUsMemberus-gaap:ShareBasedCompensationAwardTrancheTwoMember2023-01-012023-12-310001636422srt:MinimumMemberus-gaap:PhantomShareUnitsPSUsMember2023-01-012023-12-310001636422us-gaap:PhantomShareUnitsPSUsMembersrt:MaximumMember2023-01-012023-12-310001636422us-gaap:PhantomShareUnitsPSUsMember2022-12-310001636422us-gaap:PhantomShareUnitsPSUsMember2023-12-310001636422us-gaap:EmployeeStockMember2019-07-310001636422us-gaap:EmployeeStockMember2019-07-012019-07-310001636422us-gaap:EmployeeStockMember2023-01-010001636422us-gaap:EmployeeStockMember2023-12-310001636422us-gaap:RestrictedStockMemberhcat:AbleHealthInc.Member2020-02-212020-02-210001636422hcat:VitalwareLLCMemberus-gaap:RestrictedStockMember2020-09-012020-09-010001636422hcat:VitalwareLLCMemberus-gaap:RestrictedStockMemberus-gaap:ShareBasedCompensationAwardTrancheOneMember2020-09-012020-09-010001636422srt:MinimumMemberus-gaap:RestrictedStockMemberhcat:TwistleIncMember2021-07-012021-07-010001636422us-gaap:RestrictedStockMemberhcat:TwistleIncMembersrt:MaximumMember2021-07-012021-07-010001636422us-gaap:RestrictedStockMember2023-12-310001636422us-gaap:DomesticCountryMember2023-12-310001636422us-gaap:StateAndLocalJurisdictionMember2023-12-310001636422us-gaap:ResearchMemberus-gaap:DomesticCountryMember2023-12-310001636422us-gaap:StateAndLocalJurisdictionMemberus-gaap:ResearchMember2023-12-310001636422us-gaap:ResearchMember2023-12-310001636422us-gaap:SettledLitigationMember2023-06-152023-06-150001636422hcat:TechnologyAndProfessionalServicesMembersrt:MaximumMember2023-01-012023-12-3100016364222024-01-012023-12-3100016364222025-01-012023-12-310001636422us-gaap:RelatedPartyMember2023-01-012023-12-310001636422us-gaap:RelatedPartyMember2023-12-310001636422us-gaap:RelatedPartyMember2021-01-012021-12-310001636422hcat:TechnologyMember2023-01-012023-12-310001636422hcat:TechnologyMember2022-01-012022-12-310001636422hcat:TechnologyMember2021-01-012021-12-310001636422hcat:ProfessionalServicesMember2023-01-012023-12-310001636422hcat:ProfessionalServicesMember2022-01-012022-12-310001636422hcat:ProfessionalServicesMember2021-01-012021-12-310001636422us-gaap:OperatingSegmentsMemberhcat:TechnologyMember2023-01-012023-12-310001636422us-gaap:OperatingSegmentsMemberhcat:TechnologyMember2022-01-012022-12-310001636422us-gaap:OperatingSegmentsMemberhcat:TechnologyMember2021-01-012021-12-310001636422us-gaap:OperatingSegmentsMemberhcat:ProfessionalServicesMember2023-01-012023-12-310001636422us-gaap:OperatingSegmentsMemberhcat:ProfessionalServicesMember2022-01-012022-12-310001636422us-gaap:OperatingSegmentsMemberhcat:ProfessionalServicesMember2021-01-012021-12-310001636422us-gaap:OperatingSegmentsMember2023-01-012023-12-310001636422us-gaap:OperatingSegmentsMember2022-01-012022-12-310001636422us-gaap:OperatingSegmentsMember2021-01-012021-12-310001636422us-gaap:MaterialReconcilingItemsMember2023-01-012023-12-310001636422us-gaap:MaterialReconcilingItemsMember2022-01-012022-12-310001636422us-gaap:MaterialReconcilingItemsMember2021-01-012021-12-31
UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
_______________
Form 10-K
_______________
(Mark One)
   ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the fiscal year ended December 31, 2023
or
  TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the transition period from _____ to _____
Commission File Number: 001-38993
HEALTH CATALYST, INC.
(Exact name of registrant as specified in its charter)
_______________
Delaware
45-3337483
(State or other jurisdiction of
incorporation or organization)
(I.R.S. Employer
Identification Number)
10897 South River Front Parkway #300
South Jordan, UT 84095
(801) 708-6800
(Address, including zip code, and telephone number, including area code, of registrant’s principal executive offices)
_______________
Securities registered pursuant to Section 12(b) of the Act:    
Title of each class
Trading Symbol(s)
Name of exchange on which registered
Common Stock, par value $0.001 per share
HCAT
The Nasdaq Global Select Market

Securities registered pursuant to Section 12(g) of the Act: None
Indicate by check mark if the Registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes No ý
Indicate by check mark if the Registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act. Yes No ý
Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ý No
Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes No
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company” and “emerging growth company” in Rule 12b-2 of the Exchange Act.
Large accelerated filer
Accelerated Filer
Emerging growth company
Non-accelerated Filer
Smaller reporting company

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act.
Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report.
If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the registrant included in the filing reflect correction of an error to previously issued financial statements.

Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant’s executive officers during the relevant recovery period pursuant to §240.10D-1(b).

Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). Yes No
The aggregate market value of the common stock held by non-affiliates of the registrant as of June 30, 2023, the last business day of the registrant’s most recently completed second fiscal quarter, was approximately $688.2 million based on the closing price of a share of common stock on June 30, 2023 as reported by the Nasdaq Global Select Market, or Nasdaq, for such date.
As of February 15, 2024, the Registrant had 58,563,005 shares of common stock outstanding.
DOCUMENTS INCORPORATED BY REFERENCE
Part III incorporates information by reference from the registrant’s definitive proxy statement to be filed with the Securities and Exchange Commission pursuant to Regulation 14A, not later than 120 days after the end of the fiscal year covered by this Annual Report on Form 10-K, in connection with the registrant’s 2024 Annual Meeting of Stockholders.
_______________


HEALTH CATALYST, INC.
Annual Report on Form 10-K
For the Year Ended December 31, 2023
Table of Contents
Page
In this Annual Report on Form 10-K, unless expressly indicated or the context otherwise requires, references to “we,” “our,” “us,” “Health Catalyst,” “the Company,” and similar references refer to Health Catalyst, Inc. and its consolidated subsidiaries.
2

PART I
Special Note Regarding Forward-Looking Statements
As used in this Annual Report on Form 10-K, unless expressly indicated or the context otherwise requires, references to “Health Catalyst,” “we,” “us,” “our,” “the Company,” and similar references refer to Health Catalyst, Inc. and its consolidated subsidiaries. This Annual Report on Form 10-K, including the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” includes forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended (the Securities Act), and Section 21E of the Securities Exchange Act of 1934, as amended (the Exchange Act). Forward-looking statements are only predictions based on our management’s beliefs and assumptions and on information currently available to our management. All statements other than statements of historical facts are “forward-looking statements” for purposes of these provisions. These forward-looking statements, which are subject to a number of risks, uncertainties, and assumptions, generally relate to future events or our future financial or operating performance. In some cases, you can identify these statements by forward-looking words such as “believe,” “may,” “will,” “estimate,” “continue,” “anticipate,” “design,” “intend,” “expect,” “could,” “plan,” “potential,” “predict,” “seek,” “should,” “would,” “target,” “project,” or “contemplate,” the negative of terms like these or other comparable terminology, and other words or terms of similar meaning in connection with any discussion of expectations, projections, plans, strategy, intentions, or future results of operations or financial performance. Forward-looking statements contained in this Annual Report on Form 10-K include, but are not limited to, statements about our:
ability to attract new clients and retain and expand our relationships with existing clients;
ability to expand our service offerings and develop new platform features;
future financial performance, including trends in revenue, costs of revenue, gross margin, and operating expenses;
ability to compete successfully in competitive markets;
ability to respond to rapid technological changes;
expectations and management of future growth;
ability to enter new markets and manage our expansion efforts, particularly internationally;
ability to attract and retain highly-qualified employees, whom we refer to as team members;
ability to effectively and efficiently protect our brand;
ability to timely scale and adapt our infrastructure;
ability to maintain, protect, and enhance our intellectual property and not infringe upon others’ intellectual property;
ability to successfully identify, acquire, and integrate companies and assets;
expectations regarding our gross bookings; and
expectations regarding the impact of any macroeconomic challenges (including high inflationary and/or high interest rate environments, or market volatility caused by bank failures and measures taken in response thereto), natural disasters, or public health emergencies, such as the COVID-19 pandemic, on our business and results of operations.
All forward-looking statements included in this Annual Report on Form 10-K are based on information available to us on the date hereof. We assume no obligation to update forward-looking statements made in this Annual Report on Form 10-K, including, without limitation, to reflect events or circumstances after the date of this Annual Report on Form 10-K or new information or the occurrence of any unanticipated events, except as required by law. Any or all of our forward-looking statements in this document may turn out to be wrong. Actual events or results may differ materially. Our forward-looking statements can be affected by inaccurate assumptions we might make or by known or unknown risks, uncertainties and other factors. We discuss many of these risks, uncertainties and other factors in this Annual Report on Form 10-K in greater detail under the subheading below “Summary of Risk Factors” as well as heading “Item 1A—Risk Factors.” We caution investors that our business and financial performance are subject to substantial risks and uncertainties.
3

Summary of Risk Factors
We operate in a highly competitive industry, and if we are not able to compete effectively, our business and results of operations will be harmed.
We may be unable to successfully execute on our growth initiatives, business strategies, or operating plans, as well as cost reduction and restructuring initiatives.
If we fail to effectively manage our growth and organizational change, our business and results of operations could be harmed.
Macroeconomic challenges (including high inflationary and/or high interest rate environments, or market volatility caused by bank failures and measures taken in response thereto) and any new public health crisis could harm our business, results of operations, and financial condition.Failure by our clients to obtain proper permissions and waivers may result in claims against us or may limit or prevent our use of data, which could harm our business.
If we do not continue to innovate and provide services that are useful to clients and users, we may not remain competitive, and our revenue and results of operations could suffer.
Our business could be adversely affected if our clients are not satisfied with our cloud-based data platform, software analytics applications, and professional services expertise (our Solution).
If our existing clients do not continue or renew their contracts with us, renew at lower fee levels or decline to purchase additional technology and services from us, it could have a material adverse effect on our business, financial condition, and results of operations.
Our business and operations may suffer in the event of information technology system failures, cyberattacks, or deficiencies in our cybersecurity.
Actual or perceived failures to comply with applicable data protection, privacy and security laws, regulations, standards and other requirements could adversely affect our business, results of operations, and financial condition.
Our Solution is dependent on our ability to source data from third parties, and such third parties could take steps to block our access to data, or increase fees or impose fees for such access, which could impair our ability to provide our Solution, limit the effectiveness of our Solution, or adversely affect our financial condition and results of operations.
Our results of operations have in the past fluctuated and may continue to fluctuate significantly, and if we fail to meet the expectations of securities analysts or investors, our stock price and the value of an investment in our common stock could decline substantially.
Our pricing may change over time and our ability to efficiently price our Solution will affect our results of operations and our ability to attract or retain clients.
If our Solution fails to provide accurate and timely information, or if our content or any other element of our Solution is associated with faulty clinical decisions or treatment, we could have liability to clients, clinicians, patients, or others, which could adversely affect our results of operations.
We rely on third-party providers, including Microsoft Azure, for computing infrastructure, network connectivity, and other technology-related services needed to deliver our Solution. Any disruption in the services provided by such third-party providers could adversely affect our business and subject us to liability.
We rely on Internet infrastructure, bandwidth providers, data center providers, other third parties, and our own systems for providing our Solution to our users, and any failure or interruption in the services provided by these third parties or our own systems could expose us to litigation, potentially require us to issue credits to our clients, and negatively impact our relationships with users or clients, adversely affecting our brand and our business.
4

Item 1. Business
Overview
We are a leading provider of data and analytics technology and services to healthcare organizations. Our Solution comprises our cloud-based data and analytics platform, software applications, and professional services expertise. Our clients, which are primarily healthcare providers, use our Solution to manage their data, derive analytical insights to operate their organization, and produce measurable clinical, financial, and operational improvements. We envision a future where all healthcare decisions are data-informed.
The Health Catalyst Way
Our Mission
Our mission is to be the catalyst for massive, measurable, data-informed healthcare improvement. We fulfill our mission through a confluence of the following elements:
Data and Analytics Platform: integrate data in a flexible, open, scalable, and modular platform to power insights;
Applications: deliver analytics insights on how to measurably improve and automate processes to drive efficiency;
Expertise: enable data-informed improvement by providing expertise and managed services;
Measurable Improvement: Trust builds, client engagement increases, and learnings expand across the ecosystem; and
Engagement: attract, develop, retain, and empower extraordinary team members deeply engaged and committed to the mission of improvement.

5

The Health Catalyst Flywheel
We accomplish our mission with each of our clients by following a process and strategy we call the Health Catalyst Flywheel (the Flywheel). This process includes delivering on the three components of our Solution: data and analytics platform, applications, and expertise, which together drive measurable improvements. At the center of the Flywheel is the engagement of our team members. Team member engagement is foundational to everything we do and is the #1 priority of our CEO and broader leadership team. When team members feel connected to our mission and are listened to, cared for, and respected at an extraordinary level, they produce outstanding work, which enables our clients to measurably improve. As clients realize improvements, their trust in Health Catalyst builds, their engagement in our shared work increases, and they choose to renew and expand their relationship with us, while also referring Health Catalyst to key decision-makers at other potential clients. Client renewal, expansion, and referral produce growing, scalable, and predictable financial performance.
The cycle described above creates momentum for our business and is encapsulated in the following diagram:
FlyWheel.jpg
Given the central importance of team member engagement to our company’s long-term success, we have been purposeful in defining and emphasizing operating principles and cultural attributes that reinforce the commitment to our mission and to team member engagement. We consistently focus on our operating principles and cultural attributes, as well as our mission and Flywheel (collectively, the Health Catalyst Way), which we review in all new hire orientations, company-wide meetings, and board of directors’ meetings. Furthermore, we regularly measure our team member engagement and adjust our practices based on team member feedback. We have demonstrated an elite, consistent level of team member engagement over time as demonstrated by a 94th to 99th percentile ranking, as measured by Gallup.
We will continue to emphasize the Health Catalyst Way, including our operating principles and cultural attributes, which we believe will be central to our long-term success.
6

Our Operating Principles
The principles that govern our daily interactions include:
Improvement
We are deeply committed to enabling our clients to achieve and sustain measurable clinical, financial, and operational improvements
We nurture deep, long-term client partnerships because achieving and sustaining improvement is a transformational journey (not a quick trip)
We pragmatically prioritize innovations that accelerate improvement
We attract, develop, and retain experts who know best practices in their domain, leverage analytics for insight, and accelerate adoption for sustained improvement
Accountability
We are all accountable to ourselves and to one another to proactively show up every day in support of our company’s mission
We make decisions that balance and optimize the interests of our teammates, clients, patients, and owners
We avoid an entitlement mentality and are good stewards of our assets
We don’t micro-manage and we show trust while also having high expectations of ourselves and of one another
Respect
We recognize the immeasurable value of every individual
We listen carefully to one another and learn from each of our colleagues
We care deeply about our colleagues, including teammates, clients, patients, and owners
We benefit from one another’s diverse backgrounds and experiences, and are unified by our company’s mission
Transparency
We are honest and compassionate in our interactions with others and with ourselves, even if the truth is hard
We strive to live up to the Health Catalyst Way in all settings
We treat confidential information appropriately, and we protect the private data of our clients’ patients
We recommend the best solutions for our clients, whether or not those solutions come from Health Catalyst
Our Cultural Attributes
The attributes we prioritize in hiring, retention, and promotion include:
Continuous learning
I can share with and learn from others
I love to learn, and I am a lifelong student
I recognize my mistakes and correct them quickly
7

I seek and respond favorably to feedback and coaching
I value my autonomy and use it to gain new knowledge and skills
I recognize that diversity of perspectives leads to better decisions
I am self-aware and seek improvement, personally and professionally
I watch, listen, and learn from others; thank them for their teachings; and apply the teachings to the mastery of my profession; and I do the same for others
Commitment
I have a deep, long-term commitment to healthcare improvement
I stick to the task until the job is completed
I lead a balanced, healthy life that enables me to sustain my pace
I am willing to contribute more than my fair share to a project
I make personal sacrifices, as needed, to get the work done
I recognize that not every part of my job will be fun
Humility
I listen first
I serve others without looking for recognition
My first assumption with others is positive intent
I am secure in my own abilities (quiet self-confidence)
I seek to improve myself before trying to improve others
I am excited when others succeed, and I offer sincere praise
I often acknowledge others for their contributions
I frequently express gratitude and appreciation to those around me
I empower others to do their best and give proper credit to others
Excellence
I strive for excellence and quality in all aspects of my work; I show up to fulfill my role in the company's mission to the bets of my ability
I recognize the importance of excellence in pursuit of our mission
I strive to be well informed about events and trends in healthcare, data and analytics, and improvement
I actively contribute to the company’s pursuit of excellence - in the technology we build, in the services we provide, and in the functions that support this important work
I recognize and ask for help when I need it
8

Our Governing Principle: The Golden Rule
Treat others as we would wish to be treated—with kindness, humility, and respect.
Business Overview
Healthcare organizations operate in an environment that is characterized by waste, changing economics, and data complexity. Organizations that leverage analytics to make data-informed decisions will be better positioned to succeed in this environment. Our clients, which are primarily healthcare providers, use our Solution to manage their data, derive analytical insights to operate their organizations, and produce measurable clinical, financial, and operational improvements.
The core elements of our Solution include:
DOS data platform. The Data Operating System (DOS) is a healthcare-specific, cloud-based, open, flexible, scalable and self-service platform for analytics, app development and interoperability that provides clients a single comprehensive environment to integrate and organize data from their disparate software systems. Our DOS platform has been built with modern technology and is deeply embedded with healthcare domain knowledge, enabling a broad range of analytics. The DOS platform has amassed one of the largest and most comprehensive data assets of its kind, which enables us to deliver differentiated insights to our clients.
Analytics applications. Our software analytics applications are generally built on top of our data platform and are designed to analyze the most common problems our clients face across Clinical & Quality, Population Health, and Financial & Operational use cases. These analytics applications allow our clients to pinpoint opportunities for measurable improvement across their entire enterprise and are employed by a broad range of users from healthcare executives to front-line clinicians providing care. We developed this suite of analytics applications over the last several years based on thoughtful measurement of the most critical analytics needs faced by our clients. Our analytics applications are further enhanced by a broad range of analytics accelerators, which are pre-built, configurable data models with customizable visualizations that can be tailored to specific client needs.
Services expertise. Our world-class team consists of both analytics experts, such as data analysts, data engineers, and data scientists, and domain experts, such as healthcare administrators, physicians, and nurses. Our services are comprised of data and analytics services, domain expertise and education services, Tech-enabled Managed Services (TEMS), and implementation services. Our services team members leverage our technology to help our clients shorten time-to-value and achieve sustainable measurable improvements. Examples of the services expertise we provide include opportunity analysis and prioritization, data governance, data modeling and analysis, quality and process improvement strategy, cost accounting, data abstraction, and population health strategies. Our approach to integrate data, analytics, and expertise into a holistic Solution is differentiated and parts of our Solution have historically been recognized as among the best in the industry by multiple third parties, including KLAS, Chilmark Research, and others.
We have generated over 1,600 documented, client-verified improvements across clinical, financial, and operational domains. Each of these documented improvements is highly valuable to our clients, enabling them to realize substantial clinical improvements, financial savings, or operational efficiencies. As we deliver measurable improvements, trust builds, and our clients engage with us more broadly and refer new business. This is evidenced by a continued increase in improvements achieved by our clients over time. Clients who have recently contracted with us have already started achieving measurable improvements, while longer-standing clients have seen the number of annual improvements meaningfully grow.
We serve the majority of our clients through a subscription-based contract model. As of December 31, 2023, we served 109 DOS Subscription Clients and over 525 other clients. The majority of our clients who are not DOS Subscription Clients are technology clients resulting from our business acquisitions and are also generally on subscription contracts. Our clients include academic medical centers, integrated delivery networks, community hospitals, large physician practices, Accountable Care Organizations (ACOs), health information exchanges, health insurers, and other risk-bearing entities. Example clients include Allina Health, AlohaCare, Carle Health, Children’s Hospital of Orange County, Community Health Network, INTEGRIS Health, Lifepoint Health, Mass General Brigham, Queen's Health System, Steward Health Care, Temple University Health System, UnityPoint Health, and UPMC.


9

Our Strengths
Our operational and financial success is based on the following key strengths:
Healthcare-specific, flexible, open, and scalable data platform. DOS was purpose-built to handle healthcare-specific data management and analytics use cases, including the ingestion of disparate healthcare data sources. By linking healthcare-specific vocabularies and rules with a flexible and adaptable framework, we enable faster and more repeatable analytics. As an open and self-service platform, we support the development of analytics applications on top of DOS, which can accelerate the adoption and integration of our DOS platform by our clients. The majority of analytics applications that are run on top of DOS are client-generated as opposed to outputs of our applications. The scalable, cloud-based infrastructure enables quicker product iteration and deployment.
Integrated and comprehensive nature of our Solution creates measurable improvements. Through the delivery of our comprehensive and integrated Solution of data, analytics, and services expertise, we enable measurable improvements for our clients. Our Solution has generated over 1,600 documented, client-verified improvements across clinical, financial, and operational domains.
Attractive operating model. We have an attractive operating model due to the recurring nature of the vast majority of our revenue and the scalability of our DOS platform and analytics applications. Our recurring revenue subscription model provides a high degree of revenue visibility. The open and flexible nature of DOS makes it highly scalable, which allows us to deliver additional analytics applications on top of DOS with limited incremental costs. We expect the benefits of our operating model and cost structure to generate operating leverage in our business.
Unique and differentiated culture focused on team member engagement. Our leadership team’s commitment to the team member is central to our long-term success. Our commitment to building and maintaining a culture where team members are highly engaged in our mission directly benefits not only team members, but also our clients and other stakeholders.
The team member experience is the #1 priority of our CEO and other members of our leadership team. On a daily basis, our leadership focuses on the team member experience, by listening carefully to team member feedback and making changes based on this feedback, by erring in favor of the team member, and by working as an advocate for each team member. This focus enables team members to become highly engaged in fulfilling our mission to be the catalyst for massive, measurable, data-informed improvement in healthcare.
This deep team member engagement in our mission leads team members to build world-class data and analytics technology and to provide industry-leading expertise. The care that the leadership team shows to team members becomes the same care that team members show to our clients, and through this care and commitment, our clients experience accelerating and measurable improvement, which leads them to renew, expand, and refer. By focusing on the team member experience, our clients realize greater improvements, which leads to a high-growth, predictable business model.
Recognized industry leader by multiple third parties. The strength of our Solution has been recognized by multiple third-parties as among the best in the industry. These include KLAS Overall Customer Satisfaction Scores that have historically been among the highest in the peer group, as well as Chilmark Research and others. We recognized early on that healthcare organizations need purpose-built technology products and services to support data-driven insights, and have spent more than a decade building and commercializing our healthcare-specific Solution. We invested meaningful time and resources over the last decade to build a comprehensive and differentiated set of products and services for our clients, which is not easily replicated by other healthcare and/or technology companies. Our clients benefit from our technology innovation and expertise which allows them to avoid the significant time, financial resources, and technical proficiency they would need to invest to build related capabilities in-house. Similarly, the overall complexity and dynamic nature of healthcare require purpose-built products and services to address the challenges our clients face, preventing traditional technology companies from easily leveraging and deploying existing platforms.
Tenured management team with healthcare technology experience. Health Catalyst is led by a team of healthcare and data veterans with many years of combined experience leading digital transformation at health systems. Our founders collaborated for nearly a decade to pioneer and develop a new data warehousing architecture that resolves many of the problems encountered using traditional data warehousing methodologies. The unique combination of talent and experience across healthcare and technology, as well as our management team’s commitment to the Health Catalyst Way, underpin everything we do.
10

Our Growth Strategies
Our growth strategies reflect our mission to be the catalyst for massive, measurable, data-informed healthcare improvement. Our focus on multiple channels, as well as our collaborative company culture, results in high levels of sustainable growth. Our strategic levers to drive growth include:
Grow our overall client base. We have a substantial opportunity to continue growing our client base through our active sales and marketing strategy and significant word-of-mouth references. We currently estimate our total core addressable market to include more than 1,200 healthcare organizations, including health systems and risk-bearing entities. We believe there is ample room to win new business and deepen market penetration in our core market. Further, healthcare providers outside of the United States face similar challenges to those in the United States and can implement our Solution to address them. We plan to opportunistically pursue entry into and expansion within international markets.
Expand within our current client base. We intend to deepen and expand the relationships we have with our existing client base. Our relationship with a new client oftentimes starts through the use of targeted software analytics applications and services to pinpoint and achieve a single measurable clinical, financial, or operational improvement. As we deliver measurable improvements, trust builds, and our clients engage with us more broadly and purchase additional applications and services. We have achieved DOS Subscription Client growth in part due to strong client retention and client referrals. This is evidenced by our positive Dollar-based Retention Rates for DOS Subscription Clients of 100%, 100%, and 112% for the years ended December 31, 2023, 2022, and 2021, respectively. We will continue to invest in helping clients identify additional uses for our Solution, ensuring they achieve measurable improvements throughout our relationship with them, including through our Tech-Enabled Managed Services (TEMS) offering. See “Management’s Discussion and Analysis of Financial Condition and Results of Operations” in this Annual Report on Form 10-K for more information regarding the definitions of Dollar-based Retention Rate and DOS Subscription Clients.
Add new analytics applications and services offerings. The expansion of our Solution and enhancement of our applications library will accelerate as we deepen our client relationships and add to our dataset. Because our DOS platform is open and we partner with our clients, we are able to identify new opportunities for further improvements and leverage that insight with other clients across our core market to develop new analytics applications and services offerings. We have used this process to build several new software applications through our history, and we will continue to invest in product development, particularly at the analytics applications layer of our technology stack.
Grow our addressable market through additional healthcare business segment adjacencies. We believe there are significant applications for our Solution outside of our core market, as evidenced by our early efforts to expand into certain international markets. While we believe there are significant opportunities in our core market, these business segment adjacencies have the potential to significantly grow our addressable market and business over time.
Selectively pursue acquisitions and partnerships. While we expect this will be less of a focal area in the near term, we plan to continue evaluating and identifying opportunities where we can leverage our DOS platform to scale and consolidate both data assets and best-of-breed applications. We believe that competing point solutions vendors will have difficulty in growing their offerings into sustainable businesses, which we believe translates into a robust mergers and acquisitions pipeline for us. We have a track record of identifying and integrating new and complementary capabilities, including our acquisitions of Medicity, Able Health, Healthfinch, Vitalware, Twistle, KPI Ninja, ARMUS, and ERS. Moreover, we believe the companies we partner with and acquire choose us because of our collaborative, best-in-class culture which we view as a differentiating factor in sourcing acquisitions and partnerships.

11

Our Solution
Our Solution empowers our clients to run a data-informed business. Our healthcare-specific, open, flexible, scalable, and self-service DOS platform, advanced analytics applications, and services expertise guide our clients to greater levels of digital maturity, enabling clinical, financial, and operational improvements. The diagram below illustrates the three layers of our comprehensive Solution.
Our Solution_v2.jpg
Data and analytics platform - the Data Operating System (DOS)
The DOS platform is a healthcare-specific, open, flexible, scalable, and self-service data and analytics platform that allows our clients to integrate and organize their disparate data sources to enable insights across clinical, financial, and operational objectives. It serves as a digital backbone, allowing clients to extract data from transactional source systems, combine disparate data sets into a unified source of truth, and query the dataset directly. DOS is a cloud-based technology that we primarily provide through Microsoft Azure. In order to enable more advanced feature development and functionality, we are in the process of migrating the small number of remaining on-premise DOS clients to Microsoft Azure. Additionally, we are investing in our DOS platform’s development of single-instance, multi-tenant architecture, as well as enhanced elastic compute capabilities supported by Snowflake and Databricks database technologies.
DOS has been uniquely designed and purpose-built to handle the complex, ever-evolving nature of healthcare-specific data and analytics. This includes healthcare-specific terminology, data governance, meta-data management, and analytics. By creating healthcare-specific data models to organize industry-specific data, we enable faster and more repeatable analytics and insights. We have developed the capabilities to turn these insights into actions by connecting our analytics into the workflow systems, such as an electronic health record (EHR). Clients may directly access our DOS platform or may indirectly access DOS through use of modular components of DOS or other parts of our Solution that leverage DOS. Certain components of DOS may be sold on a standalone basis, including Healthcare.AI, Pop Analyzer, IDEA, and other DOS platform components. The vast majority of our DOS Subscription Clients’ contracts include access to all attributes and components of DOS.
Differentiating attributes of DOS include:
Data Warehouse. We believe our innovative architecture has a proven track record of agility and adaptability to new rules, vocabularies, and data content. Our open and self-service platform enables database-level querying and custom analytics use-cases.
Source Connectors. Our DOS platform is designed to quickly ingest data from the numerous systems and siloed data sources our clients possess. We have prebuilt connectors to the most common transactional software systems used by healthcare organizations. The DOS data management console enables clients to manage robust Extract Transform Load (ETL) processes and scheduling.
12

Cloud-based. Modern cloud-based architecture is secure and scalable. Being cloud-based enables quicker product iteration and innovation.
Reusable data logic. Registries, value sets, and other data logic sit on top of the raw data and can be accessed, reused, and updated through open application programming interfaces (APIs), enabling client and third-party application development. We update hundreds of registries, value sets, and measure logic regularly. We believe this reusable healthcare data content enables clients to achieve analytic value more quickly than leveraging homegrown or cross-industry products and services.
Machine learning. Embedded within DOS are machine learning algorithms that our clients can leverage for predictive analytics. Clients can also build their own machine learning data pipelines within DOS.
Terminology services. By standardizing the complex language used to code entries in various health records and clinical systems, DOS facilitates decision support, consistent reporting, and analytics and interoperability.
Expert data collections. A combination of our expert healthcare data model and suite of curated data collections tuned to general and specific healthcare solutions helps our clients build a sustainable data management system for the future needs of healthcare.
Text processing. Enables the extraction of additional data currently trapped in various unstructured text. We believe the ability to gather insight from clinical notes remains an area of untapped healthcare intelligence with tremendous potential.
Real-time streaming and interoperability. Near or real-time data streaming from the source all the way to the expression of that data through DOS, supporting both transaction-level exchange of data and analytic processing.
Big data. Ability to access, organize, and analyze massive and unique, structured and unstructured, data sets allows us to drive differentiated analytic insights for our clients.
Reporting (Pop Insights). Enables users to add clinical, financial, and operational measures in an executive dashboard format. Measures are trended over time and updated on a near real-time basis from DOS. Users can customize information, share it with others, and set their own alerts and notifications. As a result, executives and their teams are empowered to take control of the data deluge to plan, prioritize improvement projects, create alignment among groups, strategize the best products and services, and communicate decisions more effectively.
Benchmarking (Touchstone). Uses artificial intelligence to proactively identify where a client is performing relative to benchmark sets composed of proprietary and publicly-available data, and subsequently recommends and prioritizes opportunities for improvement.
AI (Healthcare.AI). Transformational suite of healthcare-specific, self-service AI products distinguished by capabilities in analytics integration, predictive modeling, retrospective comparisons, and prescriptive optimization.
Analytics (Pop Analyzer). Enables non-SQL writers like clinicians and administrators to dynamically author, manage, view, and publish pre-built and custom population ruleset definitions using a drag-and-drop interface. Rulesets can be published as a registry, leveraged across the DOS platform, and augmented with summary metrics using our tools. These registries can be used for internal quality improvement and research efforts or for reporting to external organizational registries.
Data entry (IDEA). Collects custom sets of data for instant entry into DOS.


13

Analytics applications
We have thoughtfully developed and acquired several scalable analytics applications that allow us to deliver the right data to the right place at the right time. Combining this pioneering technique with our data asset of more than one hundred million patient records, our clients systematically uncover opportunities for actionable interventions. We have organized our analytics applications into robust sets of applications that generate meaningful insights for improvement in key areas: Clinical & Quality, Population Health Management, and Financial & Operational.

Clinical & Quality
Patient safety (Patient Safety Monitor). Trigger-based surveillance system enabled by DOS. This application monitors patient-level data and applies machine learning algorithms to help clinicians predict whether a patient is currently at risk for a safety event so that the patient’s clinicians can intervene as they deem necessary to prevent harm events.
Clinical accelerators. Pre-built clinical data models and customizable visualizations that leverage the broad set of integrated data stored within our DOS platform for a specific analytic use-case. We believe these help clients achieve a much faster time-to-value solution compared to building an analytic model from the ground up.

Population Health Management
Care management (Care Flow). Patient-centric population health service that utilizes data integration, patient stratification and intake, care coordination, patient engagement, and performance measurement to optimize care delivery for high-risk patients.
Pop health analytics (Pop Analyzer, Stratify, Pop Insights). A suite of population-health specific analytics modules, enabling population-level analytics and reporting to support value-based care arrangements.
EMR embedded insights (Care Gaps and Refills). Cloud-based product suite that provides a workflow integration engine delivering insights and analytics into electronic medical record (EMR) workflows to automate physicians’ ability to close patient care gaps in real-time.
Quality and regulatory measures (MeasureAble). Foundational product for integrating hundreds of measures across financial, regulatory, and quality departments and reporting those measures to third-party entities like the Centers for Medicare & Medicaid Services (CMS). Enables proactive measures surveillance to enhance outcomes and facilitates monitoring behaviors, interventions, and activities needed to influence, manage, or change outcomes.
Pop health strategy (Value Optimizer). Allows for a comprehensive, quantified view of potential financial improvement opportunities within a value-based care arrangement. These insights help population health leaders optimize their value-based care strategy and make population health efforts profitable.
Patient engagement (Twistle). Healthcare patient engagement SaaS technology that, among other uses, helps automate patient-centered, personalized, multi-channel communication between care teams and patients that aims to transform the patient experience, drive better care outcomes, and reduce healthcare costs.

Financial & Operational
Activity-based costing (PowerCosting). Activity-based costing software application that leverages clinical and operational data from DOS to calculate a true cost of clinical processes and patients on the most granular level. Enables CFOs, physicians, service line leaders, and clinical and financial analysts to understand the true cost of providing care and relate those costs to patient outcomes.

14

Revenue improvement and chargemaster analytics (VitalCDM). Revenue workflow optimization and analytics solution that organizes, displays, and manages all chargemaster data within one connected solution, enabling hospital billing departments to operate more transparently, price strategically, and present an accurate bill or claim with consistency. We believe this technology is proven to create more accurate reimbursement, increase operational efficiency, and minimize compliance risk.
Labor productivity (PowerLabor). A labor management solution that allows healthcare decision makers to predict labor needs, plan for changes in staffing, and optimize staff-to-patient ratios.
Revenue integrity and auditing (VitalIntegrity). Comprehensive charge capture solution that efficiently manages hospital charge capture processes, detects compliance issues, and minimizes revenue leakage resulting from under- and over-charging, late or missing coding, mismatched charges and supplies, and a wide range of chargemaster-related issues.
Price transparency (Hospital Price Index). Enables hospitals to address pricing transparency, including complex requirements of the price transparency mandate.
Financial accelerators. Pre-built financial data models and customizable visualizations that leverage the broad set of integrated data stored within our DOS platform for a specific analytic use-case. We believe these help clients achieve a much faster time-to-value solution compared to building an analytic model from the ground up.

Services and improvement expertise
We provide a range of high-value-add professional services to help our clients implement and maximize the value of our Solution. Our professional services experts combine industry-leading talent across multiple domain areas with a deep working knowledge of our technology to help our clients achieve a faster time-to-value and drive more meaningful and sustainable measurable improvements. Our services expertise can be provided as a supplement to our clients’ existing teams or as an outsourced function for our clients. Our team is comprised of over 1,000 analytics experts and domain experts, including several nationally-recognized healthcare and analytics leaders.
Our domain experts provide services across a range of specialties, including:
Infrastructure, data, and analytics services expertise:
Data engineering services. Help clients ingest data sources and provide consulting around DOS best practice and strategy around leveraging new DOS features.
Analytics engineering services. Partner with clients to generate meaningful insights produced from Health Catalyst technology that lead improvement efforts. Guides best practice and training.
Implementation services. Implement and configure DOS and analytics applications.
Data science services. Work with client teams to apply scientific methods, processes, algorithms, and systems to ask and answer questions using data.  In addition, build software tools to enable self-service capabilities for clients.
Analytics strategy services. Provide agile development workshops, continued data architecture and ETL support, documentation and training, measure reporting efficiency, and prioritization and staff augmentation.
Data governance services. Offer advisory services related to leveraging clients’ unique, strategic data assets, managing data access and security, and establishing cross-functional governance structures.
Tech-enabled Managed Services. Managed services solution that enables healthcare organizations to boost efficiencies, capabilities, and savings—and optimize employee experience—through outsourcing specific functions, such as data abstraction or analytics, to Health Catalyst. In many cases, this solution includes re-badging existing health system team members within the applicable functional area as Health Catalyst team members.
15

Healthcare domain expertise:
Quality and process improvement strategy. Organizational readiness assessments and opportunity analysis. Clinical pathways, best practices, and protocol implementation. Lean methodology and clinical variation reduction recommendations.
Patient safety services. Transition from voluntary under-reporting to proactive prevention using data-driven triggers.
Cost accounting services. Expert analysis of fine-grain activity-based costing methods and cost-saving improvement opportunities.
Population health and value-based care services. Organizational transformation services to enhance abilities to take on cost risk for patient populations.
Abstraction data submission services. Support in collecting quality and regulatory information and submitting it to various associations.
Health Catalyst University - educational services. Hands-on courses, programs, and customizable training opportunities to provide our clients with knowledge, practical skills, and take-home tools needed to drive improvement efforts.
Our Clients
Our clients comprise academic medical centers, integrated delivery networks, community hospitals, large physician practices, ACOs, health information exchanges, health insurers, and other risk-bearing entities. Today, we help executives, administrators, clinicians, and technicians in hundreds of hospitals and thousands of clinics. We work closely in collaboration with many key stakeholders including chief executive officers, chief financial officers, chief information officers, chief technology officers, population health teams, and IT teams among others. From our perspective, discussions regarding data and analytics strategy have oftentimes transitioned from a discussion with members of the IT department to an enterprise-wide, strategic discussion with the C-suite and other leadership members. No client represented more than 10% of our total revenue for the years ended December 31, 2023, 2022, and 2021.
Team Members and Culture
We currently employ more than 1,300 team members. We believe that we have good relationships with our team members. None of our team members are subject to collective bargaining agreements or are represented by a union.
Our corporate culture is a critical component of our success. We believe that building and maintaining a remarkable culture benefits our clients, team members, and our other stakeholders. Our culture promotes an environment where team members trust each other, strive to continually learn, are motivated to lead hard-working yet balanced lives, make decisions with integrity and humility in mind, communicate openly and honestly, embrace teamwork and collaboration, and enjoy their days at work.
Our team members, who strive to uphold our values and live our mission every day, are at the forefront of cultivating and spreading this culture across the healthcare organizations that we serve. This continuous interaction across the entire Health Catalyst community creates a cycle that further reinforces our culture and fuels our growth.
Our team member engagement scores, as measured by Gallup, have consistently ranked in the 94th to 99th percentile and our KLAS Customer Satisfaction Score for Relationship is above the Data and Analytics Platform average. We engage compensation consultants to enable us to make data-informed decisions with respect to our compensation and benefit packages so we continue to attract and retain top talent. Moreover, we have received numerous awards and recognition for our culture and service to our clients. In total, we have been recognized 87 times as a “best place to work” by Glassdoor, Gallup, and Modern Healthcare, among others. Additionally, we have received multiple awards for client satisfaction and excellence from KLAS, Chilmark Research, and others. For example, our Chargemaster Management product, a revenue analytics product addition through the Vitalware acquisition, was ranked Best in KLAS for 2019, 2020, 2021, 2022, and 2023. We believe that these honors demonstrate the loyalty of our team members and our clients and that our culture is driving the behaviors that will help fuel our future growth.


16

Sales and Marketing
We market and sell our services to healthcare organizations primarily in the United States and we opportunistically market and sell in other countries and regions. Our dedicated sales team identifies healthcare organizations that would benefit from our Solution. Our sales team works closely with our subject matter experts to foster long-term relationships with our clients’ and sales prospects’ leadership teams. In February 2024 we will hold our annual Healthcare Analytics Summit (HAS), an event showcasing data-informed improvements in healthcare.
Research and Development
Our ability to compete depends in large part on our continuous commitment to research and development and our ability to rapidly introduce and refine new applications, technologies, features, and functionality. Our research and development organization is responsible for the design, development, and testing of the technology portion of our Solution. Based on client feedback and needs, we focus our efforts on developing new products, functionality, applications, and core technologies and further enhancing the usability, functionality, reliability, performance, and flexibility of our Solution.
Intellectual Property
We rely on a combination of patent, trademark, and copyright laws in the United States as well as confidentiality procedures and contractual provisions to protect our intellectual property and trade secrets, including proprietary technology, databases, and our brand. As of December 31, 2023, we had fourteen issued U.S. patents, four issued Canadian patents, one issued Great Britain patent, and one issued European patent, which expire between 2026 and 2037, as well as one utility patent application pending in the United States. These patents and patent applications seek to protect proprietary inventions relevant to our business. We intend to pursue additional patent protection to the extent we believe it would be beneficial to our business and cost-effective.
We have registered “Health Catalyst” and our flame design logo as trademarks in the United States and certain other jurisdictions. We also have filed other trademark applications that are meaningful to our business in the United States and certain other jurisdictions and will pursue additional trademark registrations to the extent we believe it would be beneficial and cost-effective. We are the registered holder of a variety of domain names that include “Health Catalyst” and similar variations.
We maintain our intellectual property and confidential business information in a number of ways. For instance, we have a policy of requiring all employees and consultants to execute confidentiality agreements upon the commencement of an employment or consulting relationship with us. Our employee agreements also require relevant employees to assign to us all rights to any inventions made or conceived during their employment with us in accordance with applicable law. In addition, we have a policy of requiring individuals and entities with which we discuss potential business relationships to sign non-disclosure agreements. Lastly, our agreements with clients include confidentiality and non-disclosure provisions.
Competition
We have experienced, and expect to continue to experience, intense competition from a number of companies. Our primary competitors are industry-agnostic analytics companies, EHR companies, point solution vendors, and healthcare organizations that perform their own analytics using homegrown solutions. Industry-agnostic analytics companies that help healthcare organizations develop homegrown solutions include IBM, Snowflake, Microsoft, Tableau CRM, and Qlik. EHR companies include Cerner Systems and Epic Systems. Point solution companies include Optum Analytics, Premier, Arcadia.io, Strata Decision Technology, Craneware, Innovaccer, and Intersystems.
The principal competitive factors in our industry include:
level of client satisfaction;
ease of deployment and use of solutions and applications;
breadth and depth of solution and application functionality;
access to, and ability to glean insights from, large data sets;
brand awareness and reputation;
modern and adaptive technology platform;
17

capability for customization, configurability, integration, security, scalability, and reliability of applications;
total cost of ownership;
ability to innovate and respond to client needs rapidly;
size of client base and level of user adoption;
regulatory compliance verification and functionality;
domain expertise with respect to healthcare; and
ability to integrate with legacy enterprise infrastructures and third-party applications.
We believe that we compete favorably with our competitors on the basis of these factors. However, many of our competitors and potential competitors have significantly greater financial, technological, and other resources and name recognition than we do and more established distribution networks and relationships with healthcare providers. As a result, many of these companies may respond more quickly to new or emerging technologies and standards and changes in client requirements. These companies may be able to invest more resources in research and development, strategic acquisitions, sales and marketing, patent prosecution, litigation, and financing capital equipment acquisitions for their clients.
Government Regulation
Our business is subject to extensive, complex, and rapidly changing federal and state laws and regulations, as well as international laws with respect to our international clients. Various federal and state agencies have discretion to issue regulations and interpret and enforce healthcare laws. While we believe we comply in all material respects with applicable healthcare laws and regulations, these regulations can vary significantly from jurisdiction to jurisdiction, and interpretation of existing laws and regulations may change periodically. Federal and state legislatures also may enact various legislative proposals that could materially impact certain aspects of our business. The following are summaries of key federal and state laws and regulations that impact our operations:

Data Privacy and Security Laws

Numerous state, federal, and foreign laws, regulations, and standards govern the collection, use, access to, confidentiality, and security of health-related and other personal information, and could apply now or in the future to our operations or the operations of our partners. In the United States, numerous state and federal laws and regulations, including data breach notification laws, health information privacy laws, and consumer protection laws and regulations, govern the collection, use, disclosure, and protection of health-related and other personal information and could apply to our operations or the operations of our clients. In addition, certain foreign laws govern the privacy and security of personal data, including health-related data. Privacy and security laws, regulations, and other obligations are constantly evolving, may conflict with each other to complicate compliance efforts, and can result in investigations, proceedings, or actions that lead to significant civil and/or criminal penalties and restrictions on data processing.

Fraud, waste, and abuse

Even though we do not directly order or provide healthcare services that are reimbursable by Medicare, Medicaid or other third-party payors or submit claims or receive reimbursement from any such payor, certain federal and state healthcare laws and regulations pertaining to fraud, abuse, and waste apply or may apply to our business and to the financial arrangements through which we market, sell, and provide our services to our healthcare provider clients. These laws and regulations include or may include the following:

The federal Anti-Kickback Statute makes it illegal for any person to knowingly and willfully solicit, receive, offer, or pay any remuneration (including any kickback, bribe, or rebate), directly or indirectly, overtly or covertly, in cash or in kind, in exchange for, or intended to induce or reward, including arranging for or recommending, either the referral of an individual, or the purchase, lease, order, prescription, or recommendation of any good, facility, item or service for which payment may be made, in whole or in part, under a federal healthcare program, such as the Medicare and Medicaid program. A person or entity does not need to have actual knowledge of the federal Anti-Kickback Statute or specific intent to violate it to have committed a violation.

18

The federal civil and criminal false claims laws, such as the federal False Claims Act, and civil monetary penalties laws impose criminal and civil penalties and authorize civil whistleblower or qui tam actions, against individuals or entities for, among other things: knowingly presenting, or causing to be presented, to a federal government healthcare program, claims for payment that are false or fraudulent; making, using or causing to be made or used, a false statement or record material to payment of a false or fraudulent claim or obligation to pay or transmit money or property to the federal government; or knowingly concealing or knowingly and improperly avoiding or decreasing an obligation to pay money to the federal government. The government has prosecuted revenue cycle management service providers for causing the submission of false or fraudulent claims in violation of the False Claims Act. In addition, the government may assert that a claim including items or services resulting from a violation of the federal Anti-Kickback Statute constitutes a false or fraudulent claim for purposes of the federal False Claims Act. Moreover, private individuals have the ability to bring actions on behalf of the U.S. government under the federal False Claims Act as well as under the false claims laws of several states.

HIPAA also contains a provision that imposes criminal and civil liability for knowingly and willfully executing, or attempting to execute, a scheme to defraud any healthcare benefit program (including private payors) or obtain, by means of false or fraudulent pretenses, representations, or promises, any of the money or property owned by, or under the custody or control of, any healthcare benefit program, regardless of the payor (e.g., public or private) and knowingly and willfully falsifying, concealing or covering up by any trick or device a material fact or making any materially false statements in connection with the delivery of, or payment for, healthcare benefits, items, or services. Similar to the federal Anti-Kickback Statute, a person or entity does not need to have actual knowledge of the statute or specific intent to violate it in order to have committed a violation. Similarly, the federal false statements statute prohibits knowingly and willfully falsifying, concealing, or covering up a material fact or making any materially false statement in connection with the delivery of or payment for healthcare benefits, items, or services.

In addition, many states have similar fraud and abuse statutes and regulations that apply regardless of the payor, including commercial payors and self-pay patients. Violations of federal and state fraud and abuse laws may be punishable by criminal and/or civil sanctions, including significant penalties, fines, disgorgement, additional reporting requirements and oversight under a corporate integrity agreement or similar agreement to resolve allegations of noncompliance with these laws, imprisonment and/or exclusion or suspension from federal and state healthcare programs such as Medicare and Medicaid, and debarment from contracting with the U.S. government.

Corporate practice of medicine and fee-splitting laws

In many states, there are laws that that prohibit business entities, such as us, from providing professional medical services or directly employing or otherwise exercising control over professional judgment or medical decisions by physicians or other licensed healthcare professionals (such activities generally referred to as the “corporate practice of medicine”). Corporate practice of medicine regulations and other similar laws may also prevent fee-splitting, or the sharing of professional service income with non-professional or business interests. Overseeing care coordination, care management, or ambulatory operations teams could be alleged in some cases to involve treatment or diagnosis of patients which requires a clinic license or other state license or permission. Any determination that we are acting in the capacity of a healthcare provider and acting improperly as a healthcare provider, exercising undue influence or control over a healthcare provider or impermissibly sharing fees with a healthcare provider, may result in additional compliance requirements, expense, and liability to us, and require us to change or terminate some portions of our contractual arrangements or business.

Patient safety organization certification and other certification requirements

Our patient safety organization (PSO) is certified by the Agency for Healthcare Research and Quality (AHRQ), an agency of the Department of Health and Human Services (HHS). We must meet certain requirements to maintain this certification. In addition, there may be other federal and state certification requirements that we may be required to meet from time to time in connection with our Solution. We cannot be certain that our Solution will continue to meet these standards. The failure to comply with these certification requirements could result in the loss of certification.

Interoperability Standards. The Office of National Coordinator for Health Information Technology (ONC) is charged under the 21st Century Cures Act with developing a Trusted Exchange Framework that establishes governance requirements for trusted health information exchange in the United States. ONC has developed the U.S. Common Data Set for Interoperability which may lay the groundwork for future data exchange requirements for trusted exchange. ONC continues to modify and refine these standards.


19

We may incur increased software development and administrative expense and delays in delivering technology and services if we need to update our services to conform to these varying and evolving requirements. In addition, delays in interpreting these standards may result in postponement or cancellation of our clients’ decisions to purchase our services. If our services are not compliant with these evolving standards, our market position and sales could be impaired, and we may have to invest significantly in changes to our technology and services.

The 21st Century Cures Act includes provisions related to data interoperability, information blocking, and patient access. CMS and the ONC recently issued final rules related to these provisions, which include, among other things, requirements surrounding information blocking, changes to ONC’s Health IT Certification Program, and requirements that CMS-regulated payors make relevant claims/care data and provider directory information available through standardized patient access and provider directory APIs that connect to provider EHRs. Any failure to adequately comply with these rules may adversely impact our business and our ability to compete.

In a regulatory climate that is uncertain, our operations may be subject to direct and indirect adoption, expansion or reinterpretation of various federal and state laws and regulations. Compliance with these amended and/or future laws and regulations may require us to change our practices at an undeterminable and possibly significant initial monetary and annual expense. There could be laws and regulations applicable to our business that we have not identified or that, if changed, may apply to our business operations. Additionally, the introduction of new services may require us to comply with additional, yet undetermined, laws and regulations.

U.S. Food and Drug Administration (FDA)

The FDA regulates certain medical or health-related software, including machine learning functionality and predictive algorithms, if such software falls within the definition of a “medical device” under the Federal Food, Drug, and Cosmetic Act (FDCA). Medical devices are subject to extensive and rigorous regulation by the FDA and by other federal, state, and local authorities. The FDCA and related regulations govern the conditions of safety, efficacy, clearance, approval, manufacturing, quality system requirements, labeling, packaging, distribution, storage, recordkeeping, reporting, marketing, advertising, and promotion of medical devices.

However, historically, the FDA has exercised enforcement discretion for certain low-risk software functions, and has issued several guidance documents outlining its approach to the regulation of software as a medical device. In addition, FDCA excludes certain types of software from the definition of a medical device, including certain medical-related software functions used for administrative support at a healthcare facility, software intended for maintaining or encouraging a healthy lifestyle, software designed to store electronic health records, software for transferring, storing, or displaying medical device data or in vitro diagnostic data, and certain clinical decision support software. We believe our currently marketed products are not currently regulated by the FDA as medical devices, or are otherwise subject to FDA’s current enforcement discretion policies.

FDA premarket clearance and approval requirements - Unless an exemption applies, each medical device commercially distributed in the United States requires either FDA clearance of a 510(k) premarket notification, or approval of a premarket approval application (PMA). Under the FDCA, medical devices are classified into one of three classes—Class I, Class II, or Class III—depending on the degree of risk associated with each medical device and the extent of manufacturer and regulatory control needed to ensure its safety and effectiveness. Class I includes devices with the lowest risk to the patient and are those for which safety and effectiveness can be assured by adherence to the FDA’s General Controls for medical devices, which include compliance with the applicable portions of the Quality System Regulation (QSR), facility registration and product listing, reporting of adverse medical events, and truthful and non-misleading labeling, advertising, and promotional materials. Class II devices are subject to the FDA’s General Controls, and special controls as deemed necessary by the FDA to ensure the safety and effectiveness of the device. These special controls can include performance standards, post-market surveillance, patient registries, and FDA guidance documents.

While most Class I devices are exempt from the 510(k) premarket notification requirement, manufacturers of most Class II devices are required to submit to the FDA a premarket notification under Section 510(k) of the FDCA requesting permission to commercially distribute the device. The FDA’s permission to commercially distribute a device subject to a 510(k) premarket notification is generally known as 510(k) clearance. Devices deemed by the FDA to pose the greatest risks, such as life-sustaining, life-supporting or some implantable devices, or devices that have a new intended use, or use advanced technology that is not substantially equivalent to that of a legally marketed device, are placed in Class III, requiring approval of a PMA. Some pre-amendment devices are unclassified, but are subject to the FDA’s premarket notification and clearance process in order to be commercially distributed.

20

Post-market regulation - After a device is cleared or approved for marketing, numerous and pervasive regulatory requirements continue to apply. These include:
establishment registration and device listing with the FDA;
QSR requirements, which require manufacturers, including third-party manufacturers, to follow stringent design, testing, control, documentation, and other quality assurance procedures during all aspects of the design and manufacturing process;
labeling and marketing regulations, which require that promotion is truthful, not misleading, fairly balanced, and provides adequate directions for use and that all claims are substantiated, and also prohibit the promotion of products for unapproved or “off-label” uses and impose other restrictions on labeling;
clearance or approval of product modifications to 510(k)-cleared devices that could significantly affect safety or effectiveness or that would constitute a major change in intended use of one of our cleared devices;
medical device reporting regulations, which require that a manufacturer report to the FDA if a device it markets may have caused or contributed to a death or serious injury, or has malfunctioned and the device or a similar device that it markets would be likely to cause or contribute to a death or serious injury, if the malfunction were to recur;
correction, removal, and recall reporting regulations, which require that manufacturers report to the FDA field corrections and product recalls or removals if undertaken to reduce a risk to health posed by the device or to remedy a violation of the FDCA that may present a risk to health;
complying with requirements governing Unique Device Identifiers on devices and also requiring the submission of certain information about each device to the FDA’s Global Unique Device Identification Database;
the FDA’s recall authority, whereby the agency can order device manufacturers to recall from the market a product that is in violation of governing laws and regulations; and
post-market surveillance activities and regulations, which apply when deemed by the FDA to be necessary to protect the public health or to provide additional safety and effectiveness data for the device.
Manufacturers of medical device products marketed in the United States are required to comply with the applicable portions of the QSR, which cover the methods and the facilities and controls for the design, manufacture, testing, production, processes, controls, quality assurance, labeling, packaging, distribution, installation, and servicing of finished devices intended for human use. The QSR also requires, among other things, maintenance of a device master file, device history file, and complaint files. Device manufacturers are also subject to periodic scheduled or unscheduled inspections by the FDA. The FDA has broad regulatory compliance and enforcement powers.

If the FDA determines that a company has failed to comply with applicable regulatory requirements, including a determination that medical software products require prior FDA clearance or approval to be legally marketed in the United States, it can take a variety of compliance or enforcement actions, which may result in any of the following sanctions: warning letters, untitled letters, fines, injunctions, consent decrees, and civil penalties; recalls, withdrawals, or administrative detentions or seizure of products; operating restrictions or partial suspension or total shutdown of production; refusing or delaying requests for 510(k) marketing clearance or PMA approvals of new products or modified products; withdrawing 510(k) clearances or PMA approvals that have already been granted; refusal to grant export or import approvals; or criminal prosecution.

Foreign regulations
Our subsidiaries in the United Kingdom, India, Singapore, the United Arab Emirates, and Australia are subject to additional regulations by the Governments of the United Kingdom, India, Singapore, the United Arab Emirates, and Australia, respectively, as well as their respective subdivisions. These include federal and local corporation requirements, restrictions on exchange of funds, employment-related laws, and qualification for tax status.
Foreign Corrupt Practices Act (FCPA) and foreign anti-bribery laws. The FCPA makes it illegal for U.S. persons, including U.S. companies, and their subsidiaries, directors, officers, employees, and agents, to promise, authorize or make any corrupt payment, or otherwise provide any item of value, directly or indirectly, to any foreign official or any foreign political party or party official to obtain or retain business. Violations of the FCPA can also result in violations of other U.S. laws, including anti-money laundering, mail and wire fraud, and conspiracy laws. There are severe penalties for violating the FCPA. In addition, the Company may also be subject to other non-U.S. anti-corruption or anti-bribery laws, such as the U.K. Bribery Act 2010.
21

Export controls. Economic and trade sanctions programs that are administered by OFAC prohibit or restrict transactions to or from, and dealings with specified countries, their governments, and in certain circumstances, with individuals and entities that are specially designated nationals of those countries, and other sanctioned persons, including narcotics traffickers and terrorists or terrorist organizations. Further, federal regulations impose authorization, reporting, and/or licensing requirements prior to the export of certain software that incorporates encryption technology. These requirements may apply to our Solution to the extent that our software with encryption functionality is implemented abroad or is hosted on servers in a foreign country to provide services to clients outside the United States. In addition, various countries also regulate the import of certain encryption technology, including through import permitting and licensing requirements, and have enacted laws that could limit our clients’ ability to import our technology into those countries.
Corporate Information
Health Catalyst, Inc. (Health Catalyst) was incorporated under the laws of Delaware in September 2011. We were formerly known as HQC Holdings, Inc. In March 2017, we changed our name to Health Catalyst, Inc. Our principal executive offices are located at 10897 South River Front Parkway #300, South Jordan, Utah 84095, and our telephone number is (801) 708-6800. We completed our initial public offering of shares of our common stock, also referred to as our IPO, in July 2019, and our common stock is listed on Nasdaq under the symbol “HCAT.” Our corporate website address is www.healthcatalyst.com.  Information contained on or accessible through our website is not part of this Annual Report on Form 10-K.

Human Capital Management
At the center of the Flywheel is the engagement of our team members. Team member engagement is foundational to everything we do and is the #1 priority of our CEO and broader leadership team. When team members feel connected to our mission and are listened to, cared for, and respected at an extraordinary level, they produce outstanding work, which enables our clients to measurably improve. As clients realize improvements, their trust in Health Catalyst builds, their engagement in our shared work increases, and they choose to renew and expand their relationship with us, while also referring Health Catalyst to key decision-makers at other potential clients. Client renewal, expansion, and referral produce growing, scalable, and predictable financial performance.
Our key human capital management objectives include, among others: (i) attracting, developing, and retaining a diverse and talented workforce; (ii) providing opportunities for learning, development, career growth, and movement within Health Catalyst; (iii) evaluating compensation and benefits, and rewarding performance; (iv) investing in physical, emotional, and financial health of team members; (v) obtaining team member feedback; (vi) maintaining and enhancing our culture and mission; and (vii) communicating with our board of directors on a routine basis on key topics. We have implemented and continue to develop many programs designed to achieve these priorities, some of which are further described below.

As of December 31, 2023, we had more than 1,300 team members, almost all of whom are located in the United States. We have not experienced any work stoppages, and we consider our team member relations to be good. We encourage you to review the Environmental, Social and Governance scorecard found on our website at https://ir.healthcatalyst.com/esg/overview (ESG Website) for more detailed information regarding our human capital programs and initiatives. The information on our website is not incorporated by reference into this Annual Report on Form 10-K.

Team member engagement

We regularly engage with our team members to assess their job satisfaction, including conducting regular team member surveys and hosting monthly all team member meetings in which leadership answers questions from team members. We use information from these sources, among others, to improve our ability to attract, develop, and retain talented team members who will help advance our mission.

Compensation, benefits, and wellness

In addition to market-competitive base pay, short-term bonus incentives, and long-term equity incentives, we provide comprehensive team member benefits and a variety of other health and wellness resources. We are committed to fair compensation and opportunity in our workplace.






22

Pay equity

We are committed to ensuring our team members receive equal pay for equal work. We establish components and ranges of compensation based on market and benchmark data. Within this context, we strive to pay all employees equitably within a reasonable range, taking into consideration factors such as role; market data; internal equity; job location; relevant experience; and individual, business unit, and company performance, among others. We regularly review our compensation practices and analyze the equity of compensation decisions. We institute measures, such as communications and trainings, to recognize, interrupt, and prevent bias in hiring, performance management, and compensation decisions and we provide resources to further develop managers and leaders to help them make equitable decisions about pay.

Diversity and inclusion

We are committed to fostering a culture of inclusion and belonging, and to building a diverse workforce to drive innovation and collective growth, which we believe is critical to our success. We continue to formalize and invest in our diversity and inclusion initiatives as further described on the ESG website listed above. These diversity and inclusion efforts spearheaded by our Chief People Officer and our six affinity groups in partnership with hundreds of our team members focus on diversity and inclusion in our workforce, in our workplace and in healthcare. We continue to focus upon inclusive recruitment and hiring practices to source diverse talent and mitigate potential bias throughout the hiring process, including expanding our internship program to include remote workplace options, and attendance diversity conferences and job fairs. Our Shades affinity group for team members of color contributes to the marketing and design of our AI-driven Health Equity Assessment and Guidance Solution to overcome disparities in care in the healthcare ecosystem. Over the past year, we continued our diversity training for our team members, including through our Diversity Dialogue Series, which included outside speakers.

Growth and development

We invest significant resources to develop talent and actively foster a learning culture where team members are empowered to drive their personal and professional growth. We offer extensive onboarding and regular training programs to prepare our team members at all levels for career progression and individual development. We also offer annual continuing education reimbursement to allow team members to be continuous learners and seek new challenges.

Flexible work environment

We help our team members succeed by providing flexibility in where and how they work. For many years, we have enabled team members to have flexible work arrangements, including a large percentage of remote team members. We believe these arrangements can increase team member’s ownership, satisfaction and productivity, as well as enable us to hire from a broader, more diverse pool of talent. Since the COVID-19 pandemic, we have allowed all team members to work remotely to protect their health, safety, and wellness, and we continue to support our workforce with the technology and infrastructure necessary to work from a remote location, including a work equipment and utilities reimbursement program to help our team members improve their dynamic workspaces.
Available Information
Our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, proxy statement, and all amendments to these filings are available free of charge from our investor relations website (https://ir.healthcatalyst.com/financial-information/sec-filings) as soon as reasonably practicable following our filing with or furnishing to the Securities and Exchange Commission, or the SEC, of any of these reports. The SEC’s website (https://www.sec.gov) contains reports, proxy and information statements, and other information regarding issuers that file electronically with the SEC.
Our investors and others should note that we announce material information to the public about our company, products and services, and other matters related to our company through a variety of means, including our website (https://www.healthcatalyst.com/), our investor relations website (https://ir.healthcatalyst.com/), press releases, SEC filings, public conference calls, and social media, including our and our CEO’s social media accounts, in order to achieve broad, non-exclusionary distribution of information to the public and to comply with our disclosure obligations under Regulation FD.
We encourage our investors and others to review the information we make public in these locations as such information could be deemed to be material information. Please note that this list may be updated from time to time. The contents of any website referred to in this Annual Report on Form 10-K are not intended to be incorporated into this Annual Report on Form 10-K or in any other report or document we file.
23

Item 1A. Risk Factors
You should carefully consider the following risk factors, in addition to the other information contained in this Annual Report on Form 10-K, including the section of this report titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our financial statements and related notes. If any of the events described in the following risk factors and the risks described elsewhere in this report occurs, our business, operating results and financial condition could be seriously harmed. This Annual Report on Form 10-K also contains forward-looking statements that involve risks and uncertainties. Our actual results could differ materially from those anticipated in the forward-looking statements as a result of factors that are described below and elsewhere in this report.

Risks Related to Our Business and Industry
We operate in a highly competitive industry, and if we are not able to compete effectively, our business and results of operations will be harmed.

The market for healthcare solutions is intensely competitive. We compete across various segments within the healthcare market, including with respect to data analytics and technology platforms, healthcare consulting, care management and coordination, population health management, and health information exchange. Competition in our market involves rapidly changing technologies, evolving regulatory requirements and industry expectations, frequent new product introductions, and changes in client requirements. If we are unable to keep pace with the evolving needs of our clients and continue to develop and introduce new applications and services in a timely and efficient manner, demand for our Solution may be reduced and our business and results of operations will be adversely affected.
We face competition from industry-agnostic analytics companies, EHR companies, such as Epic Systems and Cerner, point solution vendors, and healthcare organizations that perform their own analytics. These competitors include large, well-financed, and technologically sophisticated entities. Some of our current large competitors, such as Optum Analytics and IBM, have greater name recognition, longer operating histories, significantly greater resources than we do, and/or more established distribution networks and relationships with healthcare providers. As a result, our current and potential competitors may be able to respond more quickly and effectively than we can to new or changing opportunities, technologies, standards, or client requirements. In addition, current and potential competitors have established, and may in the future establish, cooperative relationships with vendors of complementary products or services to increase the availability of their products or services to the marketplace. Current or future competitors may consolidate to improve the breadth of their products, directly competing with our Solution. Accordingly, new competitors may emerge that have greater market share, larger client bases, greater breadth and volume of data, more widely adopted proprietary technologies, broader offerings, greater marketing expertise, greater financial resources, and larger sales forces than we have, which could put us at a competitive disadvantage.
Further, in light of these advantages, even if our Solution is more effective than the product or service offerings of our competitors, current or potential clients might select competitive products and services in lieu of purchasing our Solution. We face competition from niche vendors, who offer stand-alone products and services, and from existing enterprise vendors, including those currently focused on software products, which have information systems in place with clients in our target markets. These existing enterprise vendors may now, or in the future, offer or promise products or services with less functionality than our Solution, but offer ease of integration with existing systems and that leverage existing vendor relationships. Increased competition is likely to result in pricing pressures, which could negatively impact our sales, profitability, or market share.
Our patient engagement, population health, and care coordination services face competition from a wide variety of market participants. For example, certain health systems have developed their own population health and care coordination systems. If we fail to distinguish our offerings from the other options available to healthcare providers, the demand for and market share of those offerings may decrease.

Changes in the healthcare industry could affect the demand for our Solution, cause our existing contracts to be terminated, and negatively impact the process of negotiating future contracts.

As the healthcare industry evolves, changes in our client and vendor bases may reduce the demand for our Solution, result in the termination of existing contracts or certain services provided under existing contracts, and make it more difficult to negotiate new contracts on terms that are acceptable to us. For example, the increasing market share of EHR companies in data analytic services at hospital systems may cause our existing clients to terminate contracts with us in order to engage EHR companies to provide these services. Similarly, client and vendor consolidation results in fewer, larger entities with increased bargaining power and the ability to demand terms that are unfavorable to us. If these trends continue, we cannot assure you that we will be able to continue to maintain or expand our client base, negotiate contracts with acceptable terms, or maintain our current pricing structure, and our revenue may decrease.
24

General reductions in expenditures by healthcare organizations, or reductions in such expenditures within market segments that we serve, could have similar impacts with regard to our Solution. Such reductions may result from, among other things, reduced governmental funding for healthcare; a decrease in the number of, or the market exclusivity available to, new drugs coming to market; or adverse changes in business or economic conditions affecting healthcare payors or providers, the pharmaceutical industry, or other healthcare companies that purchase our services (e.g., changes in the design of health plans). In addition, changes in government regulation of the healthcare industry could potentially negatively impact our existing and future contracts. Any of these changes could reduce the purchase of our Solution by such clients, reducing our revenue and possibly requiring us to materially revise our offerings. In addition, our clients’ expectations regarding pending or potential industry developments may also affect their budgeting processes and spending plans with respect to our Solution.

Macroeconomic challenges (including high inflationary and/or high interest rate environments, or market volatility caused by bank failures and measures taken in response thereto) and any new public health crisis could harm our business, results of operations, and financial condition.

Recent macroeconomic challenges (including the high inflationary and/or high interest rate environments), and the tight labor market continue to adversely affect workforces, organizations, governments, clients, economies, and financial markets globally and have disrupted the normal operations of many businesses, including our business. These factors have and could further decrease healthcare industry spending, adversely affect demand for our Solution, cause one or more of our clients to file for bankruptcy protection or go out of business, cause one or more of our clients to fail to renew, terminate, or renegotiate their contracts, impact expected spending from new clients, negatively impact collections of accounts receivable, and harm our business, results of operations, and financial condition.

Further, the sales cycle for a new DOS Subscription Client, which we estimate to typically be approximately one year, could lengthen, as we started to experience in 2022, resulting in a potentially longer delay between increasing operating expenses and the generation of corresponding revenue, if any. We cannot predict with any certainty whether and to what degree the disruption caused by any new public health crisis, the high inflationary environment, rising interest rates, market volatility caused by bank failures and measures taken in response thereto, and reactions to any of the foregoing will continue and expect to face difficulty accurately predicting our internal financial forecasts. Further, it is not possible for us to predict the duration or magnitude of the adverse results of public health crises, and macroeconomic challenges (including the high inflationary and/or high interest rate environments), and their effects on our business, results of operations, or financial condition at this time. Further, market volatility as a result of future failures of financial institutions, similar to the failures of Silicon Valley Bank and Signature Bank, could lead to market-wide liquidity shortages, impair the ability of companies to access near-term working capital needs and create additional market and economic uncertainty. In the event of a failure of any of the financial institutions where we maintain our cash and cash equivalents, there can be no assurance that we would be able to access uninsured funds in a timely manner or at all. Any inability to access or delay in accessing these funds could adversely affect our business and financial position.

We may be unable to successfully execute on our growth initiatives, business strategies, or operating plans, as well as cost reduction and restructuring initiatives.

We are continually executing a number of growth initiatives, strategies, and operating plans designed to enhance our business, as well as some cost reduction and restructuring initiatives. We may not be able to successfully complete these growth initiatives, strategies, operating plans, and cost reduction and restructuring initiatives, and realize all of the benefits, including growth targets and cost savings, that we expect to achieve or it may be more costly to do so than we anticipate. A variety of factors could cause us not to realize some or all of the expected benefits. These factors include, among others, delays in the anticipated timing of activities related to such growth initiatives, strategies, operating plans, and cost reduction and restructuring initiatives, increased difficulty and cost in implementing these efforts, including difficulties in complying with new regulatory requirements and the incurrence of other unexpected costs associated with operating the business.

For example, on October 31, 2023, our board of directors authorized a reduction of our global workforce as part of a restructuring plan intended to optimize our cost structure and focus our investment of resources in key priority areas to align with strategic changes (2023 Restructuring Plan). The 2023 Restructuring Plan reduced our global workforce by approximately 10% during the fourth quarter of 2023, along with further reductions in our global workforce that occurred or are anticipated in the first quarter of 2024. We may incur additional expenses not currently contemplated due to events associated with the 2023 Restructuring, such as costs in connection with attrition beyond our intended reduction in force, the loss of institutional knowledge and expertise, other unforeseen difficulties, delays, or other impacts on other areas of our liabilities and obligations, in each case which could result in losses in future periods or which could otherwise prevent us from realizing, in full or in part, the anticipated benefits and savings from the 2023 Restructuring Plan.



25

Our continued implementation of the 2023 Restructuring Plan or any other programs may disrupt our operations and performance. As a result, we cannot assure you that we will realize these benefits. If, for any reason, the benefits we realize are less than our estimates or the implementation of these growth initiatives, strategies, operating plans, and cost reduction and restructuring initiatives adversely affect our operations or cost more or take longer to effectuate than we expect, or if our assumptions prove inaccurate, our business, financial condition, and results of operations may be materially adversely affected.

If we fail to provide effective professional services and high-quality client support, our business and reputation would suffer.
Our professional services and high-quality, ongoing client support are important to the successful marketing and sale of our products and services and for the renewal of existing client agreements. Providing these services and support requires that our professional services and support personnel have healthcare, technical, and other knowledge and expertise, making it difficult for us to hire qualified personnel and scale our professional services and support operations. The demand on our client support organization will increase as we expand our business and pursue new clients, and such increased support could require us to devote significant development services and support personnel, which could strain our team and infrastructure and reduce our profit margins.

If we do not help our clients quickly resolve any post-implementation issues and provide effective ongoing client support, our ability to sell additional products and services to existing and future clients could suffer and our reputation would be harmed.

Our sales cycles can be long and unpredictable, and our sales efforts require a considerable investment of time and expense. If our sales cycle lengthens or we invest substantial resources pursuing unsuccessful sales opportunities, our results of operations and growth would be harmed.

Our sales process entails planning discussions with prospective clients, analyzing their existing solutions, and identifying how these potential clients can use and benefit from our Solution. The sales cycle for a new DOS Subscription Client, from the time of prospect qualification to the completion of the first sale, we estimate to typically be approximately one year and in some cases has exceeded two years. We spend substantial time, effort, and money in our sales efforts without any assurance that our efforts will result in the sale of our Solution.

In addition, our sales cycle and timing of sales can vary substantially from client to client because of various factors, including the discretionary nature of potential clients’ purchasing and budget decisions, the announcement or planned introduction of new analytics applications or services by us or our competitors, and the purchasing approval processes of potential clients. Further, the sales cycle of certain Solutions with a more limited operating history, such as TEMS, can be more difficult to predict and, at times, longer than our typical sales cycle. If our sales cycle lengthens, as we started to experience in 2022, or we invest substantial resources pursuing unsuccessful sales opportunities, our results of operations and growth would be harmed.

Our Solution may not operate properly, which could damage our reputation, give rise to claims against us, or divert application of our resources from other purposes, any of which could harm our business and results of operations.

Proprietary software development is time-consuming, expensive, and complex. Unforeseen difficulties can arise. We may encounter technical obstacles, and it is possible that we will discover additional problems that prevent our applications from operating properly. If our systems do not function reliably or fail to meet user or client expectations in terms of performance, clients could assert liability claims against us or attempt to cancel their contracts with us, and users of our software could choose to cease their use of our Solution. This could damage our reputation and impair our ability to attract or retain clients.

Information services as complex as those we offer have, in the past, contained, and may in the future develop or contain, undetected defects, vulnerabilities, or errors. We cannot be assured that material performance problems or defects in our software or software provided by our vendors will not arise in the future. Errors may result from sources beyond our control, including the receipt, entry, or interpretation of patient information; the interface of our software with legacy systems or vendor systems that we did not develop; or errors in data provided by third parties. Despite testing, defects or errors may arise in our existing or new software or service processes following introduction to the market.

Clients rely on our Solution to collect, manage, and report clinical, financial, and operational data, and to provide timely and accurate information regarding medical treatment and care delivery patterns. They may have a greater sensitivity to service errors and security vulnerabilities than clients of software products in general. Clinicians may also refer to our predictive models for care delivery prioritization, and to inform treatment protocols. Limitations of liability and disclaimers that purport to limit our liability for damages related to defects in our software or content which we may include in our subscription and services agreements may not be enforced by a court or other tribunal or otherwise effectively protect us from related claims.
26

In most cases, we maintain liability insurance coverage, including coverage for errors and omissions. However, it is possible that claims could exceed the amount of our applicable insurance coverage or that this coverage may not continue to be available on acceptable terms or in sufficient amounts.

In light of this, defects, vulnerabilities, and errors and any failure by us to identify and address them could result in loss of revenue or market share; liability to clients, clinicians, their patients, or others; failure to achieve market acceptance or expansion; diversion of development and management resources; delays in the introduction of new services; injury to our reputation; and increased service and maintenance costs.

Defects, vulnerabilities, or errors in our software and service processes might discourage existing or potential clients from purchasing services from us. Correction of defects, vulnerabilities, or errors could prove to be impossible or impractical. The costs incurred in correcting any defects, vulnerabilities, or errors or in responding to resulting claims or liability may be substantial and could adversely affect our results of operations.

If we are not able to maintain and enhance our reputation and brand recognition, our business and results of operations will be harmed.

We believe that maintaining and enhancing our reputation and brand recognition is critical to our relationships with existing clients and to our ability to attract new clients. The promotion of our brands may require us to make substantial investments and we anticipate that, as our market becomes increasingly competitive, these marketing initiatives may become increasingly difficult and expensive. Our marketing activities may not be successful or yield increased revenue, and to the extent that these activities yield increased revenue, the increased revenue may not offset the expenses we incur and our results of operations could be harmed.

In addition, any factor that diminishes our reputation or that of our management, including failing to meet the expectations of our clients, or any adverse publicity surrounding one of our investors or clients, could make it substantially more difficult for us to attract new clients. If we do not successfully maintain and enhance our reputation and brand recognition, our business may not grow and we could lose our relationships with clients, which would harm our business, results of operations, and financial condition.

If we do not continue to innovate and provide services that are useful to clients and users, we may not remain competitive, and our revenue and results of operations could suffer.

The market for healthcare in the United States is in the early stages of structural change and is rapidly evolving, including towards a more value-based care model. Our success depends on our ability to keep pace with technological developments, satisfy increasingly sophisticated client and user requirements, and sustain market acceptance. Our future financial performance will depend in part on growth in this market and on our ability to adapt to emerging demands of this market, including adapting to the ways our clients or users access and use our Solution. Although we have built several new software analytics applications in the last few years, we may not be able to sustain this rate of innovation and/or the new software analytics applications may not meet the evolving needs of our clients. Our competitors are constantly developing products and services that may become more efficient or appealing to our clients or users. As a result, we must continue to invest significant resources in research and development in order to enhance our existing services and applications, and introduce new high-quality services and applications that clients will want, while offering our Solution at competitive prices. If we are unable to predict user preferences or industry changes, or if we are unable to maintain and improve our Solution on a timely or cost-effective basis, we may lose clients and users. Our results of operations would also suffer if our innovations are not responsive to the needs of our clients, are not appropriately timed with market opportunity, or are not effectively brought to market, including as the result of delayed releases or releases that are ineffective or have errors or defects. As technology continues to develop, our competitors may be able to offer results that are, or that are perceived to be, substantially similar to, or better than, those generated by our Solution. This may force us to compete on additional service attributes and to expend significant resources in order to remain competitive.

Our business could be adversely affected if our clients are not satisfied with our Solution.

We depend on client satisfaction to succeed with respect to our Solution. Our sales organization is dependent on the quality of our offerings, our business reputation, and the strong recommendations from existing clients. If our Solution does not function reliably or fails to meet client expectations in terms of performance and availability, clients could assert claims against us, terminate their contracts with us or publish negative feedback. This could damage our reputation and impair our ability to attract or retain clients. Furthermore, we provide professional services to clients to support their use of our Solution and to achieve measurable clinical, financial, and operational improvements.
27


Any failure to maintain high-quality professional services, or a market perception that we do not maintain high-quality professional services, could harm our reputation, adversely affect our ability to sell our Solution to existing and prospective clients, and harm our business, results of operations, and financial condition.

If our existing clients do not continue or renew their contracts with us, renew at lower fee levels, or decline to purchase additional technology and services from us, it could have a material adverse effect on our business, financial condition, and results of operations.

We expect to derive a significant portion of our revenue from the renewal of existing client contracts and sales of additional technology and services to existing clients. As part of our growth strategy, for instance, we have recently focused on expanding our Solution among current clients, including Solutions with a more limited operating history such as TEMS. As a result, selling additional technology and services is critical to our future business, revenue growth, and results of operations. Factors that may affect our ability to sell additional technology and services include, but are not limited to, the following:

the price, performance, and functionality of our Solution;
the availability, price, performance, and functionality of competing solutions;
our ability to develop and sell complementary technology and services;
the stability, performance, and security of our hosting infrastructure and hosting services;
our ability to continuously deliver measurable improvements;
health systems’ demand for professional services to augment their internal data analytics function;
changes in healthcare laws, regulations, or trends;
the business environment of our clients and, in particular, our clients’ financial performance and headcount reductions by our clients; and
the impact of macroeconomic challenges, including the impact of the high inflationary and/or high interest rate environments, market volatility caused by bank failures and measures taken in response thereto, and the impact of any natural disasters or public health emergencies, such as the COVID-19 pandemic, upon our clients.
We generally enter into subscription contracts with our clients for access to our Solution. Many of these contracts have initial terms of one to three years. Most of our clients have no obligation to renew their subscriptions for our Solution after the initial term expires. Although we have long-term contracts with many clients, these contracts may be terminated by the client (generally, subject to providing us with prior notice) before their term expires for convenience or for certain specified reasons, including changes in the regulatory landscape, loss of certain third-party licenses, or breach of our contractual obligations, including poor performance by us in areas that include repeated failures by us to provide specified levels of service over certain performance periods. We expect that future contracts will contain similar provisions. If any of our contracts with our clients are terminated, we may not be able to recover all fees due under the terminated contract and we will lose future revenue from that client, which may adversely affect our results of operations.

In addition, our clients may negotiate terms less advantageous to us upon renewal, which may reduce our revenue from these clients. Our future results of operations also depend, in part, on our ability to upgrade and enhance our Solution. If our clients fail to renew their contracts, renew their contracts upon less favorable terms, or at lower fee levels or fail to purchase new technology and services from us, our revenue may decline or our future revenue growth may be constrained.

Our results of operations have in the past fluctuated and may continue to fluctuate significantly, and if we fail to meet the expectations of securities analysts or investors, our stock price and the value of an investment in our common stock could decline substantially.

Our results of operations are likely to fluctuate, and if we fail to meet or exceed the expectations of securities analysts or investors, the trading price of our common stock could decline. Moreover, our stock price may be based on expectations of our future performance that may be unrealistic or that may not be met.
28

Some of the factors that could cause our financial performance and results of operations to fluctuate from quarter to quarter include:

the extent to which our Solution achieves or maintains market acceptance;
our ability to introduce new applications, updates, and enhancements to our existing applications on a timely basis;
new competitors and the introduction of enhanced products and services from new or existing competitors;
the length of our contracting and implementation cycles and our fulfillment periods for our Solution;
the mix of revenue generated from professional services as compared to technology subscriptions;
clients reducing or eliminating their spend with us in response to macroeconomic factors or otherwise;
the financial condition of our current and future clients;
changes in client budgets and procurement policies;
changes in regulations or marketing strategies;
the impact of macroeconomic challenges, including the high inflationary and/or high interest rate environments, market volatility caused by bank failures and measures taken in response thereto, and public health crises, such as the COVID-19 pandemic, on our clients, partners, and business;
the amount and timing of our investment in research and development activities;
the amount and timing of our investment in sales and marketing activities;
technical difficulties or interruptions to our Solution, including related to updates to our technology or technology migrations;
our ability to hire and retain qualified personnel;
changes in the regulatory environment related to healthcare;
regulatory compliance costs;
the timing, size, and integration success of potential future acquisitions;
unforeseen legal expenses, including litigation and settlement costs; and
buying patterns of our clients and the related seasonality impacts on our business.
Many of these factors are not within our control, and the occurrence of one or more of them might cause our results of operations to vary widely.

For example, we have experienced, and expect that we will continue to experience, seasonality in the number of new clients that subscribe to our Solution; specifically, new clients (DOS Subscription Clients in particular) tend to subscribe to our Solution at higher rates in the second and fourth quarters of the year. Seasonality in our business may cause period-to-period fluctuations in certain of our operating results and financial metrics, and thus limit our ability to predict our future results. As such, we believe that quarter-to-quarter comparisons of our revenue and results of operations may not be meaningful and should not be relied upon as an indication of future performance.





29

A significant portion of our operating expense is relatively fixed in nature in the short term, and planned expenditures are based in part on expectations regarding future revenue and profitability. Accordingly, unexpected revenue shortfalls, lower-than-expected revenue increases as a result of planned expenditures, and longer-than-expected impact on profitability and margins as a result of planned expenditures may decrease our gross margins and profitability and could cause significant changes in our results of operations from quarter to quarter. In addition, our future quarterly results of operations may fluctuate and may not meet the expectations of securities analysts or investors. If this occurs, the trading price of our common stock could fall substantially, either suddenly or over time.

Our pricing may change over time and our ability to efficiently price our Solution will affect our results of operations and our ability to attract or retain clients.

In the past, we have adjusted our prices as a result of offering new applications and services and client demand. For example, in the fourth quarter of 2018, we began to introduce new pricing for our Solution to new clients and, in 2015, we introduced our subscription model, in each case, the full effect of which we expected would be realized in future years. While we determine our prices based on prior experience, feedback from clients, and other factors and information, our assessments may not be accurate and we could be underpricing or overpricing our Solution, which may require us to continue to adjust our pricing model. Furthermore, as our applications and services change, then we may need to, or choose to, revise our pricing as our prior experience in those areas will be limited. Such changes to our pricing model or our inability to efficiently price our Solution could harm our business, results of operations, and financial condition and impact our ability to predict our future performance.

If our Solution fails to provide accurate and timely information, or if our content or any other element of our Solution is associated with faulty clinical decisions or treatment, we could have liability to clients, clinicians, patients, or others, which could adversely affect our results of operations.

Our Solution may be used by clients to support clinical decision-making by providers and interpret information about patient medical histories, treatment plans, medical conditions, and the use of particular medications. If our Solution is associated with faulty clinical decisions or treatment, then clients or their patients could assert claims against us that could result in substantial costs to us, harm our reputation in the industry, and cause demand for our Solution to decline.

In addition, our analytics services may be used by our clients to inform clinical decision-making, provide access to patient medical histories, and assist in creating patient treatment plans. Therefore, if data analyses are presented incorrectly in our Solution or they are incomplete, or if we make mistakes in the capture or input of these data, adverse consequences, including death, may occur and give rise to product liability, medical malpractice liability, and other claims against us by clients, clinicians, patients, or others. We often have little control over data accuracy, yet a court or government agency may take the position that our storage and display of health information exposes us to personal injury liability or other liability for wrongful delivery or handling of healthcare services or erroneous health information.

Our clinical guidelines, algorithms, and protocols may be viewed as providing healthcare professionals with guidance on care management, care coordination, or treatment decisions. If our content, or content we obtain from third parties, contains inaccuracies, or we introduce inaccuracies in the process of implementing third-party content, it is possible that patients, clinicians, consumers, the providers of the third-party content, or others may sue us if they are harmed as a result of such inaccuracies. We cannot assure you that our software development, editorial, and other quality control procedures will be sufficient to ensure that there are no errors or omissions in any particular content or our software or algorithms.

The assertion of such claims and ensuing litigation, regardless of its outcome, could result in substantial cost to us, divert management’s attention from operations, damage our reputation, and decrease market acceptance of our Solution. We attempt to limit by contract our liability for damages, have our clients assume responsibility for clinical treatment, diagnoses, medical oversight, and dosing decisions, and require that our clients assume responsibility for medical care and approve key algorithms, clinical guidelines, clinical protocols, content, and data. Despite these precautions, the allocations of responsibility and limitations of liability set forth in our contracts may not be enforceable, be binding upon patients, or otherwise protect us from liability for damages. Furthermore, general liability and errors and omissions insurance coverage and medical malpractice liability coverage may not continue to be available on acceptable terms or may not be available in sufficient amounts to cover one or more large claims against us. In addition, the insurer might disclaim coverage as to any future claim. One or more large claims could exceed our available insurance coverage. If any of these events occur, they could materially adversely affect our business, financial condition, or results of operations.



30

Although we carry insurance covering medical malpractice claims in amounts that we believe are appropriate in light of the risks attendant to our business, successful medical liability claims could result in substantial damage awards that exceed the limits of our insurance coverage. In addition, professional liability insurance is expensive and insurance premiums may increase significantly in the future, particularly as we expand our Solution. As a result, adequate professional liability insurance may not be available to our providers or to us in the future at acceptable costs or at all.

Any claims made against us that are not fully covered by insurance could be costly to defend against, result in substantial damage awards against us, and divert the attention of our management and our providers from our operations, which could have a material adverse effect on our business, financial condition, and results of operations. In addition, any claims may adversely affect our business or reputation.

Future litigation against us could be costly and time-consuming to defend and could result in additional liabilities.

We may from time to time be subject to legal proceedings and claims that arise in the ordinary course of business, such as claims brought by our clients or vendors in connection with commercial disputes, litigation related to intellectual property, and employment claims made by our current or former employees. Claims may also be asserted by or on behalf of a variety of other parties, including government agencies, patients or vendors of our clients, or stockholders. Any litigation involving us may result in substantial costs, operationally restrict our business, and may divert management’s attention and resources, which may seriously harm our business, overall financial condition, and results of operations.

Insurance may not cover existing or future claims, be sufficient to fully compensate us for one or more of such claims, or continue to be available on terms acceptable to us. A claim brought against us that is uninsured or underinsured could result in unanticipated costs, thereby reducing our results of operations and resulting in a reduction in the trading price of our stock.

We derive a significant portion of our revenue from our largest clients. The loss, termination, or renegotiation of any contract could negatively impact our results.

Historically, we have relied on a limited number of clients for a significant portion of our total revenue and accounts receivable. Our three largest clients during 2023 comprised 5.5%, 3.6%, and 3.5% of our revenue, or 12.6% in the aggregate. Our three largest clients during 2022 comprised 4.1%, 3.7%, and 3.4% of our revenue, or 11.2% in the aggregate. The sudden loss of any of our largest clients or the renegotiation of any of our largest client contracts could adversely affect our results of operations. In the ordinary course of business, we engage in active discussions and renegotiations with our clients in respect of our Solution and the terms of our client agreements, including our fees.

As our clients’ businesses respond to market dynamics and financial pressures, and as our clients make strategic business decisions in respect of the lines of business they pursue and programs in which they participate, we expect that certain of our clients will, from time to time, seek to restructure their agreements with us. In the ordinary course, we renegotiate the terms of our agreements with our clients in connection with renewals or extensions of these agreements. These discussions and future discussions could result in reductions to the fees and changes to the scope of services contemplated by our original client contracts and consequently could negatively impact our revenue, business, and prospects.

Because we rely on a limited number of clients for a significant portion of our revenue, we depend on the creditworthiness of these clients. Our clients are subject to a number of risks including reductions in payment rates from governmental payors, higher than expected healthcare costs, and lack of predictability of financial results when entering new lines of business. If the financial condition of our clients declines, our credit risk could increase. Should one or more of our significant clients declare bankruptcy, be declared insolvent, or otherwise be restricted by state or federal laws or regulation from continuing in some or all of their operations, this could adversely affect our ongoing revenue, the collectability of our accounts receivable, our bad debt reserves and net income.

Because we generally recognize technology and professional services revenue ratably over the term of the contract for our services, a significant downturn in our business may not be reflected immediately in our results of operations, which increases the difficulty of evaluating our future financial performance.

We generally recognize technology and professional services revenue ratably over the term of a contract. As a result, a substantial portion of our revenue is generated from contracts entered into during prior periods. Consequently, a decline in new contracts in any quarter may not affect our results of operations in that quarter but could reduce our revenue in future quarters. Additionally, the timing of renewals or non-renewals of a contract during any quarter may only affect our financial performance in future quarters. For example, the non-renewal of a subscription agreement late in a quarter will have minimal impact on revenue for that quarter but will reduce our revenue in future quarters.
31

Accordingly, the effect of significant declines in sales may not be reflected in our short-term results of operations, which would make these reported results less indicative of our future financial results. By contrast, a non-renewal occurring early in a quarter may have a significant negative impact on revenue for that quarter and we may not be able to offset a decline in revenue due to non-renewal with revenue from new contracts entered into in the same quarter. In addition, we may be unable to quickly adjust our costs in response to reduced revenue.

If we are unable to implement and maintain effective internal controls over financial reporting, investors may lose confidence in the accuracy and completeness of our financial reports and the market price of our common stock could be adversely affected.

As a public company, we are required to maintain internal controls over financial reporting and to report any material weaknesses in such internal controls. Section 404 of the Sarbanes-Oxley Act requires that we evaluate and determine the effectiveness of our internal controls over financial reporting. We are also required to provide an annual management report on the effectiveness of our internal control over financial reporting. Many of the internal controls we have implemented pursuant to the Sarbanes-Oxley Act are process controls with respect to which a material weakness may be found whether or not any error has been identified in our reported financial statements. This may be confusing to investors and result in damage to our reputation, which may harm our business.

Additionally, the proper design and assessment of internal controls over financial reporting are subject to varying interpretations, and, as a result, application in practice may evolve over time as new guidance is provided by regulatory and governing bodies and as common practices evolve. This could result in continuing uncertainty regarding the proper design and assessment of internal controls over financial reporting and higher costs necessitated by ongoing revisions to internal controls. We must continue to monitor and assess our internal control over financial reporting. If in the future we have any material weaknesses, we may not detect errors on a timely basis and our financial statements may be materially misstated. Additionally, if we are unable to comply with the requirements of Section 404 of the Sarbanes-Oxley Act, are unable to assert that our internal controls over financial reporting are effective, identify material weaknesses in our internal controls over financial reporting, or if our independent registered public accounting firm is unable to express an opinion as to the effectiveness of our internal controls over financial reporting, investors may lose confidence in the accuracy and completeness of our financial reports, and the market price of our common stock could be adversely affected, and we could become subject to investigations by the stock exchange on which our securities are listed, the SEC, or other regulatory authorities, which could require additional financial and management resources.

We may acquire other companies or technologies, which could divert our management’s attention, result in dilution to our stockholders, and otherwise disrupt our operations and we may have difficulty integrating any such acquisitions successfully or realizing the anticipated benefits therefrom, any of which could have an adverse effect on our business, financial condition, and results of operations.

We may seek to acquire or invest in businesses, applications, services, or technologies that we believe could complement or expand our Solution, enhance our technical capabilities, or otherwise offer growth opportunities. The pursuit of potential acquisitions may divert the attention of management and cause us to incur various expenses in identifying, investigating, and pursuing suitable acquisitions, whether or not they are consummated. We have in the past and may in the future have difficulty integrating acquired businesses. During 2020 we acquired Able Health, Healthfinch, and Vitalware, during 2021 we acquired Twistle, during 2022 we acquired ARMUS and KPI Ninja, and during 2023 we acquired ERS. We may have difficulty cross-selling our Solution to acquired clients, and we may have difficulty integrating, or incur integration-related costs associated with, newly acquired team members.

We have limited experience in acquiring other businesses. If we acquire additional businesses, we may not be able to integrate the acquired personnel, operations, and technologies successfully, or effectively manage the combined business following the acquisition. We also may not achieve the anticipated benefits from the acquired business due to a number of factors, including, but not limited to:

inability to integrate or benefit from acquired technologies or services in a profitable manner;
unanticipated costs or liabilities associated with the acquisition;
difficulty integrating the accounting systems, operations, and personnel of the acquired business;
difficulties and additional expenses associated with supporting legacy products and hosting infrastructure of the acquired business;
32

difficulty converting the clients of the acquired business onto our DOS platform and contract terms, including disparities in the revenue, licensing, support, or professional services model of the acquired business;
diversion of management’s attention from other business concerns;
adverse effects on our existing business relationships with business partners and clients as a result of the acquisition;
the potential loss of key employees;
use of resources that are needed in other parts of our business; and
use of substantial portions of our available cash to consummate the acquisition.
In addition, a significant portion of the purchase price of companies we acquire may be allocated to acquired goodwill and other intangible assets, which must be assessed for impairment at least annually. If our acquisitions do not yield expected returns or fair value estimates deteriorate, we may be required to take charges to our results of operations based on this impairment assessment process, which could adversely affect our results of operations. Acquisitions could also result in dilutive issuances of equity securities or the incurrence of debt, which could adversely affect our results of operations. In addition, if an acquired business fails to meet our expectations, our business, financial condition, and results of operations may suffer.

Also, the anticipated benefit of any acquisition may not materialize or may be prohibited by contractual obligations we may enter into in the future with lenders or other third parties. Additionally, future acquisitions or dispositions could result in potentially dilutive issuances of our equity securities, the incurrence of debt, contingent liabilities, or amortization expenses or write-offs of goodwill, any of which could harm our financial condition. We cannot predict the number, timing, or size of future acquisitions, or the effect that any such transactions might have on our results of operations.

Because competition for our target employees is intense, we may not be able to attract and retain the highly skilled employees we need to support our continued growth.

To continue to execute on our growth and operating plan, we must attract and retain highly qualified personnel, and we may modify our compensation program and practices for our team members. Competition for such personnel is intense, especially for senior sales executives and software engineers with high levels of experience in designing and developing applications and consulting and analytics services. We may not be successful in attracting and retaining qualified personnel, including due to changes to our compensation program or practices. We have from time to time in the past experienced, and we expect to continue to experience in the future, difficulty in hiring and retaining highly skilled employees with appropriate qualifications. For example, the 2023 Restructuring Plan and other restructurings may result in attrition beyond our intended reduction in force or may adversely impact our ability to recruit and hire qualified personnel in the future. In addition, our search for replacements for departed employees may cause uncertainty regarding the future of our business, impact employee hiring and retention, and adversely impact our revenue, results of operations, and financial condition. Many of the companies with which we compete for experienced personnel have greater resources than we have. In addition, in making employment decisions, particularly in the Internet and high-technology industries, job candidates often consider the value of the equity awards they may receive in connection with their employment. Volatility in the price of our stock or failure to obtain stockholder approval for increases in the number of shares available for grant under our equity plans may, therefore, adversely affect our ability to attract or retain key employees. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business and future growth prospects could be severely harmed.

We depend on our senior management team, and the loss of one or more of our executive officers or key employees or an inability to attract and retain highly skilled employees could adversely affect our business.

Our success depends largely upon the continued services of our key executive officers and recruitment of additional highly skilled employees. From time to time, there may be changes in our senior management team resulting from the hiring or departure of executives, which could disrupt our business. Several of our senior leaders are active members of the Church of Jesus Christ of Latter-Day Saints. There is a risk that in the future, one or more of these individuals could receive a call to serve in a full-time capacity for the church, which has already occurred, including with our former Chief Operating Officer, Paul Horstmeier, stepping down from his role effective March 31, 2023. Hiring executives with needed skills or the replacement of one or more of our executive officers or other key employees would likely involve significant time and costs and may significantly delay or prevent the achievement of our business objectives. In addition, competition for qualified management in our industry is intense. Many of the companies with which we compete for management personnel have greater financial and other resources than we do. We have not entered into term-based employment agreements with our executive officers.

33

All of our employees are “at-will” employees, and their employment can be terminated by us or them at any time, for any reason. The departure of key personnel could adversely affect the conduct of our business. In such event, we would be required to hire other personnel to manage and operate our business, and there can be no assurance that we would be able to employ a suitable replacement for the departing individual, or that a replacement could be hired on terms that are favorable to us. In addition, volatility or lack of performance in our stock price may affect our ability to attract replacements should key personnel depart. If we are not able to retain any of our key management personnel, our business could be harmed.

Our corporate culture has contributed to our success, and if we cannot maintain this culture as we grow, we could lose the innovation, creativity, and teamwork fostered by our culture, which could harm our business.

We believe that our corporate culture has been an important contributor to our success, which we believe fosters innovation, teamwork, and passion for providing high levels of client satisfaction. As we continue to grow, we must effectively integrate, develop, and motivate a growing number of new employees. As a result, we may find it difficult to maintain our corporate culture, which could limit our ability to innovate and operate effectively. Any failure to preserve our culture could also negatively affect our ability to retain and recruit personnel, maintain our performance, or execute on our business strategy.

If we fail to effectively manage our growth and organizational change, our business and results of operations could be harmed.

We have experienced, and may continue to experience, rapid growth and organizational change, which has placed, and may continue to place, significant demands on our management, operational, and financial resources. In addition, if we fail to successfully integrate new team members or fail to effectively manage organizational changes, it could harm our culture, business, financial condition and results of operations. For example, the expense reduction measures taken in connection with the 2023 Restructuring Plan may result in unintended consequences and costs, including costs associated with attrition beyond our intended reduction in force, a decrease in morale among team members following the completion of the 2023 Restructuring Plan, adverse impacts in our ability to recruit and hire qualified personnel in the future, and the loss of institutional knowledge and expertise, which could result in losses in future periods or otherwise prevent us from realizing, in full or in part, the anticipated benefits and savings from the 2023 Restructuring Plan. In addition, we must continue to maintain, and may need to enhance, our information technology infrastructure and financial and accounting systems and controls, as well as manage expanded operations in geographically distributed locations, which may include offshore and near shore, which will place additional demands on our resources and operations. We also must attract, train, and retain a significant number of qualified sales and marketing personnel, professional services personnel, software engineers, technical personnel, service offering personnel, and management personnel. At times, this will require us to invest in and commit significant financial, operational, and management resources to grow and change in these areas without undermining the corporate culture that has been critical to our growth so far. If we do not achieve the benefits anticipated from these investments or organizational changes, or if the realization of these benefits is delayed, our results of operations may be adversely affected. If we fail to provide effective client training on our Solution and high-quality client support, our business and reputation could suffer.

Failure to effectively manage our growth or organizational changes could lead us to over-invest or under-invest in technology and operations; result in weaknesses in our infrastructure, systems, or controls; give rise to operational mistakes, losses, or loss of productivity or business opportunities; reduce client or user satisfaction; limit our ability to respond to competitive pressures; and result in loss of team members and reduced productivity of remaining team members. Our growth or organizational changes could require significant capital expenditures and may divert financial resources and management attention from other projects, such as the development of new or enhanced services or the acquisition of suitable businesses or technologies. If our management is unable to effectively manage our growth or organizational changes, our expenses may increase more than expected, cost savings may not be realized, our revenue could decline or may grow more slowly than expected, and we may be unable to implement our business strategy, and may adversely affect our business, financial condition and results of operations.

We may not grow at the rates we historically have achieved or at all, even if our key metrics may indicate growth.

We have experienced periods of significant growth, including in the last five years. At times, our growth has moderated. Future revenue may not grow at the same rates experienced during times of significant growth or may decline. Further, larger revenue opportunities that include portions of our Solution with less operating history could cause our growth to become less predictable and/or choppier relative to prior periods. Our future growth will depend, in part, on our ability to grow our revenue from existing clients, to complete sales to potential future clients, to expand our client and member bases, to prevent churn of existing clients, and to develop new solutions. Our future growth may also be driven by expansion into adjacent markets and/or international expansion. We can provide no assurances that we will be successful in executing on these growth strategies or that we will continue to grow our revenue or to generate net income. Our historical results may not be indicative of future performance.


34

Our ability to execute on our existing sales pipeline, create additional sales pipelines, and expand our client base depends on, among other things, the attractiveness of our Solution relative to those offered by our competitors, our ability to demonstrate the value of our existing and future services, and our ability to attract and retain a sufficient number of qualified sales and marketing leadership and support personnel. In addition, our existing clients may be slower to adopt our Solution than we currently anticipate, which could adversely affect our results of operations and growth prospects.

Our estimates of market opportunity and forecasts of market growth may prove to be inaccurate, and even if the markets in which we compete achieve the forecasted growth, our business may not grow at similar rates, or at all.

Our market opportunity estimates and growth forecasts are subject to significant uncertainty and are based on assumptions and estimates which may not prove to be accurate. The estimates and forecasts relating to the size and expected growth of our target market may prove to be inaccurate. Even if the markets in which we compete meet the size estimates and growth forecasts, our business may not grow at similar rates, or at all. Our growth is subject to many factors, including our success in implementing our business strategy, which is subject to many risks and uncertainties.

Risks Related to Data and Intellectual Property

Failure by our clients to obtain proper permissions and waivers may result in claims against us or may limit or prevent our use of data, which could harm our business.

We require our clients to provide necessary notices and to obtain necessary permissions and waivers for use and disclosure of the information that we receive, and we require contractual assurances from them that they have done so and will do so. If they do not obtain necessary permissions and waivers, then our use and disclosure of information that we receive from them or on their behalf may be restricted or prohibited by state, federal, or international privacy or data protection laws, or other related privacy and data protection laws. This could impair our functions, processes, and databases that reflect, contain, or are based upon such data and may prevent the use of such data, including our ability to provide such data to third parties that are incorporated into our service offerings.

Furthermore, this may cause us to breach obligations to third parties to whom we may provide such data, such as third-party service or technology providers that are incorporated into our service offerings. In addition, this could interfere with or prevent data sourcing, data analyses, or limit other data-driven activities that benefit us. Moreover, we may be subject to claims, civil and/or criminal liability or government or state attorneys general investigations for use or disclosure of information by reason of lack of valid notice, permission, or waiver. These claims, liabilities or government or state attorneys general investigations could subject us to unexpected costs and adversely affect our financial condition and results of operations.

Our business and operations may suffer in the event of information technology system failures, cyberattacks, or deficiencies in our cybersecurity.

Our Solution involves the storage and transmission of our clients’ proprietary information, including personal or identifying information regarding patients and their protected health information (PHI). Despite the implementation of security measures, our information technology systems and those of our clients, contractors, consultants, and collaborators are vulnerable to attack, damage and interruption from cyberattacks, “phishing” attacks, computer viruses and malware (e.g., ransomware), natural disasters, terrorism, war, telecommunication and electrical failures, employee theft or misuse, human error, fraud, denial or degradation of service attacks, sophisticated nation-state and nation-state-supported actors or unauthorized access or use by persons inside our organization, or persons with access to systems inside our organization. Attacks upon information technology systems are increasing in their frequency, levels of persistence, sophistication, and intensity, and are being conducted by sophisticated and organized groups and individuals with a wide range of motives and expertise.

We may also face increased cybersecurity risks due to our reliance on internet technology and the number of our employees who are working remotely, which may create additional opportunities for cybercriminals to exploit vulnerabilities. Further, political and international uncertainty, competition and disputes, including the war involving Russia and Ukraine, could create tension that results in cyber-attacks or cybersecurity incidents that could either directly or indirectly impact our operations. Because the techniques used to obtain unauthorized access or sabotage systems change frequently and generally are not identified until they are launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures. We may also experience security breaches that may remain undetected for an extended period.

Moreover, the detection, prevention, and remediation of known or unknown security vulnerabilities, including those arising from third-party hardware or software, may result in additional direct or indirect costs and management time. Even if identified, we may be unable to adequately investigate or remediate incidents or breaches due to attackers increasingly using tools and techniques that are designed to circumvent controls, to avoid detection, and to remove or obfuscate forensic evidence.

35

As a result, unauthorized access or security breaches as a result of third-party action, employee error, malfeasance, or otherwise could result in the loss or inappropriate use of information, litigation, indemnity obligations, damage to our reputation, and other liability such as government or state Attorney General investigations.

We and certain of our service providers are from time to time subject to cyberattacks and security incidents. While we do not believe that we have experienced any significant system failure, accident, or security breach to date, if such an event were to occur and cause interruptions in our operations, it could adversely affect our ability to attract new clients, cause existing clients to elect to not renew their subscriptions, result in reputational damage, or subject us to third-party lawsuits, regulatory fines, mandatory disclosures, or other action or liability, which could adversely affect our results of operations.

Our general liability insurance may not be adequate to cover all potential claims to which we are exposed and may not be adequate to indemnify us for liability that may be imposed or the losses associated with such events, and in any case, such insurance may not cover all of the specific costs, expenses, and losses we could incur in responding to and remediating a security breach. A security breach of another significant provider of cloud-based solutions may also negatively impact the demand for our Solution.

Our Solution is dependent on our ability to source data from third parties, and such third parties could take steps to block our access to data, or increase fees or impose fees for such access, which could impair our ability to provide our Solution, limit the effectiveness of our Solution, or adversely affect our financial condition and results of operations.

Our data platform requires us to source data from multiple clinical, financial, and operational data sources, which sources are also typically third-party vendors of our clients. The functioning of our analytics applications and our ability to perform analytics services is predicated on our ability to establish interfaces that download the relevant data from these source systems on a repeated basis and in a reliable manner. We may encounter vendors that engage in information blocking practices that may inhibit our ability to access the relevant data on behalf of clients or impose new or additional costs. In 2020, the U.S. Department of Health and Human Services’ ONC and the Centers for Medicare and Medicaid Services promulgated final rules to support access, exchange, and use of electronic health information (EHI), referred to as the Final Rule. The Final Rule is intended to clarify provisions of the 21st Century Cures Act regarding interoperability and information blocking, and, subject to the interpretations of the Final Rule, and exceptions to what constitutes information blocking, may create significant new requirements for healthcare industry participants. The Final Rule requires certain electronic health record technology to incorporate standardized application programming interfaces to allow individuals to securely and easily access structured EHI using smartphone applications, provides patients with certain rights to electronic access to their EHI (structured and/or unstructured) at no cost and implements the information blocking provisions of the 21st Century Cures Act, subject to eight exceptions that will not be considered information blocking as long as specific conditions are met. In April 2023, the ONC issued a notice of proposed rulemaking that would modify certain components of the Final Rule, including modifying and expanding certain exceptions to the information blocking regulations, which are intended to support information sharing. The impact of the Final Rule on our business is unclear at this time, due to, among other things, uncertainty regarding the interpretation of safe harbors and exceptions to the Final Rule by industry participants and regulators.

The Final Rule focuses on health plans, payors, and healthcare providers and proposes measures to enable patients to move from health plan to health plan, provider to provider, and have both their clinical and administrative information travel with them. It is unclear whether the Final Rule may benefit us in that certain EHR vendors will no longer be permitted to interfere with our attempts at integration, but the rules may also make it easier for other similar companies to enter the market, creating increased competition, and reducing our market share. It is unclear at this time what the costs of compliance with the proposed rules, if adopted, would be, and what additional risks there may be to our business. If we face limitations on the development of data interfaces and other information blocking practices, including the imposition of increased fees, our data access and ability to download relevant data may be limited, which could adversely affect our ability to provide our Solution as effectively as possible. Any steps we take to enforce the anti-information blocking provisions of the 21st Century Cures Act could be costly, could distract management attention from the business, and could have uncertain results.

We rely on third-party providers, including Microsoft Azure, for computing infrastructure, network connectivity, and other technology-related services needed to deliver our Solution. Any disruption in the services provided by such third-party providers could adversely affect our business and subject us to liability.

Our Solution is generally hosted from and use computing infrastructure provided by third parties, including Microsoft Azure and other computing infrastructure service providers. We have migrated and expect to continue to migrate a significant portion of our DOS and analytics application computing infrastructure needs to Microsoft Azure. We have made and expect to continue to make substantial investments in transitioning DOS clients from our own managed data center to Microsoft Azure and the migration of clients to the next iteration of our DOS platform. We anticipate that this transition will increase the cost of hosting our technology and negatively impact our technology gross margin.

36

Such migrations are risky and may cause disruptions to our Solution, service outages, downtime, or other problems and may increase our costs. Despite precautions taken during such transitions, any unsuccessful transition of technology may impair clients’ use of our technology which may cause greater costs or downtime and which may lead to, among other things, client dissatisfaction and non-renewals.

Our computing infrastructure service providers have no obligation to renew their agreements with us on commercially reasonable terms or at all. If we are unable to renew these agreements on commercially reasonable terms, or if one of our computing infrastructure service providers is acquired, we may be required to transition to a new provider and we may incur significant costs and possible service interruption in connection with doing so. Problems faced by our computing infrastructure service providers, including those operated by Microsoft, could adversely affect the experience of our clients. Microsoft Azure and other infrastructure vendors have had and may in the future experience significant service outages. Additionally, if our computing infrastructure service providers are unable to keep up with our growing needs for capacity, this could have an adverse effect on our business. For example, a rapid expansion of our business could affect our service levels or cause our third-party hosted systems to fail. Our agreements with third-party computing infrastructure service providers may not entitle us to service level credits that correspond with those we offer to our clients.

Any changes in third-party service levels at our computing infrastructure service providers, or any related disruptions or performance problems with our Solution, could adversely affect our reputation and may damage our clients’ data, information and/or stored files, result in lengthy interruptions in our services, or result in potential losses of client data. Interruptions in our services might reduce our revenue, cause us to issue refunds to clients for prepaid and unused subscriptions, subject us to service level credit claims and potential liability, allow our clients to terminate their contracts with us, or adversely affect our renewal rates.

We rely on Internet infrastructure, bandwidth providers, data center providers, other third parties, and our own systems for providing our Solution to our users, and any failure or interruption in the services provided by these third parties or our own systems could expose us to litigation, potentially require us to issue credits to our clients, and negatively impact our relationships with users or clients, adversely affecting our brand and our business.

In addition to the services we provide from our offices, we serve our clients primarily from third-party data-hosting facilities. These facilities are vulnerable to damage or interruption from earthquakes, floods, fires, power loss, telecommunications failures, and similar events. They are also subject to break-ins, sabotage, intentional acts of vandalism, and similar misconduct.

Their systems and servers could also be subject to hacking, spamming, ransomware, computer viruses or other malicious software, denial of service attacks, service disruptions, including the inability to process certain transactions, phishing attacks, and unauthorized access attempts, including third parties gaining access to users’ accounts using stolen or inferred credentials or other means, and may use such access to prevent use of users’ accounts.

Despite precautions taken at these facilities, the occurrence of a natural disaster or an act of terrorism, a decision to close the facilities without adequate notice, or other unanticipated problems at two or more of the facilities could result in lengthy interruptions in our services. Even with our disaster recovery arrangements, our Solution could be interrupted.

Our ability to deliver our Internet- and telecommunications-based services is dependent on the development and maintenance of the infrastructure of the Internet and other telecommunications services by third parties. This includes maintenance of a reliable network backbone with the necessary speed, data capacity, and security for providing reliable Internet access and services and reliable mobile device, telephone, facsimile, and pager systems, all at a predictable and reasonable cost. We have experienced and expect that we will experience interruptions and delays in services and availability of our Solution from time to time.

We rely on internal systems as well as third-party vendors, including data center, bandwidth, and telecommunications equipment or service providers, to provide our Solution. We do not maintain redundant systems or facilities for portions of our Solution. In the event of a catastrophic event with respect to one or more of these systems or facilities, we may experience an extended period of system unavailability, which could negatively impact our relationship with users or clients. To operate without interruption, both we and our service providers must guard against:

damage from fire, power loss, and other natural disasters;
communications failures;
software and hardware errors, failures, and crashes;
37

security breaches, computer viruses, ransomware, and similar disruptive problems; and
other potential interruptions.
Any disruption in the network access, telecommunications, or co-location services provided by these third-party providers or any failure of or by these third-party providers or our own systems to handle the current or higher volume of use could significantly harm our ability to deliver our Solution and our business. We exercise limited control over these third-party vendors, which increases our vulnerability to problems with the services they provide.

Any errors, failures, interruptions, or delays experienced in connection with these third-party technologies and information services or our own systems could negatively impact our relationships with users and clients, adversely affect our brands and business, and expose us to third-party liabilities. The insurance coverage under our policies may not be adequate to compensate us for all losses that may occur. In addition, we cannot provide assurance that we will continue to be able to obtain adequate insurance coverage at an acceptable cost.

The reliability and performance of the Internet may be harmed by increased usage or by denial-of-service attacks. The Internet has experienced a variety of outages and other delays as a result of damages to portions of its infrastructure, and it could face outages and delays in the future. These outages and delays could reduce the level of Internet usage as well as the availability of the Internet to us for delivery of our Internet-based services.

We typically provide service level commitments under our client contracts. If we fail to meet these contractual commitments, we could be obligated to provide credits or refunds for prepaid amounts related to unused subscription services or face contract terminations, which could adversely affect our results of operations.

Finally, recent changes in law could impact the cost and availability of necessary Internet infrastructure. Increased costs and/or decreased availability would negatively affect our results of operations.

Our business could be adversely impacted by changes in laws and regulations related to the Internet or changes in access to the Internet generally.

The future success of our business depends upon the continued use of the Internet as a primary medium for communication, business applications, and commerce. Federal or state government bodies or agencies have in the past adopted, and may in the future adopt, laws or regulations affecting the use of the Internet as a commercial medium. Legislators, regulators, or government bodies or agencies may also make legal or regulatory changes or interpret or apply existing laws or regulations that relate to the use of the Internet in new and materially different ways. Changes in these laws, regulations, or interpretations could require us to modify our Solution in order to comply with these changes, to incur substantial additional costs or divert resources that could otherwise be deployed to grow our business, or expose us to unanticipated civil or criminal liability, among other things.

In addition, government agencies and private organizations have imposed, and may in the future impose, additional taxes, fees, or other charges for accessing the Internet or commerce conducted via the Internet. Internet access is frequently provided by companies that have significant market power and could take actions that degrade, disrupt, or increase the cost of our clients’ use of our Solution, which could negatively impact our business. Net neutrality rules, which were designed to ensure that all online content is treated the same by Internet service providers and other companies that provide broadband services were repealed by the Federal Communications Commission effective June 2018. The repeal of the net neutrality rules could force us to incur greater operating expenses or our clients’ use of our Solution could be adversely affected, either of which could harm our business and results of operations.

These developments could limit the growth of Internet-related commerce or communications generally or result in reductions in the demand for Internet-based platforms and services such as ours, increased costs to us or the disruption of our business. In addition, as the Internet continues to experience growth in the numbers of users, frequency of use, and amount of data transmitted, the use of the Internet as a business tool could be adversely affected due to delays in the development or adoption of new standards and protocols to handle increased demands of Internet activity, security, reliability, cost, ease-of-use, accessibility, and quality of service. The performance of the Internet and its acceptance as a business tool has been adversely affected by “viruses,” “worms,” and similar malicious programs and the Internet has experienced a variety of outages and other delays as a result of damage to portions of its infrastructure. If the use of the Internet generally, or our Solution specifically, is adversely affected by these or other issues, we could be forced to incur substantial costs, demand for our Solution could decline, and our results of operations and financial condition could be harmed.

38

Our Solution utilizes open-source software, and any failure to comply with the terms of one or more of these open-source licenses could adversely affect our business.

We use software modules licensed to us by third-party authors under “open-source” licenses in our Solution. Some open-source licenses contain affirmative obligations or restrictive terms that could adversely impact our business, such as restrictions on commercialization or obligations to make available modified or derivative works of certain open-source code. If we were to combine our proprietary software with certain open-source software subject to these licenses in a certain manner, we could, under certain open-source licenses, be required to release or otherwise make available the source code to our proprietary software to the public. This would allow our competitors to create similar products with lower development effort and time and ultimately could result in a loss of product sales for us.

Although we employ practices designed to manage our compliance with open-source licenses and protect our proprietary source code, we may inadvertently use open-source software in a manner we do not intend and that could expose us to claims for breach of contract and intellectual property infringement. If we are held to have breached the terms of an open-source software license, we could be required to, among other things, seek licenses from third parties to continue offering our products on terms that are not economically feasible, pay damages to third parties, to re-engineer our products, to discontinue the sale of our products if re-engineering cannot be accomplished on a timely basis, or to make generally available, in source code form, a portion of our proprietary code, any of which could adversely affect our business, results of operations, and financial condition. The terms of many open-source licenses have not been interpreted by U.S. courts, and, as a result, there is a risk that such licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to commercialize our Solution.

We employ third-party licensed software and software components for use in or with our Solution, and the inability to maintain these licenses or the presence of errors in the software we license could limit the functionality of our Solution and result in increased costs or reduced service levels, which would adversely affect our business.

Our software applications might incorporate or interact with certain third-party software and software components (other than open-source software), such as data visualization software, obtained under licenses from other companies. We pay these third parties a license fee or royalty payment. We anticipate that we will continue to use such third-party software in the future. Although we believe that there are commercially reasonable alternatives to the third-party software we currently make available, this may not always be the case, or it may be difficult or costly to replace. Furthermore, these third parties may increase the price for licensing their software, which could negatively impact our results of operations. Our use of additional or alternative third-party software could require clients to enter into license agreements with third parties. In addition, if the third-party software we make available has errors or otherwise malfunctions, or if the third-party terminates its agreement with us, the functionality of our Solution may be negatively impacted and our business may suffer.

Any failure to protect our intellectual property rights could impair our ability to protect our proprietary technology and our brand.

Our success and ability to compete depend in part upon our intellectual property. As of December 31, 2023, we had filed applications for a number of patents, and we have fourteen issued U.S. patents, four issued Canadian patents, one issued Great Britain patent, and one issued European patent, as well as one utility patent application pending in the United States. We also had twenty-eight registered trademarks in the United States, Singapore, United Arab Emirates, and China. We also rely on copyright and trademark laws, trade secret protection, and confidentiality or license agreements with our employees, clients, partners, and others to protect our intellectual property rights. However, the steps we take to protect our intellectual property rights may be inadequate. For example, other parties, including our competitors, may independently develop similar technology, duplicate our services, or design around our intellectual property and, in such cases, we may not be able to assert our intellectual property rights against such parties.

Further, our contractual arrangements may not effectively prevent disclosure of our confidential information or provide an adequate remedy in the event of unauthorized disclosure of our confidential information, and we may be unable to detect the unauthorized use of, or take appropriate steps to enforce, our intellectual property rights.

We make business decisions about when to seek patent protection for a particular technology and when to rely upon trade secret protection, and the approach we select may ultimately prove to be inadequate. Even in cases where we seek patent protection, there is no assurance that the resulting patents will effectively protect every significant feature of our Solution, technology, or proprietary information, or provide us with any competitive advantages. Moreover, we cannot guarantee that any of our pending patent applications will issue or be approved. The United States Patent and Trademark Office and various foreign governmental patent agencies also require compliance with a number of procedural, documentary, fee payment, and other similar provisions during the patent application process and after a patent has issued.

39

There are situations in which noncompliance can result in abandonment or lapse of the patent, or patent application, resulting in partial or complete loss of patent rights in the relevant jurisdiction. If this occurs, our competitors might be able to enter the market, which would have a material adverse effect on our business. Effective trademark, copyright, patent, and trade secret protection may not be available in every country in which we conduct business. Further, intellectual property law, including statutory and case law, particularly in the United States, is constantly developing, and any changes in the law could make it harder for us to enforce our rights.

In order to protect our intellectual property rights, we may be required to spend significant resources to monitor and protect these rights. Litigation brought to protect and enforce our intellectual property rights could be costly, time-consuming, and distracting to management and could result in the impairment or loss of portions of our intellectual property. Furthermore, our efforts to enforce our intellectual property rights may be met with defenses, counterclaims, and countersuits attacking the validity and enforceability of our intellectual property rights.

An adverse determination of any litigation proceedings could put our intellectual property at risk of being invalidated or interpreted narrowly and could put our related pending patent applications at risk of not issuing. Furthermore, because of the substantial amount of discovery required in connection with intellectual property litigation, there is a risk that some of our confidential or sensitive information could be compromised by disclosure in the event of litigation. In addition, during the course of litigation, there could be public announcements of the results of hearings, motions, or other interim proceedings or developments. If securities analysts or investors perceive these results to be negative, it could have a substantial adverse effect on the price of our common stock. Negative publicity related to a decision by us to initiate such enforcement actions against a client or former client, regardless of its accuracy, may adversely impact our other client relationships or prospective client relationships, harm our brand and business, and could cause the market price of our common stock to decline. Our failure to secure, protect, and enforce our intellectual property rights could adversely affect our brand and our business.

We may be sued by third parties for alleged infringement of their proprietary rights or misappropriation of intellectual property.

There is considerable patent and other intellectual property development activity in our industry. Our future success depends in part on not infringing upon the intellectual property rights of others. Our competitors, as well as a number of other entities and individuals, including so-called non-practicing entities, may own or claim to own intellectual property relating to our Solution. From time to time, third parties have claimed or may claim that we are infringing upon their intellectual property rights or that we have misappropriated their intellectual property.

For example, in some cases, very broad patents are granted that may be interpreted as covering a wide field of healthcare data storage and analytics solutions or machine learning and predictive modeling methods in healthcare. As competition in our market grows, the possibility of patent infringement, trademark infringement, and other intellectual property claims against us increases. In the future, we expect others to claim that our Solution and underlying technology infringe or violate their intellectual property rights. In a patent infringement claim against us, we may assert, as a defense, that we do not infringe the relevant patent claims, that the patent is invalid or both.

The strength of our defenses will depend on the patents asserted, the interpretation of these patents, and our ability to invalidate the asserted patents. However, we could be unsuccessful in advancing non-infringement and/or invalidity arguments in our defense. In the United States, issued patents enjoy a presumption of validity, and the party challenging the validity of a patent claim must present clear and convincing evidence of invalidity, which is a high burden of proof. Conversely, the patent owner need only prove infringement by a preponderance of the evidence, which is a lower burden of proof.

We may be unaware of the intellectual property rights that others may claim cover some or all of our technology or services. Because patent applications can take years to issue and are often afforded confidentiality for some period of time there may currently be pending applications, unknown to us, that later result in issued patents that could cover one or more aspects of our technology and services. Any claims or litigation could cause us to incur significant expenses and, whether or not successfully asserted against us, could require that we pay substantial damages, ongoing royalty or license payments, or settlement fees, prevent us from offering our Solution or using certain technologies, require us to re-engineer all or a portion of our DOS platform, or require that we comply with other unfavorable terms. We may also be obligated to indemnify our clients or business partners or pay substantial settlement costs, including royalty payments, in connection with any such claim or litigation and to obtain licenses, modify applications, or refund fees, which could be costly. Even if we were to prevail in such a dispute, any litigation regarding our intellectual property could be costly and time-consuming and divert the attention of our management and key personnel from our business operations.

40

Risks Related to Governmental Regulation

Risks Related to Healthcare and Data Privacy and Security Regulation

Actual or perceived failures to comply with applicable data protection, privacy and security laws, regulations, standards and other requirements could adversely affect our business, results of operations, and financial condition.
Health information privacy and security laws. There are numerous federal and state laws and regulations that govern the privacy and security of health information. In particular, HIPAA, as amended by the Health Information Technology for Economic and Clinical Health Act of 2009, and regulations implemented thereunder (collectively, HIPAA) imposes, among other things, certain standards relating to the privacy, security, transmission and breach reporting of PHI, as defined under HIPAA. By processing and maintaining PHI on behalf of our covered entity clients, we are a HIPAA business associate and are required to enter into business associate agreements (BAAs) with our covered entity clients to safeguard PHI, as well as BAAs with our subcontractors that access or otherwise process PHI on our behalf.
We may not be able to adequately address the business risks created by HIPAA implementation. Furthermore, we are unable to predict what changes to HIPAA or other laws or regulations might be made in the future or how those changes could affect our business or the costs of compliance. We are unable to predict what, if any, impact the changes in such standards will have on our compliance costs or our Solution. Penalties for failure to comply with a requirement of HIPAA vary significantly depending on the nature of violation and could include civil monetary or criminal penalties. HIPAA also authorizes state attorneys general to file suit under HIPAA on behalf of state residents. Courts can award damages, costs and attorneys’ fees related to violations of HIPAA in such cases.
While HIPAA does not create a private right of action allowing individuals to sue us in civil court for HIPAA violations, its standards have been used as the basis for a duty of care claim in state civil suits such as those for negligence or recklessness in the misuse or breach of PHI. Certain states have also adopted privacy and security laws and regulations, some of which may be more stringent than HIPAA. Such laws and regulations will be subject to interpretation by various courts and other governmental authorities, thus creating potentially complex compliance issues for us and our future clients and strategic partners.
Some of our analytics applications, including, for example, one of our benchmarking applications, require that we obtain permissions consistent with HIPAA to provide “data aggregation services” and the right to create de-identified information and to use and disclose such de-identified information. We may require large sets of de-identified information to enable us to continue to develop machine learning algorithms that enhance our Solution. If we are unable to secure these rights in client BAAs or as a result of any future changes to HIPAA or other applicable laws, we may face limitations on the use of PHI and our ability to use de-identified information that could negatively affect the scope of our Solution as well as impair our ability to provide upgrades and enhancements to our Solution.
We outsource important aspects of the storage and transmission of client information and PHI, and thus rely on third parties to manage functions that have material cybersecurity risks. We attempt to address these risks by requiring outsourcing subcontractors who handle client information to sign BAAs contractually requiring those subcontractors to adequately safeguard PHI in a similar manner that applies to us and in some cases by requiring such outsourcing subcontractors to undergo third‑party security examinations as well as to protect the confidentiality of other sensitive client information. In addition, we periodically hire third‑party security experts to assess and test our security measures. However, we cannot be assured that these contractual measures and other safeguards will adequately protect us from the risks associated with the storage and transmission of our clients' confidential and proprietary information and PHI.
Consumer protection laws. Furthermore, the Federal Trade Commission (FTC) also has authority to initiate enforcement actions against entities that mislead customers about HIPAA compliance, make deceptive statements about privacy and data sharing in privacy policies, fail to limit third-party use of personal health information, fail to implement policies to protect personal health information or engage in other unfair practices that harm customers or that may violate Section 5(a) of the FTC Act. According to the FTC, failing to take appropriate steps to keep consumers’ personal information secure can also constitute unfair acts or practices in or affecting commerce in violation of Section 5(a) of the FTC Act. The FTC expects a company’s data security measures to be reasonable and appropriate in light of the sensitivity and volume of consumer information it holds, the size and complexity of its business, and the cost of available tools to improve security and reduce vulnerabilities. Additionally, federal and state consumer protection laws are increasingly being applied by FTC and states' attorneys general to regulate the collection, use, storage, and disclosure of personal or personally identifiable information, through websites or otherwise, and to regulate the presentation of website content.

41

State data protection laws. Certain states have also adopted privacy and security laws and regulations, which govern the privacy, processing, and protection of health-related and other personal information. Such laws and regulations will be subject to interpretation by various courts and other governmental authorities, thus creating potentially complex compliance issues for us and our future clients and strategic partners. For example, California adopted the CCPA, which went into effect on January 1, 2020. The CCPA establishes a privacy framework for covered businesses by creating an expanded definition of personal information, establishing new data privacy rights for consumers in the state of California, imposing special rules on the collection of consumer data from minors, and creating a new and potentially severe statutory damages framework for violations of the CCPA and for businesses that fail to implement reasonable security procedures and practices to prevent data breaches. Additionally, the CPRA generally went into effect on January 1, 2023 and significantly amends the CCPA. It imposed additional data protection obligations on companies doing business in California, including additional consumer rights processes, limitations on data uses, new audit requirements for higher risk data, and opt outs for certain uses of sensitive data. It also created a new California data protection agency authorized to issue substantive regulations and could result in increased privacy and information security enforcement. Additional compliance investment and potential business process changes may be required. Similar laws have passed in other states, and are continuing to be proposed at the state and federal level, reflecting a trend toward more stringent privacy legislation in the United States. If we fail to comply with any of these privacy laws that apply to us, and are subject to the aforementioned penalties, our business and financial results could be adversely affected.

GDPR and foreign data privacy protection laws. In addition, many foreign governments have established or are in the process of establishing privacy and data security legal frameworks governing the collection, use and disclosure of personal information obtained from their residents. For example, in Europe, the GDPR went into effect on May 25, 2018. The GDPR imposes data protection requirements for processing the personal data of individuals within the European Economic Area (EEA) relating to the consent of the individuals to whom the personal data relates, the information provided to the individuals, the documentation we must retain, the security and confidentiality of the personal data, data breach notification and the use of third-party processors in connection with the processing of personal data. Companies that must comply with the GDPR face increased compliance obligations and risk, including more robust regulatory enforcement of data protection requirements and potential fines for noncompliance of up to €20 million or 4% of the annual global revenues of the noncompliant company, whichever is greater. The GDPR has increased our responsibility and potential liability in relation to personal data that we process, and we may be required to put in place mechanisms to ensure compliance with GDPR. In addition, the GDPR increases the scrutiny of transfers of personal data from the EEA to the United States and other jurisdictions that the European Commission does not recognize as having “adequate” data protection laws and the efficacy and longevity of current transfer mechanisms between the EEA, and the United States remain uncertain. Case law from the Court of Justice of the European Union (CJEU) states that reliance on the standard contractual clauses - a standard form of contract approved by the European Commission as an adequate personal data transfer mechanism - alone may not necessarily be sufficient in all circumstances and that transfers must be assessed on a case-by-case basis. On October 7, 2022, President Biden signed an Executive Order on ‘Enhancing Safeguards for United States Intelligence Activities’ which introduced new redress mechanisms and binding safeguards to address the concerns raised by the CJEU in relation to data transfers from the EEA to the United States and which formed the basis of the new EU-US Data Privacy Framework (DPF), as released on December 13, 2022. The European Commission adopted its Adequacy Decision in relation to the DPF on July 10, 2023, rendering the DPF effective as a GDPR transfer mechanism to U.S. entities self-certified under the DPF. The DPF also introduced a new redress mechanism for EU citizens which addresses a key concern in the previous CJEU judgments and may mean transfers under standard contractual clauses are less likely to be challenged in future. We currently maintain localized infrastructure and third-party relationships to limit the risk of data transfer of personal data outside of the EEA and the UK. In addition, we rely on the EU standard contractual clauses and the UK Addendum to the EU standard contractual clauses as relevant to address any potential transfer of personal data outside the EEA and the UK, including to the United States, with respect to both intragroup and third-party transfers. We expect the existing legal complexity and uncertainty regarding international personal data transfers to continue. In particular, we expect the DPF Adequacy Decision to be challenged and international transfers to the United States and to other jurisdictions more generally to continue to be subject to enhanced scrutiny by regulators. As a result, we may have to make certain operational changes and we will have to implement revised standard contractual clauses. Data protection authorities of the different EEA member states may also interpret GDPR differently, and guidance on implementation and compliance practices are often updated or otherwise revised, which adds to the complexity of processing personal data in the EEA. Any failure by us to comply with GDPR could result in proceedings or actions against us by governmental entities or others, which may subject us to significant penalties and negative publicity, require us to change our business practices, and increase our costs and severely disrupt our business. Further, from January 1, 2021, companies have had to comply with the GDPR and also the UK GDPR, which, together with the amended UK Data Protection Act 2018, retains the GDPR in UK national law.
42

The UK GDPR mirrors the fines under the GDPR, e.g., fines up to the greater of €20 million (£17.5 million) or 4% of global turnover. On October 12, 2023, the UK Extension to the DPF came into effect (as approved by the UK Government), as a UK GDPR data transfer mechanism to U.S. entities self-certified under the UK Extension to the DPF. As we continue to expand into other foreign countries and jurisdictions, we may be subject to additional laws and regulations that may affect how we conduct business.

Canadian data privacy protection laws. Similarly, Canada’s Personal Information Protection and Electronic Documents Act provides Canadian residents with privacy protections in regard to transactions with businesses and organizations in the private sector and sets out ground rules for how private-sector organizations may collect, use, and disclose personal information in the course of commercial activities. Foreign governments may attempt to apply such laws extraterritorially or through treaties or other arrangements with U.S. governmental entities. Other jurisdictions besides the EU and Canada are similarly introducing or enhancing laws and regulations relating to privacy and data security, which enhances risks relating to compliance with such laws. Furthermore, as we enter into business arrangements in countries outside of the United States, we will need to be prepared to comply with applicable local privacy laws. The GDPR and other changes in laws or regulations associated with the enhanced protection of certain types of personal data, such as health-related data or other sensitive information, could greatly increase our cost of providing our products and services or even prevent us from offering certain services in jurisdictions that we operate.
We cannot be certain that the privacy policies and other statements regarding our practices will be found sufficient to protect us from liability or adverse publicity relating to the privacy and security of personal information. There is ongoing concern from privacy advocates, regulators, and others regarding data protection and privacy issues, and the number of jurisdictions with data protection and privacy laws has been increasing. Also, there are ongoing public policy discussions regarding whether the standards for de-identified, anonymous, or pseudonymized health information are sufficient, and the risk of re-identification sufficiently small, to adequately protect patient privacy. We expect that there will continue to be new proposed laws, regulations, and industry standards concerning privacy, data protection, and information security in the United States, including the CCPA and CPRA, and we cannot yet determine the impact such laws, regulations, and standards may have on our business. Future laws, regulations, standards, and other obligations, and changes in the interpretation of existing laws, regulations, standards, and other obligations could impair our or our clients’ ability to collect, use, or disclose information relating to consumers, which could decrease demand for our Solution, increase our costs, and impair our ability to maintain and grow our client base and increase our revenue. Any failure or perceived failure by us to comply with international, federal or state laws or regulations, industry standards, or other legal obligations, or any actual or suspected security incident, whether or not resulting in unauthorized access to, or acquisition, release, or transfer of personally identifiable information or other data, may result in governmental enforcement actions and prosecutions, private litigation, fines, and penalties or adverse publicity and could cause our clients to lose trust in us, which could have an adverse effect on our reputation and business.

We may be unable to make such changes and modifications in a commercially reasonable manner or at all, and our ability to develop new products and features could be limited. Any of these developments could harm our business, financial condition, and results of operations. Privacy and data security concerns, whether valid or not valid, may inhibit market adoption of our Solution.

Government regulation of healthcare creates risks and challenges with respect to our compliance efforts and our business strategies.

Many healthcare laws are complex, and their application to specific services and relationships may not be clear. In particular, many existing healthcare laws and regulations, when enacted, did not anticipate the data analytics and improvement services that we provide, and these laws and regulations may be applied to our Solution in ways that we do not anticipate, particularly as we develop and release new and more sophisticated solutions. Our failure to accurately anticipate the application of these laws and regulations, or our other failure to comply with them, could create significant liability for us, result in adverse publicity, and negatively affect our business. Some of the risks we face or may face from healthcare regulation are described below.
The federal Anti-Kickback Statute prohibits, among other things, the offering, paying, soliciting, or receiving anything of value, directly or indirectly, for the referral of patients covered by Medicare, Medicaid, and other federal healthcare programs or the leasing, purchasing, ordering, or arranging for or recommending the lease, purchase, or order of any item, good, facility, or service covered by these programs. A person or entity does not need to have actual knowledge of the statute or specific intent to violate it in order to have committed a violation. Some enforcement activities focus on below or above market payments for federally reimbursable healthcare items or services as evidence of the intent to provide a kickback. Many states also have similar anti-kickback laws that are not necessarily limited to items or services for which payment is made by a federal healthcare program. Moreover, both federal and state laws prohibit bribery and similar behavior. We do not believe we directly order or provide healthcare services that are reimbursable by Medicare, Medicaid or other third-party payors or submit claims or receive reimbursement from any such payor.
43

However, nonetheless, in addition to direct enforcement action against us, if our advisory services or our Solution offered to clients are associated with action by clients that is determined or alleged to be in violation of these laws and regulations, it is possible that an enforcement agency would also try to hold us liable and, as a result of such attempt to hold us liable, our results of operations and financial condition may be negatively impacted, even if we are ultimately found not liable.
There are also numerous federal and state laws that prohibit the submission of false information, or the failure to disclose information, in connection with submission and payment of claims for healthcare items and services by healthcare providers. For example, the federal civil False Claims Act prohibits, among other things, individuals or entities from knowingly presenting, or causing to be presented, to the U.S. federal government, claims for payment or approval that are false or fraudulent, or knowingly making, using or causing to be made or used, a false record or statement material to a false or fraudulent claim. The government has prosecuted revenue cycle management service providers for causing the submission of false or fraudulent claims in violation of the False Claims Act. In addition, the government may assert that a claim including items and services resulting from a violation of the U.S. federal Anti-Kickback Statute constitutes a false or fraudulent claim for purposes of the civil False Claims Act.
HIPAA also created new federal criminal statutes that prohibit knowingly and willfully executing, or attempting to execute, a scheme to defraud or to obtain, by means of false or fraudulent pretenses, representations or promises, any money or property owned by, or under the control or custody of, any healthcare benefit program, including private third-party payors, and knowingly and willfully falsifying, concealing or covering up by trick, scheme or device, a material fact or making any materially false, fictitious or fraudulent statement in connection with the delivery of or payment for healthcare benefits, items or services. Similar to the federal Anti-Kickback Statute, a person or entity does not need to have actual knowledge of the statute or specific intent to violate it in order to have committed a violation. Any determination by a court or regulatory agency that we or any of our clients, vendors, or partners have violated these laws could subject us to significant civil or criminal penalties, invalidate all or portions of some of our client contracts, require us to change or terminate some portions of our business, require us to refund portions of our services fees, subject us to additional reporting requirements and oversight under a corporate integrity agreement or similar agreement to resolve allegations of noncompliance with these laws, cause us to be disqualified from serving clients doing business with government payors, and have an adverse effect on our business.

Our clients’ failure to comply with these laws and regulations in connection with our services could result in substantial liability (including, but not limited to, criminal liability), adversely affect demand for our Solution, and force us to expend significant capital, research and development, and other resources to address the failure. Even an unsuccessful challenge by regulatory authorities of our activities could result in adverse publicity, distract management attention from our business, require a costly response from us, and negatively impact the price of our common stock.

If our arrangements with clinicians and other healthcare professionals are found to constitute the improper rendering of professional medical services or fee splitting under applicable state laws, our business, financial condition, and our ability to operate in those states could be adversely impacted.

We employ and contract with physicians and other licensed healthcare professionals who assist our clients with the clients’ care coordination, care management, population health management, and patient safety activities. Although we do not intend to provide medical care, treatment, or advice, our relationships with such healthcare professionals may implicate certain state laws in the United States in which we operate that generally prohibit non-professional entities from providing licensed medical services, exercising control over licensed physicians or other licensed healthcare professionals, or engaging in certain practices such as fee-splitting with such licensed professionals. There can be no assurance that these laws will be interpreted in a manner consistent with our practices or that other laws or regulations will not be enacted in the future that could have a material and adverse effect on our business, financial condition, and results of operations.
Regulatory authorities, state boards of medicine, state attorneys general, and other parties may assert that we are engaged in the provision of professional medical services, and/or that our arrangements with our affiliated physicians and other licensed healthcare professionals constitute unlawful fee-splitting. If a jurisdiction’s prohibition on the corporate practice of medicine or fee-splitting is interpreted in a manner that is inconsistent with our practices, we may be required to restructure or terminate some portions of our business, which may in turn require us to refund portions of our services fees, which would have an adverse effect on our business. Even an unsuccessful challenge by regulatory authorities of our activities could result in adverse publicity, distraction of management attention from our business, a costly response from us, and a substantial negative impact upon the price of our common stock.




44

The FDA may modify its enforcement policies with respect to medical software products, and our software products may become subject to extensive regulatory requirements, which may increase the cost of conducting, or otherwise harm, our business.

We develop and offer certain analytical software applications in connection with our business. For its part, the FDA may regulate medical or health-related software, including machine learning functionality and predictive algorithms, if such software falls within the definition of a “medical device” under the Federal Food, Drug, and Cosmetic Act (FDCA). Medical devices are subject to extensive and rigorous regulation by the FDA and by other federal, state, and local authorities.
The FDCA and related regulations govern the conditions of safety, efficacy, clearance, approval, manufacturing, quality system requirements, labeling, packaging, distribution, storage, recordkeeping, reporting, marketing, advertising, and promotion of medical devices. However, historically, the FDA has exercised enforcement discretion for certain low-risk software functions, and has issued several guidance documents outlining its approach to the regulation of software as a medical device. In addition, the 21st Century Cures Act amended the FDCA to exclude from the definition of “medical device” certain medical-related software, including software used for administrative support functions at a healthcare facility, software intended for maintaining or encouraging a healthy lifestyle, software designed to store electronic health records, software for transferring, storing, or displaying medical device data or in vitro diagnostic data, and certain clinical decision support software. We believe our currently marketed products provide functionality that is exempt from the FDCA's definition of a “medical device,” and therefore that our software products are not currently regulated by the FDA as medical devices, or that our products are otherwise subject to FDA’s current enforcement discretion policies applicable to software products. However, there is a risk that the FDA could disagree with our determination, or that the FDA could alter its enforcement discretion policies, and in either case, subject our software to more stringent medical device regulations.
If the FDA determines that any of our current or future analytics applications are regulated as medical devices and not otherwise subject to enforcement discretion, we would become subject to various requirements under the FDCA and the FDA’s implementing regulations. If this occurs, we may be required to cease marketing or to recall our product until we obtain the requisite clearances or approvals, which would entail significant cost and could harm our reputation, business, financial condition, and results of operations.

Our failure to comply with applicable regulatory requirements could result in enforcement action by the FDA, or comparable state or foreign regulatory authorities, including: untitled letters, warning letters, fines, injunctions, consent decrees and civil penalties, recalls, termination of distribution, administrative detentions, seizure of our products, operating restrictions, partial suspension or total shutdown of production, delays in or refusal to grant clearances or approvals, prohibitions on sales of our products, and criminal prosecution. Any of these sanctions could result in higher than anticipated costs or lower than anticipated sales and have a material adverse effect on our reputation, business, financial condition, and results of operations.

The healthcare regulatory and political framework is uncertain and evolving.

Existing and new laws and regulations affecting the healthcare industry, or changes to existing laws and regulations could create unexpected liabilities for us, cause us to incur additional costs, and/or restrict our operations. Reforming the healthcare industry has been a priority for U.S. politicians, and key members of the legislative and executive branches have proposed a wide variety of potential changes and policy goals. Certain changes to laws impacting our industry, or perceived intentions to do so, could affect our business and results of operations. By way of example, in March 2010, the Affordable Care Act (ACA), was enacted, which substantially changed the way healthcare is financed by both governmental and private insurers and has significantly impacted our industry and, to some degree, our business. Since its enactment, there have been judicial, executive, and Congressional challenges to certain aspects of the ACA. On June 17, 2021, the U.S. Supreme Court dismissed the most recent judicial challenge to the ACA brought by several states without specifically ruling on the constitutionality of the ACA. Thus, the ACA will remain in effect in its current form. We anticipate that new cost containment measures or other healthcare reforms will continue to be implemented at both the federal and state level, any of which could harm our business, financial condition, and results of operations.










45

Due to the particular nature of certain services we provide or the manner in which we provide them, we may be subject to additional government regulation and foreign government regulation.

While our Solution is primarily subject to government regulations pertaining to healthcare, certain aspects of our Solution may require us to comply with regulatory schema from other areas. Examples of such regulatory schema include:

Antitrust laws. Our national cloud-based network allows us access to cost and pricing data for a large number of providers in most regional markets, as well as to the contracted rates for third-party payors. To the extent that our Solution enables providers to compare their cost and pricing data with those of their competitors, those providers could collude to increase the pricing for their services, to reduce the compensation they pay their employees, or to collectively negotiate agreements with third parties. Similarly, if payors are able to compare their contracted rates of payment to providers, those payors may seek to reduce the amounts they might otherwise pay. Such actions may be deemed to be anti-competitive and a violation of federal antitrust laws. To the extent that we are deemed to have enabled such activities, we could be subject to fines and penalties imposed by the U.S. Department of Justice or the FTC and be required to curtail or terminate the services that permitted such collusion.


FCPA and foreign anti-bribery laws. The FCPA makes it illegal for U.S. persons, including U.S. companies, and their subsidiaries, directors, officers, employees, and agents, to promise, authorize or make any corrupt payment, or otherwise provide anything of value, directly or indirectly, to any foreign official, any foreign political party or party official, or candidate for foreign political office to obtain or retain business. Violations of the FCPA can also result in violations of other U.S. laws, including anti-money laundering, mail and wire fraud, and conspiracy laws. There are severe penalties for violating the FCPA. In addition, the Company may also be subject to other non-U.S. anti-corruption or anti-bribery laws, such as the U.K. Bribery Act 2010. If our employees, contractors, vendors, or partners fail to comply with the FCPA and/or foreign anti-bribery laws, we may be subject to penalties or sanctions, and our ability to develop new prospects and retain existing clients could be adversely affected.
Economic sanctions and export controls. Economic and trade sanctions programs that are administered by the U.S. Treasury Department’s Office of Foreign Assets Control prohibit or restrict transactions to or from, and dealings with specified countries and territories, their governments, and in certain circumstances, with individuals and entities that are specially designated nationals of those countries, and other sanctioned persons, including narcotics traffickers and terrorists or terrorist organizations. As federal, state and foreign legislative regulatory scrutiny and enforcement actions in these areas increase, we expect our costs to comply with these requirements will increase as well. Failure to comply with any of these requirements could result in the limitation, suspension or termination of our services, imposition of significant civil and criminal penalties, including fines, and/or the seizure and/or forfeiture of our assets. Further, our Solution incorporates encryption technology. This encryption technology may be exported from the United States only with the required export authorizations, including by a license, a license exception, or other appropriate government authorizations. Such solutions may also be subject to certain regulatory reporting requirements. Various countries also regulate the import of certain encryption technology, including through import permitting and licensing requirements, and have enacted laws that could limit our clients’ ability to import our Solution into those countries. Governmental regulation of encryption technology and of exports and imports of encryption products, or our failure to obtain required approval for our Solution, when applicable, could harm our international sales and adversely affect our revenue. Compliance with applicable regulatory requirements regarding the provision of our Solution, including with respect to new applications, may delay the introduction of our Solution in various markets or, in some cases, prevent the provision of our Solution to some countries altogether.
Regulatory certification. We must obtain certification from governmental agencies, such as the Agency for Healthcare Research and Quality (AHRQ) to sell certain of our analytics applications and services in the United States. We cannot be certain that our Solution will continue to meet these standards. The failure to comply with these certification requirements could result in the loss of certification, which could restrict our Solution offerings and cause us to lose clients.










46

Risks Related to Tax Regulation

Taxing authorities may successfully assert that we should have collected or in the future should collect sales and use, value-added or similar transactional taxes, and we could be subject to liability with respect to past or future sales, which could adversely affect our results of operations.

We do not collect sales and use, value-added, and similar transactional taxes in all jurisdictions in which we have sales, based on our belief that such taxes are not applicable or that we are not required to collect such taxes with respect to the jurisdiction. Sales and use, value-added, and similar tax laws and rates vary greatly by jurisdiction. Certain jurisdictions in which we do not collect such taxes may assert that such taxes are applicable, which could result in tax assessments, penalties, and interest, and we may be required to collect such taxes in the future. Such tax assessments, penalties, interest or future requirements, increase in tax rates, or a combination of the foregoing may result in an increase in our sales and similar transactional taxes, increase administrative burdens or costs, or otherwise adversely affect our business, results of operations, or financial condition.

Unanticipated changes in our effective tax rate and additional tax liabilities, including as a result of our international operations or implementation of new tax rules, could harm our future results.

We are subject to income taxes in the United States and are expanding into various foreign jurisdictions that are subject to income tax. Our domestic and international tax liabilities are subject to the allocation of expenses in differing jurisdictions and complex transfer pricing regulations administered by taxing authorities in various jurisdictions. Tax rates in the jurisdictions in which we operate may change as a result of factors outside of our control or relevant taxing authorities may disagree with our determinations as to the income and expenses attributable to specific jurisdictions. In addition, changes in tax and trade laws, treaties or regulations, or their interpretation or enforcement, have become more unpredictable and may become more stringent, which could materially adversely affect our tax position.

Forecasting our estimated annual effective tax rate is complex and subject to uncertainty, and there may be material differences between our forecasted and actual effective tax rate. Our effective tax rate could be adversely affected by changes in the mix of earnings and losses in countries with differing statutory tax rates, certain non-deductible expenses, the valuation of deferred tax assets and liabilities, adjustments to income taxes upon finalization of tax returns, changes in available tax attributes, decision to repatriate non-U.S. earnings for which we have not previously provided for U.S. taxes, and changes in federal, state, or international tax laws and accounting principles. Finally, we may be subject to income tax audits throughout the world. An adverse resolution of one or more uncertain tax positions in any period could have a material impact on our results of operations or financial condition for that period.

Our ability to use our net operating losses to offset future taxable income may be subject to certain limitations.

As of December 31, 2023, we had net operating loss (NOL) carryforwards for federal and state income tax purposes of approximately $602.6 million and $505.5 million, respectively, which may be available to offset taxable income in the future, and which expire in various years beginning in 2032 for federal purposes if not utilized. The state NOLs will expire depending upon the various rules in the states in which we operate.

A lack of future taxable income would adversely affect our ability to utilize these NOLs before they expire. In general, under Section 382 of the Internal Revenue Code of 1986, as amended (the Code), a corporation that undergoes an “ownership change” (as defined under Section 382 of the Code and applicable Treasury Regulations) is subject to limitations on its ability to utilize its pre-change NOLs to offset its future taxable income.

We may experience a future ownership change under Section 382 of the Code that could affect our ability to utilize the NOLs to offset our income. Furthermore, our ability to utilize NOLs of companies that we have acquired or may acquire in the future may be subject to limitations. There is also a risk that due to regulatory changes, such as suspensions on the use of NOLs or other unforeseen reasons, our existing NOLs could expire or otherwise be unavailable to reduce future income tax liabilities, including for state income tax purposes. Certain provisions of the Tax Act (as defined below), as amended by the CARES Act, also limit the use of NOLs, as discussed further below. For these reasons, we may not be able to utilize a material portion of our NOLs, even if we attain profitability, which could potentially result in increased future tax liability to us and could adversely affect our results of operations and financial condition.




47

Comprehensive tax reform legislation could adversely affect our business and financial condition.

On December 22, 2017, the Tax Cuts and Jobs Act of 2017 (the Tax Act) was signed into law. The Tax Act contains, among other things, significant changes to corporate taxation, including (i) a reduction of the corporate tax rate from a top marginal rate of 35% to a flat rate of 21%, (ii) a limitation of the tax deduction for interest expense to 30% of adjusted earnings (except for certain small businesses) (increased to 50% by the CARES Act for taxable years beginning in 2019 and 2020), (iii) a limitation of the deduction for NOLs in taxable years beginning after December 31, 2020 to 80% of current year taxable income in respect of NOLs generated during or after 2018 and elimination of net operating loss carrybacks for NOLs arising in tax years ending after December 31, 2020, (iv) a one-time tax on offshore earnings at reduced rates regardless of whether they are repatriated, (v) immediate deductions for certain new investments instead of deductions for depreciation expense over time, and (vi) a modification or repeal of many business deductions and credits. For federal NOLs arising in tax years beginning after December 31, 2017, the Tax Act (as modified by the CARES Act) limits a taxpayer’s ability to utilize federal NOL carryforwards in taxable years beginning after December 31, 2020 to 80% of taxable income. In addition, federal NOLs arising in tax years ending after December 31, 2017 can be carried forward indefinitely, but carryback of federal NOLs arising in tax years ending after December 31, 2020 is generally prohibited. It is uncertain if and to what extent various states will conform to the newly enacted federal tax law.

Beginning in 2022, the Tax Act eliminated the option to currently deduct research and development expenditures in the period incurred and requires taxpayers to capitalize and amortize such domestic and foreign expenditures over five or fifteen years, respectively, pursuant to Section 174 of the Code. We will continue to examine the impact the Tax Act and CARES Act may have on our results of operations and financial condition.

Risks Related to Our Outstanding Convertible Notes

Servicing our Notes may require a significant amount of cash, and we may not have sufficient cash or the ability to raise the funds necessary to settle conversions of the Notes in cash, repay the Notes at maturity, or repurchase the Notes as required.

On April 14, 2020, we issued $230.0 million in aggregate principal amount of 2.50% Convertible Senior Notes due 2025, pursuant to an Indenture dated April 14, 2020, with U.S. Bank National Association, as trustee, in a private offering to qualified institutional buyers (the Notes). We received net proceeds from the Notes of $222.5 million, after deducting the initial purchasers’ discounts and offering expenses payable by us. The Notes are governed by an indenture (Indenture) between us, as the issuer, and U.S. Bank National Association, as trustee. The Notes are our senior, unsecured obligations and accrue interest payable semiannually in arrears on April 15 and October 15 of each year, beginning on October 15, 2020, at a rate of 2.50% per year. The Notes will mature on April 15, 2025, unless earlier converted, redeemed, or repurchased. The Indenture does not contain any financial covenants or restrictions on the payments of dividends, the incurrence of indebtedness, or the issuance or repurchase of securities by us or any of our subsidiaries.

We may repurchase the Notes from time to time prior to the maturity date. A holder may convert all or any portion of its Notes, at its option, subject to certain conditions and during certain periods, into cash, shares of our common stock or a combination of cash and shares of our common stock, with the form of consideration determined at our election. Noteholders will have the right to require us to repurchase all or a portion of their notes at 100% of the principal amount of Notes to be repurchased, plus accrued and unpaid interest to, but excluding, the repurchase date, upon the occurrence of certain events. The conversion rate is initially 32.6797 shares of our common stock per $1,000 principal amount of Notes (which is equivalent to an initial conversion price of approximately $30.60 per share of our common stock). If the Notes have not previously been converted, redeemed or repurchased, we will be required to repay the Notes in cash at maturity.

Our ability to make required cash payments in connection with redemptions or conversions of the Notes, repurchase the Notes upon the occurrence of certain events, or to repay or refinance the Notes at maturity will depend on market conditions and our future performance, which is subject to economic, financial, competitive, and other factors beyond our control. For example, we maintain cash balances with financial institutions in excess of insured limits, and there can be no assurance that we will be able to access uninsured funds in a timely manner or at all in the event of a failure of these financial institutions. We also may not use the cash proceeds we raised through the issuance of the Notes in an optimally productive and profitable manner. Since inception, our business has generated net losses, and we may continue to incur significant losses. As a result, we may not have enough available cash or be able to obtain financing at the time we are required to repurchase or repay the Notes or pay cash with respect to Notes being converted.

In addition, our ability to repurchase or to pay cash upon conversion or at maturity of the Notes may be limited by law or regulatory authority or by other agreements governing our future indebtedness. Our failure to repurchase Notes upon the occurrence of certain events or to pay cash upon conversion or at maturity of the Notes as required by the Indenture would constitute a default under the Indenture.
48

A default under the Indenture or the occurrence of certain events that allow Noteholders to require repurchase could also lead to a default under agreements governing our future indebtedness and could have a material adverse effect on our business, results of operations, and financial condition. If the payment of the related indebtedness were to be accelerated after any applicable notice or grace periods, we may not have sufficient funds to repay the indebtedness and repurchase the Notes or to pay cash upon conversion or at maturity of the Notes.

Our Capped Calls may affect the value of our common stock and subject us to counterparty risk.

On April 8, 2020, concurrently with the pricing of our $230.0 million in aggregate principal amount Convertible Senior Notes due 2025 (Notes), in a private placement to qualified institutional buyers exempt from registration under the Securities Act (Note Offering), we entered into privately negotiated capped call transactions (Base Capped Calls) with certain financial institutions (the option counterparties). In addition, in connection with the initial purchasers’ exercise in full of their option to purchase additional Notes, on April 9, 2020, we entered into additional capped call transactions (Additional Capped Calls, and, together with the Base Capped Calls, the Capped Calls) with each of the option counterparties. We used approximately $21.6 million of the net proceeds from the Note Offering to pay the option premium cost of the Capped Calls. We used approximately $21.6 million of the net proceeds from the Note Offering to pay the cost of the Capped Calls and allocated issuance costs. The Capped Calls have initial cap prices of $42.00 per share, subject to certain adjustments. The Capped Calls are expected generally to reduce the potential dilution to our common stock upon any conversion of Notes and/or offset any cash payments we are required to make in excess of the principal amount of converted Notes, as the case may be, with such reduction and/or offset subject to the cap price. The Capped Calls are separate transactions that we entered into with the option counterparties, and are not part of the terms of the Notes. The option counterparties are financial institutions or affiliates of financial institutions, and we will be subject to the risk that one or more of such option counterparties may default under the Capped Calls.
From time to time, the option counterparties or their respective affiliates may modify their hedge positions by entering into or unwinding various derivative transactions with respect to our common stock and/or purchasing or selling our common stock or other securities of ours in secondary market transactions prior to the maturity of the Notes. This activity could cause or avoid an increase or a decrease in the market price of our common stock. In addition, our exposure to the credit risk of the option counterparties will not be secured by any collateral. If any option counterparty becomes subject to insolvency proceedings, we will become an unsecured creditor in those proceedings with a claim equal to our exposure at that time under the Capped Calls. Our exposure will depend on many factors but, generally, the increase in our exposure will be correlated to the increase in our common stock market price and in the volatility of the market price of our common stock. In addition, upon a default by any option counterparty, we may suffer adverse tax consequences and dilution with respect to our common stock. We can provide no assurance as to the financial stability or viability of any option counterparty.

If we raise additional capital through debt financing, the terms of any new debt could further restrict our ability to operate our business.

If we raise any additional debt financing, the terms of such additional debt could further restrict our operating and financial flexibility by subjecting us to customary affirmative and negative covenants, indemnification provisions, and events of default. Further, if we are liquidated, the lender’s rights to repayment would be senior to the rights of the holders of our common stock to receive any proceeds from the liquidation. Any declaration by a lender of an event of default could significantly harm our business and prospects and could cause the price of our common shares to decline.

Risks Related to Ownership of Our Common Stock

Risks Related to an Investment in Our Securities

We have a limited operating history in an evolving industry which makes it difficult to evaluate our current business future prospects and increases the risk of your investment.

We launched operations in 2008 and we acquired Able Health, Healthfinch, Vitalware, Twistle, ARMUS, KPI Ninja, and ERS between February 2020 and October 2023. Our limited operating history, in particular with respect to the businesses we have recently acquired, makes it difficult to effectively assess or forecast our future prospects. You should consider our business and prospects in light of the risks and difficulties we encounter or may encounter. These risks and difficulties include our ability to cost-effectively acquire new clients and retain existing clients, maintain the quality of our technology infrastructure that can efficiently and reliably handle the requirements of our clients and deploy new features and solutions, and successfully compete with other companies that are currently in, or may enter, the healthcare solution space.


49

Additional risks include our ability to effectively manage growth, achieve synergies, responsibly use the data that clients share with us, process, store, protect, and use personal data, including PHI, in compliance with governmental regulation, contractual obligations, and other legal obligations related to privacy and security and avoid interruptions or disruptions in our service or slower than expected load times for our Solution. If we fail to address the risks and difficulties that we face, including those associated with the challenges listed above, our business and our results of operations will be adversely affected.

We have experienced significant net losses since inception, we expect to incur losses in the future, and we may not be able to generate sufficient revenue to achieve and maintain profitability.

We have incurred significant net losses in the past, including net losses of $118.1 million and $137.4 million in the years ended December 31, 2023 and 2022, respectively. We had an accumulated deficit of $1,117.2 million as of December 31, 2023. We expect our costs will increase over time as we continue to invest to grow our business and build relationships with clients, develop our Solution, develop new solutions, and operate as a public company. These efforts may prove to be more expensive than we currently anticipate and external factors, such as macroeconomic challenges, including the high inflationary environment and rising interest rates, could cause an increase in our expenses, and we may not succeed in increasing our revenue sufficiently to offset these higher expenses.

As a result, we may need to raise additional capital through equity and debt financings in order to fund our operations. To date, we have financed our operations principally from the proceeds we received through private sales of equity securities, payments received from sales of our Solution, borrowings under our loan and security agreements, our IPO in July 2019, the Note Offering in April 2020, and an underwritten public offering of 4,882,075 shares (inclusive of the underwriters’ over-allotment option to purchase 636,792 shares) of our common stock at $53.00 per share in August 2021, from which we received net proceeds of $245.2 million, after deducting the underwriting discounts and commissions and other offering costs (the Secondary Public Equity Offering).

We may also fail to improve the gross margins of our business. If we are unable to effectively manage these risks and difficulties as we encounter them, our business, financial condition, and results of operations would be adversely affected. Our failure to achieve or maintain profitability could negatively impact the value of our common stock.

The market price of our common stock may be volatile and may decline regardless of our operating performance, and you may lose all or part of your investments.

The market price of our common stock may fluctuate significantly in response to numerous factors, many of which are beyond our control, including:
overall performance of the equity markets and/or publicly-listed technology companies;
actual or anticipated fluctuations in our net revenue or other operating metrics;
changes in the financial projections we provide to the public or our failure to meet these projections;
failure of securities analysts to initiate or maintain coverage of us, changes in financial estimates by any securities analysts who follow our company, or our failure to meet the estimates or the expectations of investors;
the economy as a whole and market conditions in our industry;
rumors and market speculation involving us or other companies in our industry;
announcements by us or our competitors of significant innovations, acquisitions, strategic partnerships, joint ventures, or capital commitments;
new laws or regulations or new interpretations of existing laws or regulations applicable to our business;
lawsuits or investigations threatened or filed against us;
recruitment or departure of key personnel; and
other events or factors, including those resulting from macroeconomic challenges (including high inflationary and/or high interest rate environments), war, bank or financial institution failures, incidents of terrorism, public health crises, or responses to these events.
50

In addition, extreme price and volume fluctuations in the stock markets have affected and continue to affect many technology companies’ stock prices. Often, their stock prices have fluctuated in ways unrelated or disproportionate to the companies’ operating performance. In the past, stockholders have filed securities class action litigation following periods of market volatility. If we were to become involved in securities litigation, it could subject us to substantial costs, divert resources and the attention of management from our business, and harm our business. Moreover, because of these fluctuations, comparing our results of operations on a period-to-period basis may not be meaningful. You should not rely on our past results as an indication of our future performance. This variability and unpredictability could also result in our failing to meet the expectations of industry or financial analysts or investors for any period. If our net revenue or results of operations fall below the expectations of analysts or investors or below any forecasts we may provide to the market, or if the forecasts we provide to the market are below the expectations of analysts or investors, the price of our common stock could decline substantially. Such a stock price decline could occur even when we have met any previously publicly stated net revenue or earnings forecasts that we may provide.

If securities or industry analysts do not continue to publish research, or publish inaccurate or unfavorable research, about our business, the price of our common stock and trading volume could decline.

The trading market for our common stock will depend in part on the research and reports that securities or industry analysts publish about us or our business. If industry analysts cease coverage of us, the trading price for our common stock could be negatively affected. If one or more of the analysts who cover us downgrade our common stock or publish inaccurate or unfavorable research about our business, our common stock price would likely decline. If one or more of these analysts cease coverage of us or fail to publish reports on us on a regular basis, demand for our common stock could decrease, which might cause our common stock price and trading volume to decline.

We cannot guarantee that the Share Repurchase Plan will be fully consummated or will enhance stockholder value, and share repurchases could affect the price of our common stock.

On August 2, 2022, our board of directors authorized and approved the Share Repurchase Plan, pursuant to which we may repurchase up to $40.0 million of our outstanding shares of common stock. We began repurchasing shares of common stock under this program during the third quarter of 2022 and had $29.8 million available to purchase under the Share Repurchase Plan as of December 31, 2023. During the year ended December 31, 2023, we repurchased and retired 145,027 shares of our common stock for $1.8 million at an average purchase price of $12.45 per share. Repurchases of shares of common stock under the Share Repurchase Plan may be made from time to time, in the open market, in privately negotiated transactions or otherwise, with the amount and timing of repurchases to be determined at the discretion of our management, depending on market conditions and corporate needs.

Open market repurchases will be structured to occur in accordance with applicable federal securities laws, including within the pricing and volume requirements of Rule 10b-18 under the Exchange Act. We may also, from time to time, enter into Rule 10b5-1 plans to facilitate repurchases of our shares of common stock under this authorization. The timing, pricing, and sizes of these repurchases will depend on a number of factors, including the market price of our common stock and general market and economic conditions. The Share Repurchase Plan could affect the price of our common stock, increase volatility, and diminish our cash reserves.

Our management has broad discretion in the use of proceeds from our IPO, the Note Offering, and the Secondary Public Equity Offering and our use may not produce a positive rate of return.

The principal purposes of our IPO were to increase our capitalization and financial flexibility, create a public market for our stock and thereby enable access to the public equity markets by our employees and stockholders, obtain additional capital, and strengthen our position in the healthcare data analytics applications and services market. We used a portion of the Note Offering proceeds to pay the cost of the Capped Call transactions and to prepay in full all outstanding indebtedness under our credit agreement with OrbiMed. We cannot specify with certainty our plans for the use of the net proceeds we received from these offerings. However, we intend to use the net proceeds we received from our IPO, the Note Offering, and our Secondary Public Equity Offering for working capital and other general corporate purposes. We may also use a portion of the net proceeds from these offerings for the acquisition of, or investment in, technologies, solutions or businesses that complement our business. Our management has broad discretion over the specific use of the net proceeds we received in these offerings and might not be able to obtain a significant return, if any, on investment of these net proceeds. Investors will need to rely upon the judgment of our management with respect to the use of proceeds. If we do not use the net proceeds that we received in our IPO, the Note Offering, and our Secondary Public Equity Offering effectively, our business, results of operations, and financial condition could be harmed.


51

Our issuance of additional capital stock in connection with financings, acquisitions, investments, our stock incentive plans, or otherwise will dilute all other stockholders.

We expect to issue additional capital stock in the future that will result in dilution to all other stockholders. We expect to grant equity awards to employees, directors, and consultants under our stock incentive plans. We may also raise capital through equity financings in the future, including through offerings similar to our Secondary Public Equity Offering during the third quarter of 2021.

As part of our business strategy, we may acquire or make investments in complementary companies, products, or technologies and issue equity securities to pay for any such acquisition or investment, such as our issuance of equity securities in connection with our acquisitions. Any such issuances of additional capital stock may cause stockholders to experience significant dilution of their ownership interests and the per-share value of our common stock to decline.

The requirements of being a public company may strain our resources, divert management’s attention, and affect our ability to attract and retain executive management and qualified board members.

As a public company, we are subject to the reporting requirements of the Exchange Act, the listing standards of Nasdaq, and other applicable securities rules and regulations. We expect that the requirements of these rules and regulations will continue to increase our legal, accounting, and financial compliance costs, make some activities more difficult, time-consuming, and costly, and place significant strain on our personnel, systems, and resources. For example, the Exchange Act requires, among other things, that we file annual, quarterly, and current reports with respect to our business and results of operations. As a result of the complexity involved in complying with the rules and regulations applicable to public companies, our management’s attention may be diverted from other business concerns, which could harm our business, results of operations, and financial condition.

Although we have already hired additional employees to assist us in complying with these requirements, we may need to hire more employees in the future or engage outside consultants, which will increase our operating expenses. In addition, changing laws, regulations, and standards relating to corporate governance and public disclosure are creating uncertainty for public companies, increasing legal and financial compliance costs, and making some activities more time-consuming. These laws, regulations, and standards are subject to varying interpretations, in many cases due to their lack of specificity, and, as a result, their application in practice may evolve over time as new guidance is provided by regulatory and governing bodies. This could result in continuing uncertainty regarding compliance matters and higher costs necessitated by ongoing revisions to disclosure and governance practices. We intend to invest substantial resources to comply with evolving laws, regulations and standards, and this investment may result in increased general and administrative expenses and a diversion of management’s time and attention from business operations to compliance activities. If our efforts to comply with new laws, regulations, and standards differ from the activities intended by regulatory or governing bodies due to ambiguities related to their application and practice, regulatory authorities may initiate legal proceedings against us and our business may be harmed.

We also expect that being a public company and these new rules and regulations will make it more expensive for us to obtain director and officer liability insurance, and we may be required to accept reduced coverage or incur substantially higher costs to obtain coverage. These factors could also make it more difficult for us to attract and retain qualified members of our board of directors, particularly to serve on our audit committee and compensation committee, and qualified executive officers.

As a result of disclosure of information in filings required of a public company, our business and financial condition is more visible, which may result in an increased risk of threatened or actual litigation, including by competitors and other third parties. If such claims are successful, our business and results of operations could be harmed, and even if the claims do not result in litigation or are resolved in our favor, these claims, and the time and resources necessary to resolve them, could divert the resources of our management and harm our business, results of operations, and financial condition.

The individuals who now constitute our senior management team have limited experience managing a publicly-traded company and limited experience complying with the increasingly complex laws pertaining to public companies. Our senior management team may not successfully or efficiently manage our transition to a public company that is subject to significant regulatory oversight and reporting obligations.






52

We do not intend to pay dividends on our common stock and, consequently, the ability of common stockholders to achieve a return on investment will depend on appreciation, if any, in the price of our common stock.

You should not rely on an investment in our common stock to provide dividend income. We have never declared or paid any dividends on our capital stock. We intend to retain any earnings to finance the operation and expansion of our business, and we do not anticipate paying any cash dividends in the foreseeable future. In addition, the terms of any future credit facility or financing we obtain may contain, terms prohibiting or limiting the amount of dividends that may be declared or paid on our common stock. As a result, common stockholders may only receive a ROI if the market price of our common stock increases.

We could be subject to securities class action litigation.

In the past, securities class action litigation has often been brought against a company following a decline in the market price of its securities. This risk is especially relevant for us because technology and healthcare technology companies have experienced significant stock price volatility in recent years. If we face such litigation, it could result in substantial costs and a diversion of management’s attention and resources, which could harm our business.

Risks Related to Our Charter and Bylaws

Provisions in our charter documents and under Delaware law could make an acquisition of our company more difficult, limit attempts by our stockholders to replace or remove our current board of directors, and limit the market price of our common stock.

Provisions in our amended and restated certificate of incorporation and amended and restated bylaws may have the effect of delaying or preventing a change of control or changes in our management. Our amended and restated certificate of incorporation and amended and restated bylaws, include provisions that:

provide that our board of directors is classified into three classes of directors with staggered three-year terms;
permit the board of directors to establish the number of directors and fill any vacancies and newly-created directorships;
require super-majority voting to amend some provisions in our amended and restated certificate of incorporation and amended and restated bylaws;
authorize the issuance of “blank check” preferred stock that our board of directors could use to implement a stockholder rights plan;
provide that only a majority of our board of directors will be authorized to call a special meeting of stockholders;
prohibit stockholder action by written consent, which requires all stockholder actions to be taken at a meeting of our stockholders;
provide that the board of directors is expressly authorized to make, alter, or repeal our bylaws; and
advance notice requirements for nominations for election to our board of directors or for proposing matters that can be acted upon by stockholders at annual stockholder meetings.
Moreover, Section 203 of the Delaware General Corporation Law may discourage, delay, or prevent a change in control of our company. Section 203 imposes certain restrictions on mergers, business combinations, and other transactions between us and holders of 15% or more of our common stock.

Our amended and restated bylaws designate a state or federal court located within the State of Delaware as the exclusive forum for certain litigation that may be initiated by our stockholders, which could limit stockholders’ ability to obtain a favorable judicial forum for disputes with us.

Our amended and restated bylaws include an exclusive forum provision that provides that the Court of Chancery of the State of Delaware will be the exclusive forum for the following types of actions or proceedings under Delaware statutory or common law:

any derivative action or proceeding brought on our behalf;
53

any action asserting a breach of fiduciary duty owed to us or our stockholders by any of our current or former directors, officers or other employees;
any action asserting a claim against us arising pursuant to the Delaware General Corporation Law, our amended and restated certificate of incorporation, or our amended and restated bylaws; or
any action that is governed by the internal affairs doctrine and asserts a claim against us or any of our current or former directors, officers or other employees or stockholders.
This exclusive forum provision will not apply to any causes of action arising under the Securities Act. Further, Section 22 of the Securities Act creates concurrent jurisdiction for federal and state courts over all suits brought to enforce any duty or liability created by the Securities Act or the rules and regulations thereunder. Accordingly, both state and federal courts have jurisdiction to entertain such Securities Act claims. To prevent having to litigate claims in multiple jurisdictions and the threat of inconsistent or contrary rulings by different courts, among other considerations, our amended and restated bylaws provide that, unless we consent in writing to the selection of an alternative forum, to the fullest extent permitted by law, the federal district courts of the United States of America shall be the exclusive forum for the resolution of any complaint asserting a cause or causes of action arising under the Securities Act; however, a court may not enforce such provision.

This choice of forum provision may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or any of our directors, officers, or other employees, which may discourage lawsuits with respect to such claims. Alternatively, if a court were to find the choice of forum provision which will be contained in our amended and restated bylaws to be inapplicable or unenforceable in an action, we may incur additional costs associated with resolving such action in other jurisdictions, which could harm our business, results of operations, and financial condition.







54

General Risks

Changes in accounting principles may cause previously unanticipated fluctuations in our financial results, and the implementation of such changes may impact our ability to meet our financial reporting obligations.

We prepare our financial statements in accordance with U.S. GAAP which are subject to interpretation or changes by the Financial Accounting Standards Board (FASB), the SEC, and other various bodies formed to promulgate and interpret appropriate accounting principles. New accounting pronouncements and changes in accounting principles have occurred in the past and are expected to occur in the future which may have a significant effect on our financial results. Furthermore, any difficulties in implementation of changes in accounting principles, including the ability to modify our accounting systems, could cause us to fail to meet our financial reporting obligations, which could result in regulatory discipline and harm investors’ confidence in us.

Economic uncertainties or downturns in the general economy or the industries in which our clients operate could disproportionately affect the demand for our Solution and negatively impact our results of operations.

General worldwide economic conditions have experienced significant downturns during the last ten or more years, and market volatility and uncertainty remain widespread, making it potentially very difficult for our clients and us to accurately forecast and plan future business activities.

During challenging economic times, our clients may have difficulty gaining timely access to sufficient credit or obtaining credit on reasonable terms, increased costs, and/or other negative financial impacts, each of which could impair their ability to make timely payments to us, reduce client expansion and new client acquisition, increase client churn, and adversely affect our revenue.
If that were to occur, our financial results could be harmed. Further, challenging economic conditions may impair the ability of our clients to pay for the applications and services they already have purchased from us and, as a result, our write-offs of accounts receivable could increase. We cannot predict the timing, strength, or duration of any economic slowdown or recovery. If the condition of the general economy or markets in which we operate worsens, our business could be harmed.

Investors’ expectations of our performance relating to environmental, social, and governance factors may impose additional costs and expose us to new risks.

There is an increasing focus from certain investors, employees, and other stakeholders concerning corporate responsibility, specifically related to environmental, social, and governance factors. Some investors may use these factors to guide their investment strategies and, in some cases, may choose not to invest in us if they believe our policies relating to corporate responsibility are inadequate. Third-party providers of corporate responsibility ratings and reports on companies have increased to meet growing investor demand for measurement of corporate responsibility performance.

The criteria by which companies’ corporate responsibility practices are assessed may change, which could result in greater expectations of us and cause us to undertake costly initiatives to satisfy such new criteria. If we elect not to or are unable to satisfy such new criteria, investors may conclude that our policies with respect to corporate responsibility are inadequate. We may face reputational damage in the event that our corporate responsibility procedures or standards do not meet the standards set by various constituencies.

Furthermore, if our competitors’ corporate responsibility performance is perceived to be greater than ours, potential or current investors may elect to invest with our competitors instead. In addition, in the event that we communicate certain initiatives and goals regarding environmental, social and governance matters, we could fail, or be perceived to fail, in our achievement of such initiatives or goals, or we could be criticized for the scope of such initiatives or goals. If we fail to satisfy the expectations of investors, employees, and other stakeholders, or, if our initiatives are not executed as planned, our reputation and business, operating results, and financial condition could be adversely impacted.
Item 1B. Unresolved Staff Comments
None.
55

Item 1C. Cybersecurity
Cybersecurity Risk Management and Strategy
We believe cybersecurity is critical to advancing our company's mission to be the catalyst for massive, measurable, data-informed healthcare improvement. We face a multitude of cybersecurity threats that range from attacks common to most industries, such as ransomware and denial-of-service, to attacks from more advanced and persistent, highly organized groups and challenges specific to the healthcare industry. Our clients and suppliers face similar cybersecurity threats, and a cybersecurity incident impacting us or any of these entities could materially adversely affect our operations, performance, and results of operations.
We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program includes a cybersecurity incident response plan, which outlines the steps to be followed from incident detection to mitigation, recovery, and notification, including notifying functional areas (e.g., legal and compliance), as well as senior leadership and the board of directors, as appropriate.
Our cybersecurity program incorporates industry-standard frameworks (including third-party certification), policies, and practices designed to protect the privacy and security of our sensitive information. Our third-party certifications for certain Solutions include a HITRUST Common Security Framework certification (which includes standards from frameworks such as HIPAA, ISO, EU, GDPR, NIST, and PCI to provide risk-based certification for companies in the healthcare supply chain) and a Statement on Standards for Attestation Engagements 18 (SSAE 18) System and Organization Control (SOC) 2 report that evaluates our security program.
Assessing, identifying and managing cybersecurity related risks are integrated into our overall enterprise risk management process. Cybersecurity related risks are included in the risk universe that the enterprise risk management function evaluates to assess top risks to the enterprise on an annual basis. To the extent the enterprise risk management process identifies a heightened cybersecurity related risk, risk owners are assigned to develop risk mitigation plans, which are then tracked to completion. The enterprise risk management’s annual risk assessment is presented to the board of directors.
Our cybersecurity risk management program is integrated into our overall enterprise risk management program, and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas. Our cybersecurity risk management program includes:
risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise information technology environment;
an information security team principally responsible for managing (i) our cybersecurity risk assessment processes, (ii) our security controls, and (iii) our response to cybersecurity incidents;
the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security controls;
cybersecurity awareness training of our employees, incident response personnel, and senior management;
a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; and
a third-party risk management process for service providers, suppliers, and vendors that have access to our critical systems and information.
We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. Despite the implementation of our cybersecurity program, our security measures cannot guarantee that a significant cyberattack will not occur. A successful attack on our information technology systems could have significant consequences to the business. While we devote resources to our security measures to protect our systems and information, these measures cannot provide absolute security. See “Risk Factors—Risks Related to Data and Intellectual Property” for additional information about the risks to our business associated with a breach or compromise to our information technology systems.

56

Cybersecurity Governance
Our board of directors oversees management’s processes for identifying and mitigating risks, including cybersecurity risks, to help align our risk exposure with our strategic objectives. Our cybersecurity program is led by our Chief Information Security Officer and includes a team of cybersecurity and security compliance professionals. The cybersecurity program is further strengthened through support of our General Counsel and Chief Compliance and Data Privacy Officer. Our legal and cybersecurity teams work closely together to support and bolster our cybersecurity program. Our cybersecurity team reports to our Audit Committee quarterly on information security and cybersecurity matters, or as needed. Our Audit Committee has oversight responsibility for our data security practices and we believe the committee has the requisite skills and visibility into the design and operation of our data security practices to fulfill this responsibility effectively. The Audit Committee reports to the full Board regarding its activities, including those related to cybersecurity, as appropriate. The full Board also receives briefings from management on our cyber risk management program. From time to time, Board members receive presentations on cybersecurity topics from our Chief Information Security Officer (CISO), internal cybersecurity team or external experts as part of the Board’s continuing education on topics that impact public companies.
Our management team, including our Chief Information Security Officer and Chief Compliance and Data Privacy Officer, is responsible for assessing and managing our material risks from cybersecurity threats. The team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. Our management team’s experience includes more than 75 years of combined IT experience, 35 of which are focused specifically on Information Security. The broader Information Security team’s accredited industry certifications include Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certificate of Cloud Security Knowledge (CCSK), Certified Cloud Security Professional (CCSP), and Blue Team Level II. The company’s current CISO has more than two decades of IT leadership experience and holds several relevant IT and healthcare specific certifications including CISSP, CISM, CCSK and CCSP, and has a Bachelor of Science in Computer Information Systems and a Master of Science in Medical Informatics.
Our management team supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us; and alerts and reports produced by security tools deployed in the information technology environment.
Item 2. Properties
Our principal executive offices are located in South Jordan, Utah where we lease facilities totaling approximately 128,037 square feet under a lease agreement that expires on December 31, 2031, of which 54,399 square feet is currently subleased. We use this facility for administration, sales and marketing, technology and development, and professional services. We also lease offices elsewhere for sales, research and development, professional services, and other personnel, including offices in Minneapolis, Minnesota and Hyderabad, India.
We believe that our facilities are adequate to meet our needs for the immediate future, and that, should it be needed, suitable additional space will be available to accommodate any such expansion of our operations.
Item 3. Legal Proceedings
We are, and from time to time may be, party to litigation and subject to claims incident to the ordinary course of business. As our growth continues, we may become party to an increasing number of litigation matters and claims. The outcome of litigation and claims cannot be predicted with certainty, and the resolution of these matters could materially affect our future results of operations, cash flows, or financial position. We are not presently party to any other legal proceedings that in the opinion of management, if determined to adversely affect us, may individually or taken together have a material adverse effect on our business, operating results, financial condition, or cash flows.
For information regarding a recent legal proceeding that was dismissed with prejudice on June 20, 2023, refer to Note 16, “Contingencies” to the Consolidated Financial Statements in Item 8, which is incorporated herein by reference.
Item 4. Mine Safety Disclosures
Not applicable.
57



PART II
Item 5. Market for Registrant’s Common Equity, Related Stockholder Matters, and Issuer Purchases of Equity Securities
Market information for our common stock
Our common stock began trading on the Nasdaq Global Select Market under the symbol “HCAT” on July 25, 2019. Prior to that date, there was no public trading market for our common stock.
Holders of record
As of December 31, 2023, there were 128 holders of record of our common stock. The actual number of stockholders is greater than this number of record holders and includes stockholders who are beneficial owners but whose shares are held in street name by brokers and other nominees.
Dividend policy
We do not intend to pay cash dividends in the foreseeable future.
Securities authorized for issuance under equity compensation plans
The information required by this item with respect to our equity compensation plans is incorporated by reference in our proxy statement for the 2024 Annual Meeting of Stockholders to be filed with the SEC within 120 days of the year ended December 31, 2023.

58

Stock performance graph
The following performance graph and related information is “furnished” and shall not be deemed to be “soliciting material” or “filed” for purposes of Section 18 of the Exchange Act and Regulation 14A under the Exchange Act nor shall such information be incorporated by reference into any filing of Health Catalyst, Inc. under the Exchange Act or the Securities Act, except to the extent we specifically incorporate it by reference in such filing.
The graph set forth below compares the cumulative total return to stockholders on our common stock relative to the cumulative total returns of the S&P 500 Index and Nasdaq Healthcare Index between July 25, 2019 (the date our common stock commenced trading) through December 31, 2023. All values assume a $100 initial investment at market close on July 25, 2019. The initial public offering price of our common stock, which had a closing stock price of $39.17 on July 25, 2019, was $26.00 per share. Data for the S&P 500 and Nasdaq Healthcare indices assume reinvestment of dividends. The comparisons are based on historical data and are not indicative of, nor intended to forecast, the future performance of our common stock.
Stock Performance Graph.jpg
Company/Index
Jul 25, 2019(1)
Dec 31, 2019Dec 31, 2020Dec 31, 2021Dec 31, 2022Dec 31, 2023
Health Catalyst, Inc.$100 $89 $111 $101 $27 $24 
S&P 500$100 $108 $125 $159 $128 $159 
Nasdaq Healthcare $100 $114 $149 $143 $114 $122 
__________________
(1)Base period
Unregistered Sales of Equity Securities and Use of Proceeds
Unregistered sales of equity securities

During the year ended December 31, 2023, we did not issue or sell any unregistered securities not previously disclosed in a Quarterly Report on Form 10-Q or in a Current Report on Form 8-K.
Issuer purchases of equity securities
None.
Item 6. [Reserved]
59

Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations
The following discussion and analysis of our financial condition and results of operations should be read in conjunction with our consolidated financial statements, the accompanying notes, and other financial information included elsewhere in this Annual Report on Form 10-K. This discussion contains forward-looking statements that involve risks, uncertainties, and assumptions. Our actual results could differ materially from those forward-looking statements below. Factors that could cause or contribute to those differences include, but are not limited to, those identified below and those discussed in the sections titled “Risk Factors” and “Special Note Regarding Forward-Looking Statements” included elsewhere in this Annual Report on Form 10-K.
A discussion regarding our financial condition and results of operations for the year ended December 31, 2023 compared to the year ended December 31, 2022 is presented below. A discussion regarding our financial condition and results of operations for the year ended December 31, 2022 compared to the year ended December 31, 2021 is included under “Management’s Discussion and Analysis of Financial Condition and Results of Operations” in our prior year Form 10-K filed on February 28, 2023.
Overview
We are a leading provider of data and analytics technology and services to healthcare organizations. Our Solution comprises our cloud-based data platform, software analytics applications, and professional services expertise. Our clients, which are primarily healthcare providers, use our Solution to manage their data, derive analytical insights to operate their organization, and produce measurable clinical, financial, and operational improvements. We envision a future where all healthcare decisions are data-informed.
Health Catalyst was founded in 2008 by healthcare analytics industry pioneers. Our founders and team developed the initial version of our Solution, consisting of an early version of our data platform, select analytics accelerators, and professional services expertise. From the beginning, our Solution has been focused on enabling our mission: to be the catalyst for massive, measurable, data-informed healthcare improvement. We currently employ more than 1,300 team members.
Highlights from the years ended December 31, 2023, 2022, and 2021 include:
For the years ended December 31, 2023, 2022, and 2021, our total revenue was $295.9 million, $276.2 million, and $241.9 million, respectively. The growth in revenue was primarily due to revenue from new clients, including clients of our recent acquired entities, and existing clients paying higher technology access fees from contractual, annual escalators.
For the years ended December 31, 2023, 2022, and 2021, we incurred net losses of $118.1 million, $137.4 million, and $153.2 million, respectively.
For the years ended December 31, 2023, 2022, and 2021, our Adjusted EBITDA was $11.0 million, $(2.5) million, and $(11.2) million, respectively.
See “Reconciliation of Non-GAAP Financial Measures” below for more information about Adjusted EBITDA, including the limitations of Adjusted EBITDA and a reconciliation to the most directly comparable measure calculated in accordance with GAAP. See “Key Factors Affecting Our Performance” for more information about important opportunities and challenges related to our business.

60

Challenging Macroeconomic Environment
Recent macroeconomic challenges (including high levels of inflation and high interest rates) and the tight labor market continue to adversely affect workforces, organizations, governments, clients, economies, and financial markets globally. These factors have disrupted the normal operations of many businesses, including our business. These factors have also placed the national healthcare system under significant operational and budgetary strain, and will likely continue to do so in the near term.
The health system end market, in particular, is experiencing meaningful financial strain, in which it has realized significant increases in labor and supply costs without a commensurate increase in revenue, leading to a deterioration in operating margins across many of our clients and prospective clients. We anticipate this dynamic to persist for at least the next few quarters, although we have seen incremental improvements in recent months. We have seen a decrease in pipeline demand relative to the period prior to the onset of these macroeconomic factors in 2022, as well as some elevated realized and anticipated down-sell and churn levels, primarily for the parts of our Solution that do not offer near-term, financial ROI, such as our clinically-focused technology offerings and our more traditional consulting Professional Services.
While we have seen that this financial strain has continued to pressure health system budgets, we have continued to hear a strong acknowledgement that our offering includes solutions that directly reduce health systems’ current financial pressure, especially related to the segments of our offering that have a clear, near-term financial ROI, such as our TEMS offering, our Financial Empowerment technology suite, and some components of our Population Health technology suite.
With respect to other near-term implications of the challenging macroeconomic environment, we continue to anticipate that a higher proportion of our gross bookings will come from our existing client base as compared to historical levels, inclusive of upsells to both our DOS client base, as well as upsells to our over 525 other more modular non-DOS clients. This expectation is driven by our belief that many existing clients that have already realized a strong ROI, and are aligned on a long-term partnership framework, will be more receptive to expansion conversations, as compared to discussions with prospective clients. Additionally, the elevated technology down-sell and churn levels for DOS Subscription Clients, primarily for the parts of our Solution that do not offer near-term, financial ROI, inclusive of some smaller, more modular DOS relationships, and our aggregate churn levels in 2023 were more heavily weighted toward the first half of 2023.
Our 2023 net new DOS Subscription Clients had a lower average starting annual recurring revenue (ARR) as compared to historical levels. Our average subscription revenue for net new DOS Subscription Clients signed in the year ended December 31, 2023 (new 2023 DOS Subscription Clients), was toward the low end of the average expected range of $500,000 to $1,500,000, driven primarily by greater demand of stand-alone DOS module components, such as Healthcare.AI, which resulted in subscription revenue that is significantly lower than subscription revenue derived from a contract that includes access to all of the DOS platform components and analytic applications. This average ARR range is comprised of new 2023 DOS Subscription Clients with (i) subscription revenue in the expected average range or significantly above the expected average range driven by the size of the client organization and the bundle of technology and services included in their subscription and (ii) subscription revenue meaningfully below the low-end of the expected range driven by sales of stand-alone DOS module components, which provided greater deal certainty in a more challenging macroeconomic environment, and which we believe will provide an opportunity to expand our relationship with these DOS Subscription Clients in the future.
We benefit from a highly recurring revenue model, in which greater than 90% of our revenue is recurring in nature, and a high level of technology revenue predictability, especially within our DOS Subscription Clients whose contracts, when sold as a bundle with our analytics applications, often have built-in, contractual technology revenue escalators.
As previously described, within our professional services segment, a subset of clients have reduced the number of FTEs engaged in their initiatives, while in the technology segment, a subset of modular clients and smaller DOS platform clients have lowered their application and analytics spend. Given the improved bookings performance of our TEMS offering beginning in the second half of 2022 and extending through 2023, a higher proportion of our bookings in 2023 came from our professional services offering relative to 2022, as health systems looked for solutions to effectively address their near-term expense challenges. While this change in bookings mix will lead to lower Adjusted Professional Services Gross Margin and Total Adjusted Gross Margin in future years, we expect that we will achieve improvements in Adjusted EBITDA as a result of the minimal incremental operating expense required to support our TEMS growth. We continue to anticipate that our adjusted operating expenses as a percentage of revenue will trend lower, largely due to our restructuring efforts and meaningful continued operating leverage.
We continue to proactively respond to the challenging macroeconomic environment with a strategic operating plan that emphasizes our offerings and go-to-market approach in the areas where we have the most competitive differentiation and where clients are most likely to achieve measurable financial and operational ROI both in the near term and over time.

61

We believe this focus will enable us to move forward in a position of continued competitive and financial strength. We will continue to refine this strategic operating plan and are continuing to make several investments in research and development, primarily in enhancing the capabilities within our DOS platform, in order to maintain our position as a market-leading data platform over the long term.
Our Business Model
We offer our Solution to a variety of healthcare organizations, primarily in the United States, including academic medical centers, integrated delivery networks, community hospitals, large physician practices, ACOs, health information exchanges, health insurers, and other risk-bearing entities. We categorize our client count into two primary categories: DOS Subscription Clients and Other Clients. DOS Subscription Clients are defined as clients who directly or indirectly access our DOS platform via a technology subscription contract. Indirect access to the DOS platform may include DOS module components such as Healthcare.AI, Pop Analyzer, IDEA, and other DOS platform components. See “Key Business Metrics and Non-GAAP Financial Measures” below for more information about our DOS Subscription Clients. Other Clients generally include DOS non-subscription clients and other clients from historical acquisitions. As of December 31, 2023, 2022, and 2021, we had 109, 98, and 90 DOS Subscription Clients with active subscriptions, respectively. As of December 31, 2023, we served over 525 Other Clients compared to over 425 as of December 31, 2022. The increase in Other Clients from 2022 to 2023 was primarily due to our acquisition of ERS.
We derive substantially all of our revenue through subscriptions for use of our technology and professional services on a recurring basis. In 2023, greater than 90% of our total revenue was recurring in nature. Clients pay for our technology primarily on a subscription basis for our entire technology suite or for pieces of our technology (e.g., DOS-only or modular portions of DOS, which we have sometimes referred to as DOS Lite). We generally provide access to our technology and deliver professional services to clients on a recurring basis, with our technology invoiced upfront annually or quarterly and our professional services invoiced monthly. Most of our technology and professional services contracts with DOS Subscription Clients have a three or five-year term, of which many are terminable after one year upon 90 days’ notice. As we increase the use cases we address at a given client, we have the opportunity to upsell incremental technology and services. We have demonstrated an ability to upsell technology and services to our client base over time as evidenced by a Dollar-based Retention Rate of 100%, 100%, and 112% for the years ended December 31, 2023, 2022, and 2021, respectively.
The primary costs incurred to deliver our technology are hosting fees and headcount-related costs associated with our cloud services and support teams. Hosting fees are related to providing our technology through a cloud-based environment hosted primarily by Microsoft Azure. However, we also have deployed DOS on-premise to a small number of clients. Over time, we plan to continue to migrate our on-premise clients to Azure-hosted environments, increasing our technology cost of revenue. We have experienced and expect to continue to experience operational inefficiencies associated with managing multiple hosting providers, resulting in a headwind against Adjusted Technology Gross Margin. Additionally, we are in the early phases of migrating our DOS platform client base to a single-instance, multi-tenant data platform architecture that includes enhanced elastic compute capabilities supported by Snowflake and Databricks database technologies. We expect that these investments in our DOS platform will provide additional capabilities for our clients as well as improve our ability to drive cost efficiencies in our hosting and support costs per client over time. However, in the medium-term, we will incur some migration costs associated with deploying the updated architecture across DOS platform clients, resulting in a headwind for our Technology Gross Margin. The primary costs incurred to deliver our professional services are the salaries, benefits, and other headcount-related costs of our team members.

We delineate our sales organization by new client acquisition and existing client retention and expansion. Selling efforts to new clients vary. Many of our new clients engage with us broadly for multiple use cases, requiring buy-in during the sales cycle across the C-suite. Alternatively, in some instances, we engage with a client in a single-use case. After we demonstrate measurable improvements, we work with our clients to expand the utilization of our Solution to other use cases or enterprise-wide. The average sales cycle for a new DOS Subscription Client is estimated to be approximately one year, but that timeline can vary materially. Because of our vertical focus on the healthcare industry, we believe our sales and marketing resources can be deployed more efficiently than at horizontally-focused companies that provide technology and services to multiple industries. Additionally, with our increased focus on driving expansion within our existing client base through our TEMS offering, we believe that our sales and marketing infrastructure is positioned well to generate meaningful leverage and growth within our services offerings without the need for the same level of incremental investment as in prior years. This operating leverage primarily stems from the fact that we already have an existing relationship with the client, inclusive of having invested in client success initiatives and having provided account management services to the client since the beginning of our contractual relationship. Over the past few years, we have invested in growth infrastructure by adding to our sales operations and marketing teams, which are built to help us scale over the long term.

62

We have demonstrated a consistent track record of innovation through research and development over time as evidenced by our new product features and new product offerings. This innovation is driven by feedback we glean from our clients, professional services teams, and the market generally. Our investments in product development have been focused on increasing the capabilities of our Solution and expanding the number of use cases we address for our clients.

Financial Measures and Key Business Metrics
We regularly review a number of metrics, including the following key financial measures, to manage our business and evaluate our operating performance compared to that of other companies in our industry:
Year Ended December 31,
202320222021
GAAP Financial Measures:
(in thousands, except percentages)
Technology revenue
$187,583 $176,288 $147,718 
Professional services revenue
$108,355 $99,948 $94,208 
Total revenue
$295,938 $276,236 $241,926 
Net loss
$(118,147)$(137,403)$(153,210)
Non-GAAP Financial Measures:
Adjusted Technology Gross Profit
$127,744 $122,284 $102,326 
Adjusted Technology Gross Margin
68 %69 %69 %
Adjusted Professional Services Gross Profit
$16,316 $23,565 $25,544 
Adjusted Professional Services Gross Margin
15 %24 %27 %
Total Adjusted Gross Profit
$144,060 $145,849 $127,870 
Total Adjusted Gross Margin
49 %53 %53 %
Adjusted EBITDA
$11,021 $(2,487)$(11,248)
We monitor the key financial measures set forth in the preceding table to help us evaluate trends, establish budgets, measure the effectiveness and efficiency of our operations, and determine team member incentives. We discuss Adjusted Gross Profit, Adjusted Gross Margin, and Adjusted EBITDA in more detail below.
Adjusted gross profit and adjusted gross margin
Adjusted Gross Profit is a non-GAAP financial measure that we define as revenue less cost of revenue, excluding depreciation and amortization, adding back stock-based compensation, acquisition-related costs, net, and restructuring costs as applicable. We define Adjusted Gross Margin as our Adjusted Gross Profit divided by our revenue. We believe Adjusted Gross Profit and Adjusted Gross Margin are useful to investors as they eliminate the impact of certain non-cash expenses, as well as certain other non-recurring operating expenses, and allow a direct comparison of these measures between periods without the impact of non-cash expenses and certain other non-recurring operating expenses. We present both of these measures for our technology and professional services business. We believe these non-GAAP measures are useful in evaluating our operating performance compared to that of other companies in our industry, as these metrics generally eliminate the effects of certain items that may vary from company to company for reasons unrelated to overall profitability.
See “Reconciliation of Non-GAAP Financial Measures” below for information regarding the limitations of using our Adjusted Gross Profit and Adjusted Gross Margin as financial measures and for a reconciliation of revenue to our Adjusted Gross Profit, the most directly comparable financial measure calculated in accordance with GAAP.
Adjusted EBITDA
Adjusted EBITDA is a non-GAAP financial measure that we define as net loss adjusted for (i) interest and other (income) expense, net, (ii) income tax provision (benefit), (iii) depreciation and amortization, (iv) stock-based compensation, (v) acquisition-related costs, net, (vi) litigation costs, (vii) restructuring costs, and (viii) non-recurring lease-related charges. We view acquisition-related expenses when applicable, such as transaction costs and changes in the fair value of contingent consideration liabilities that are directly related to business combinations, as costs that are unpredictable, dependent upon factors outside of our control, and are not necessarily reflective of operational performance during a period. We believe that excluding restructuring costs, litigation costs, and non-recurring lease-related charges allows for more meaningful comparisons between operating results from period to period as these are separate from the core activities that arise in the ordinary course of our business and are not part of our ongoing operations.
63

We believe Adjusted EBITDA provides investors with useful information on period-to-period performance as evaluated by management and comparison with our past financial performance. We believe Adjusted EBITDA is useful in evaluating our operating performance compared to that of other companies in our industry, as this metric generally eliminates the effects of certain items that may vary from company to company for reasons unrelated to overall operating performance.
See “Reconciliation of Non-GAAP Financial Measures” below for information regarding the limitations of using our Adjusted EBITDA as a financial measure and for a reconciliation of our net loss to Adjusted EBITDA, the most directly comparable financial measure calculated in accordance with GAAP.
Other Key Metrics
We also regularly monitor and review the number of DOS Subscription Clients and Dollar-based Retention Rate as shown in the following tables:
DOS Subscription Clients
As of December 31,
202320222021
DOS Subscription Clients109 98 90 
Since 2016, our primary contracting model is a subscription-based contract to our DOS platform, analytics applications, and professional services. Given how fundamental DOS is to our Solution and because the vast majority of our total revenue is derived from DOS Subscription Clients, we believe our DOS Subscription Client count is a representation of our market penetration and the growth of our business. We have updated the name of this key metric to DOS Subscription Clients from DOS Subscription Customers used in prior filings as we feel that the client reference more fully depicts the deep, long-standing, multi-faceted relationships we strive to build with the entities we serve.
DOS Subscription Clients are defined as clients who directly or indirectly access our DOS platform via a technology subscription contract. Indirect access to the DOS platform may include DOS module components such as Healthcare.AI, Pop Analyzer, IDEA, and other DOS platform components. Given the variety of ways to access DOS and the mix of specific components of DOS available to be included in a subscription contract, average subscription revenue for new DOS Subscription Clients in a given calendar year can vary. Although subscription revenue from individual DOS Subscription Client arrangements may vary dramatically based on the type and number of DOS modules and applications included in new contracts, we generally expect average subscription revenue for new DOS Subscription Clients in a calendar year will range between $500,000 and $1,500,000.
The average subscription revenue for DOS Subscription Clients signed in the twelve-month period ended December 31, 2023 (2023 DOS Subscription Clients), for instance, was below the midpoint of the average expected range noted in the preceding paragraph, driven primarily by greater growth opportunity through stand-alone DOS module components, such as Healthcare.AI, which resulted in subscription revenue that is significantly lower than subscription revenue derived from a contract that includes enterprise access to all of the DOS platform components and analytic applications. This average ARR range is comprised of new 2023 DOS Subscription Clients with (i) subscription revenue in the expected average range or significantly above the expected average range driven by the size of the client organization and the bundle of technology and services included in their subscription and (ii) subscription revenue meaningfully below the low-end of the expected range driven by sales of stand-alone DOS module components, which provided greater deal certainty in a more challenging macroeconomic environment, and which we believe will provide an opportunity to expand our relationship with these DOS Subscription Clients in the future.
Our net new DOS Subscription Client additions were lower in 2023 and 2022 as compared to 2021 due to the continued financial strain and budget constraints in our end-market. While health system operating margins continue to be challenged relative to longer-term historical levels, we are encouraged to see these operating margins steadily improving in recent quarters. Supported by the continued improvement in the operating environment of our end market, we anticipate improvement in both the net new DOS Subscription Clients added as well as the average subscription revenue per new DOS Subscription Client in 2024 compared to 2023.
Dollar-based Retention Rate
Year Ended December 31,
202320222021
Dollar-based Retention Rate100 %100 %112 %

64

We calculate our Dollar-based Retention Rate as of a period end by starting with the sum of the technology and professional services ARR from our DOS Subscription Clients as of the date 12 months prior to such period end (prior period ARR). We then calculate the sum of the ARR from these same clients as of the current period end (current period ARR).
Current period ARR includes any upsells and also reflects contraction or attrition over the trailing twelve months but excludes revenue from new DOS Subscription Clients added in the current period. We then divide the current period ARR by the prior period ARR to arrive at our Dollar-based Retention Rate. We calculate ARR for each DOS Subscription Client as the expected monthly recurring revenue of our clients as of the last day of a period multiplied by 12. Because our primary business model is to contract for our DOS platform, analytics applications, and professional services, our Dollar-Based Retention Rate calculated above only includes our DOS Subscription Clients. Other Clients that do not meet the definition of a DOS Subscription Client, which are primarily legacy Medicity, Able Health, Healthfinch, Vitalware, Twistle, KPI Ninja, ARMUS, and ERS clients, are not included in the Dollar-based Retention Rate metrics.
Given the nature of our technology contracts, which, for many DOS Subscription Clients, are generally priced for multi-year periods and have built-in, contractual escalators, we would generally anticipate less variation within our Dollar-based Retention Rate for technology fees as a result of current challenging macroeconomic factors. However, our technology Dollar-based Retention Rate decreased as of December 31, 2023 and 2022 compared to December 31, 2021 primarily due to the loss of a large enterprise DOS platform client, a decline in our sales pipeline with respect to parts of our Solution that do not offer near-term ROI, such as our clinically-focused technology offerings, and some clients reducing their near-term DOS and analytics application spend with us in an effort to meet their short-term budget requirements. As noted, our Dollar-based Retention Rate Key Metric excludes Other Clients who are not DOS Subscription Clients, including clients added through acquisition, as the go-forward technology revenue growth profiles of these businesses may vary from our core DOS Subscription Clients. For example, Medicity clients have generated a lower Dollar-based Retention Rate than DOS Subscription Clients and we expect flat to declining revenue from Medicity clients in the foreseeable future.
The financial strain imposed by COVID-19 on a number of our clients led to a meaningfully lower professional services dollar-based retention in 2020 compared to prior years due to discounts provided to support our clients through the financial strain related to the initial outbreak. We did not provide similar discounts during 2021 and saw improvement in our Dollar-based Retention Rate for professional services fees compared to 2020. However, 2022 and 2023 proved to be more challenging years than anticipated as a result of the inflationary macroeconomic environment and the meaningful financial strain that our health system end market faced, which contributed to a lower Dollar-based Retention Rate compared to 2021. We anticipate that there will continue to be variation in our professional services Dollar-based Retention Rate in the near term, however, we expect it to improve in 2024 relative to 2023, primarily driven by incremental improvements in the financial health of our end market and continued opportunities to upsell existing DOS Subscription Clients with additional access to technology and to our TEMS offering. While the vast majority of our professional services revenue are recurring in nature, we also provide clients with an option to engage with us for non-recurring, project-based professional services fees. These non-recurring, project-based fees are less predictable than our recurring services and can drive fluctuations in quarterly professional services revenues and in prior period comparisons.
Reconciliation of Non-GAAP Financial Measures
In addition to our results determined in accordance with GAAP, we believe the following non-GAAP measures are useful in evaluating our operating performance. We use the following non-GAAP financial information to evaluate our ongoing operations, as a component in determining employee bonus compensation, and for internal planning and forecasting purposes. We believe that non-GAAP financial information, when taken collectively, may be helpful to investors because it provides consistency and comparability with past financial performance. However, non-GAAP financial information is presented for supplemental informational purposes only, has limitations as an analytical tool, and should not be considered in isolation or as a substitute for financial information presented in accordance with GAAP. In addition, other companies, including companies in our industry, may calculate similarly-titled non-GAAP measures differently or may use other measures to evaluate their performance, all of which could reduce the usefulness of our non-GAAP financial measures as tools for comparison. A reconciliation is provided below for each non-GAAP financial measure to the most directly comparable financial measure stated in accordance with GAAP. Investors are encouraged to review the related GAAP financial measures and the reconciliation of these non-GAAP financial measures to their most directly comparable GAAP financial measures, and not to rely on any single financial measure to evaluate our business.


65

Adjusted gross profit and adjusted gross margin
Adjusted Gross Profit is a non-GAAP financial measure that we define as revenue less cost of revenue, excluding depreciation and amortization, adding back stock-based compensation, acquisition-related costs, net, and restructuring costs, as applicable. We define Adjusted Gross Margin as our Adjusted Gross Profit divided by our revenue. We believe Adjusted Gross Profit and Adjusted Gross Margin are useful to investors as they eliminate the impact of certain non-cash expenses and allow a direct comparison of these measures between periods without the impact of non-cash expenses and certain other non-recurring operating expenses.
We present both of these measures for our technology and professional services business. We believe these non-GAAP measures are useful in evaluating our operating performance compared to that of other companies in our industry, as these metrics generally eliminate the effects of certain items that may vary from company to company for reasons unrelated to overall profitability.
The following is a reconciliation of revenue to our Adjusted Gross Profit and Adjusted Gross Margin in total and for technology and professional services for the years ended December 31, 2023, 2022, and 2021:
Year Ended December 31, 2023
(in thousands, except percentages)
Technology
Professional
Services
Total
Revenue$187,583 $108,355 $295,938 
Cost of revenue, excluding depreciation and amortization(62,474)(101,631)(164,105)
Gross profit, excluding depreciation and amortization125,109 6,724 131,833 
Add:
Stock-based compensation1,866 7,369 9,235 
Acquisition-related costs, net(1)
273 391 664 
Restructuring costs(2)
496 1,832 2,328 
Adjusted Gross Profit$127,744 $16,316 $144,060 
Gross margin, excluding depreciation and amortization67 %%45 %
Adjusted Gross Margin68 %15 %49 %
__________________
(1) Acquisition-related costs, net include deferred retention expenses following the ARMUS, KPI Ninja, and Twistle acquisitions.
(2) Restructuring costs include severance and other team member costs from workforce reductions.
Year Ended December 31, 2022
(in thousands, except percentages)
Technology
Professional
Services
Total
Revenue$176,288 $99,948 $276,236 
Cost of revenue, excluding depreciation and amortization(56,642)(86,407)(143,049)
Gross profit, excluding depreciation and amortization119,646 13,541 133,187 
Add:
Stock-based compensation2,058 8,230 10,288 
Acquisition-related costs, net(1)
351 655 1,006 
Restructuring costs(2)
229 1,139 1,368 
Adjusted Gross Profit$122,284 $23,565 $145,849 
Gross margin, excluding depreciation and amortization68 %14 %48 %
Adjusted Gross Margin69 %24 %53 %
__________________
(1) Acquisition-related costs, net includes deferred retention expenses following the ARMUS, KPI Ninja, and Twistle acquisitions.
(2) Restructuring costs include severance and other team member costs from workforce reductions.
66

Year Ended December 31, 2021
(in thousands, except percentages)
Technology
Professional
Services
Total
Revenue$147,718 $94,208 $241,926 
Cost of revenue, excluding depreciation and amortization(47,516)(76,838)(124,354)
Gross profit, excluding depreciation and amortization100,202 17,370 117,572 
Add:
Stock-based compensation2,063 8,047 10,110 
Acquisition-related costs, net(1)
61 127 188 
Adjusted Gross Profit$102,326 $25,544 $127,870 
Gross margin, excluding depreciation and amortization68 %18 %49 %
Adjusted Gross Margin69 %27 %53 %
__________________
(1) Acquisition-related costs, net includes deferred retention expenses following the Twistle acquisition.
Adjusted Technology Gross Margin decreased slightly from 69% for the year ended December 31, 2022 to 68% for the year ended December 31, 2023. The year-over-year result was mainly driven by continued costs associated with transitioning a portion of our client base to Azure-hosted environments, as well as from costs associated with migrating a subset of our client base to our multi-tenant, Snowflake and Databricks-enabled data platform environment, partially offset by existing clients paying higher technology access fees from contractual, built-in escalators, without a corresponding increase in hosting costs.
We expect Adjusted Technology Gross Margin to fluctuate and potentially decline in the near term, primarily due to additional costs associated with the ongoing transition of a small number of clients from our managed data centers or on-premise to third-party hosted data centers with Microsoft Azure as well as the migration of a subset of clients to our multi-tenant, Snowflake and Databricks-enabled data platform environment. The potential decline is also attributable to a small subset of modular clients reducing their software analytics application costs, which tend to be higher margin offerings.
Adjusted Professional Services Gross Margin decreased from 24% for the year ended December 31, 2022 to 15% for the year ended December 31, 2023, primarily due to growth in TEMS, which start at a lower gross margin than many of our other professional service offerings, and lower utilization rates.
We expect that the workforce reductions that are part of the 2023 Restructuring Plan will have a positive impact on Adjusted Professional Services Gross Margin; however, we still expect Adjusted Professional Services Gross Margin to fluctuate on a quarterly basis due to changes in the mix of services we provide, the amount of operational overhead required to deliver our services, and clients delaying or reducing services due to the uncertain and challenging macroeconomic environment. Specifically, in the near term, we expect our mix of services to include more TEMS which have minimal initial services gross margins that gradually increase over time as we drive efficiencies in service delivery through the use of our technology. As part of our TEMS contracts, we often re-badge existing health system team members within the applicable functional area as Health Catalyst team members. We often provide a client with a near-term discount relative to their existing costs for the scope of the TEMS opportunity, and we drive incremental gross margin over time by leveraging our technology and know-how to make processes more efficient and reduce the client’s labor costs. While there will be a headwind to gross margin from these TEMS in the near term, we believe this model will benefit our mid and long-term Adjusted EBITDA and profitability targets due to improved direct margin on these services over time, our ability to drive operating leverage with lower relative incremental operating expense investment required, and the fact that these contracts typically result in long-term technology subscription contract renewals or expansions.
Adjusted EBITDA
Adjusted EBITDA is a non-GAAP financial measure that we define as net loss adjusted for (i) interest and other (income) expense, net, (ii) income tax provision (benefit), (iii) depreciation and amortization, (iv) stock-based compensation, (v) acquisition-related costs, net, (vi) litigation costs, (vii) restructuring costs, and (viii) non-recurring lease-related charges. We view acquisition-related expenses when applicable, such as transaction costs and changes in the fair value of contingent consideration liabilities that are directly related to business combinations, as costs that are unpredictable, dependent upon factors outside of our control, and are not necessarily reflective of operational performance during a period.
67

We believe that excluding restructuring costs, litigation costs, and non-recurring lease-related charges allows for more meaningful comparisons between operating results from period to period as this is separate from the core activities that arise in the ordinary course of our business and are not part of our ongoing operations. We believe Adjusted EBITDA provides investors with useful information on period-to-period performance as evaluated by management and a comparison with our past financial performance, and is useful in evaluating our operating performance compared to that of other companies in our industry, as this metric generally eliminates the effects of certain items that may vary from company to company for reasons unrelated to overall operating performance.
Our Adjusted EBITDA improved year-over-year as a result of our revenue growth and cost reduction initiatives as well as the timing of some non-headcount expenses, including the change in timing of our HAS event. We expect Adjusted EBITDA to continue to improve going forward, although it may fluctuate from quarter to quarter as a result of the timing of non-recurring revenue and the seasonality of certain operating costs, including costs related to our HAS event, which we plan to hold next during the first quarter of 2024.
The following is a reconciliation of our Adjusted EBITDA to net loss, the most directly comparable financial measure calculated in accordance with GAAP, for the years ended December 31, 2023, 2022, and 2021:
Year Ended December 31,
202320222021
(in thousands)
Net loss$(118,147)$(137,403)$(153,210)
Add:
Interest and other (income) expense, net(9,106)1,678 16,458 
Income tax provision (benefit)356 (4,280)(6,898)
Depreciation and amortization42,223 48,297 37,528 
Stock-based compensation55,756 72,104 65,145 
Acquisition-related costs, net(1)
5,757 4,894 27,929 
Litigation costs(2)
21,279 — — 
Restructuring costs(3)
8,822 8,425 — 
Non-recurring lease-related charges(4)
4,081 3,798 1,800 
Adjusted EBITDA$11,021 $(2,487)$(11,248)
__________________
(1)Acquisition-related costs, net includes third-party fees associated with due diligence, deferred retention expenses, post-acquisition restructuring costs incurred as part of business combinations, and changes in fair value of contingent consideration liabilities for potential earn-out payments. For additional details refer to Notes 1, 2, and 7 in our consolidated financial statements.
(2)Litigation costs include costs related to litigation that are outside the ordinary course of our business. For additional details, refer to Note 16 in our consolidated financial statements.
(3)Restructuring costs include severance and other team member costs from workforce reductions, impairment of discontinued capitalized software projects, and other miscellaneous charges. For additional details, refer to Note 11 in our consolidated financial statements.
(4)Non-recurring lease-related charges includes lease-related impairment charges for the subleased portion of our corporate headquarters. For additional details refer to Note 9 in our consolidated financial statements.
Key Factors Affecting Our Performance
We believe that our future growth, success, and performance are dependent on many factors, including those set forth below. While these factors present significant opportunities for us, they also represent the challenges that we must successfully address in order to grow our business and improve our results of operations.
Impact of challenging macroeconomic environment, including high inflation and high interest rates. Recent macroeconomic challenges (including the high levels of inflation and high interest rates) and the tight labor market continue to adversely affect workforces, organizations, governments, clients, economies, and financial markets globally, leading to an economic downturn and increased market volatility. They have also disrupted the normal operations of many businesses, including ours. Our health system end market is currently experiencing meaningful financial strain from significant inflation. In particular, they are experiencing increases in labor and supply costs without a commensurate increase in revenue, leading to significant margin pressure. This margin pressure could continue to decrease healthcare industry spending, adversely affect demand for our technology and services, cause one or more of our clients to file for bankruptcy protection or go out of business, cause one or more of our clients to fail to renew, terminate, or renegotiate their contracts, impact expected spending from new clients, negatively impact collections of accounts receivable, and harm our business, results of operations, and financial condition. It is not possible for us to predict the duration or magnitude of the adverse results of the challenging macroeconomic environment and its effects on our business, results of operations, or financial condition at this time.
68

Add new clients. We believe our ability to increase our client base will enable us to drive growth. Our potential client base is generally in the early stages of data and analytics adoption and maturity. We expect to further penetrate the market over time as potential clients invest in commercial data and analytics solutions. As one of the first data platform and analytics vendors focused specifically on healthcare organizations, we have an early-mover advantage and strong brand awareness. Our clients are large, complex organizations who typically have long procurement cycles which may lead to declines in the pace of our new client additions, which also included small clients.
Leverage recent product and services offerings to drive expansion. We believe that our ability to expand within our client base will enable us to drive growth. Over the last few years, we have developed and deployed several new analytics applications including PowerCosting (formerly known as CORUS), PowerLabor, Touchstone, Patient Safety Monitor, Pop Analyzer (formerly known as Population Builder), Value Optimizer, and others. Because we are in the early stages of certain of our applications’ lifecycles and maturity, we do not have enough information to know the impact on revenue growth by upselling these applications and associated services to current and new clients.
Impact of acquisitions. We have acquired multiple companies over the last few years, including Medicity in June 2018, Able Health in February 2020, Healthfinch in July 2020, Vitalware in September 2020, Twistle in July 2021, KPI Ninja in February 2022, ARMUS in April 2022, and ERS in October 2023. The historical and go-forward revenue growth profiles of these businesses may vary from our core DOS Subscription Clients, which can positively or negatively impact our overall growth rate. For example, Medicity clients have generated a lower dollar-based retention rate than DOS Subscription Clients and we expect declining revenue from Medicity clients in the foreseeable future. As we integrate the teams acquired via our recent acquisitions, we have also incurred integration-related costs and duplicative costs that could impact our operating cost profile in the near term.
Changing revenue mix. Our technology and professional services offerings have materially different gross margin profiles. While our professional services offerings help our clients achieve measurable improvements and make them stickier, they have lower gross margins than our technology revenue. In 2023, our technology revenue and professional services revenue represented 63% and 37% of total revenue, respectively.
Changes in our percentage of revenue attributable to Technology and Professional Services would impact future Total Adjusted Gross Margin. For example, in 2024, we expect professional services revenue to become a higher percentage of total revenue as a result of increased demand for Tech-enabled Managed Services that tend to provide an immediate ROI for clients, including in the form of cost savings for the client. Furthermore, changes within the types of professional services we offer over time can have a material impact on our Adjusted Professional Services Gross Margin, impacting our future Total Adjusted Gross Margin. See “Reconciliation of Non-GAAP Financial Measures” above for more information.
Transitions to Microsoft Azure and migration to multi-tenant, Snowflake and Databricks enabled data platform environment. We incur hosting fees related to providing DOS through a cloud-based environment hosted by Microsoft Azure. We maintain a small number of clients that have deployed DOS on-premise. We are in the process of migrating clients who deployed DOS on-premise to Azure-hosted environments. The Azure cloud provides clients with more advanced DOS product functionality and a more seamless client experience; however, hosting clients in Azure is more costly than on-premise deployments on a per-client basis. We have also started migrating certain clients to our multi-tenant, Snowflake and Databricks-enabled data platform environment. These transitions have and will continue to result in higher cost of technology revenue and a reduced Adjusted Technology Gross Margin.
Recent Acquisitions
Electronic Registry Systems, Inc. (ERS)
On October 2, 2023, we acquired Electronic Registry Systems, Inc. (ERS), a cloud-based provider of clinical registry development and data management software focused on oncology with advanced data analytics expertise. The acquisition consideration transferred was comprised of net cash consideration of $11.4 million. The ERS shareholders also received Health Catalyst common shares subject to revesting that are accounted for as post-acquisition stock-based compensation.

ARMUS Corporation
On April 29, 2022, we acquired ARMUS, a clinical registry development and data management technology company based in Foster City, California. ARMUS provides data abstraction, data validation, data management, data submission, and data reporting services to support participation in clinical quality registries for healthcare institutions around the world, including health systems, payers, medical device companies, and premier medical societies.
69

The acquisition consideration transferred was $9.4 million and was comprised of net cash consideration of $9.3 million and Health Catalyst common shares with a fair value of $0.1 million, net of shares subject to revesting that are accounted for as post-acquisition stock-based compensation.

KPI Ninja, Inc.

On February 24, 2022, we acquired KPI Ninja, a leading provider of interoperability, enterprise analytics, and value-based care solutions based in Lincoln, Nebraska. KPI Ninja is known for its powerful capabilities, flexible configurations, and comprehensive applications designed to fulfill the promise of data-driven healthcare. The acquisition consideration transferred was $21.4 million and was comprised of net cash consideration of $18.5 million and Health Catalyst common shares with a fair value of $2.9 million, net of shares subject to revesting that are accounted for as post-acquisition stock-based compensation.

Twistle, Inc.

On July 1, 2021, we acquired Twistle, Inc. (Twistle), a healthcare patient engagement SaaS technology company that automates patient-centered communication between care teams and patients to transform the patient experience, drive better care outcomes, and reduce healthcare costs. We anticipate that Twistle’s leading clinical workflow and patient engagement platform, paired with the Health Catalyst population health offering, will enable a comprehensive go-to-market solution to address the population health needs of healthcare and life science organizations. The acquisition consideration transferred was $91.9 million, consisting of net cash consideration of $46.7 million, Health Catalyst common shares with a fair value of $43.1 million, and contingent consideration based on certain earn-out performance targets for Twistle during an earn-out period that ended on June 30, 2022, which had an initial estimated fair value of $2.1 million. The earn-out contingent consideration liability was settled during the third quarter of 2022.

Components of Our Results of Operations
Revenue
We derive our revenue from sales of technology and professional services. For the years ended December 31, 2023, 2022, and 2021, technology revenue represented 63%, 64%, and 61% of total revenue, respectively, and professional services revenue represented 37%, 36%, and 39% of total revenue, respectively.
Technology revenue.   Technology revenue primarily consists of subscription fees charged to clients for access to use our data platform and analytics applications. We provide clients access to our technology through either an all-access or limited-access, modular subscription. Most of our subscription contracts are cloud-based and generally have a three or five-year term, of which many are terminable after one year upon 90 days’ notice. The vast majority of our DOS subscription contracts have built-in annual escalators for technology access fees. Also included in technology revenue is the maintenance and support we provide, which generally includes updates and support services.
Professional services revenue.   Professional services revenue primarily includes analytics services, domain expertise services, TEMS, and implementation services. Professional services arrangements typically include a fee for making FTE services available to our clients on a monthly basis. FTE services generally consist of a blend of analytic engineers, analysts, and data scientists based on the domain expertise needed to best serve our clients.
Deferred revenue
Deferred revenue consists of client billings in advance of revenue being recognized from our technology and professional services arrangements. We primarily invoice our clients for technology arrangements annually or quarterly in advance. Amounts anticipated to be recognized within one year of the balance sheet date are recorded as deferred revenue and the remaining portion is recorded as deferred revenue, net of current portion on our consolidated balance sheets.

Cost of revenue, excluding depreciation and amortization
Cost of technology revenue.    Cost of technology revenue primarily consists of costs associated with hosting and supporting our technology, including third-party cloud computing and hosting costs, license and revenue share fees, contractor costs, and salary and related personnel costs for our cloud services and support teams.
70

Although we expect cost of technology revenue to increase in absolute dollars as we increase headcount, cloud computing, and hosting costs to accommodate growth, and as we continue to transition clients to third-party hosted data centers with Microsoft Azure and the migration of clients to the next iteration of our DOS platform, we anticipate cost of technology revenue as a percentage of technology revenue will generally decrease over the long term. We expect cost of technology revenue as a percentage of technology revenue to fluctuate and potentially increase in the near term, primarily due to additional costs associated with transitioning a small number of clients from on-premise to Microsoft Azure and the migration of clients to the next iteration of our DOS platform.
Cost of professional services revenue.    Cost of professional services revenue consists primarily of costs related to delivering our team’s expertise in analytics, strategic advisory, improvement, and implementation services. These costs primarily include salary and related personnel costs, travel-related costs, and outside contractor costs. The 2023 Restructuring Plan increased the cost of professional services revenue in the fourth quarter of 2023 due to severance costs, but we expect that the reduction in headcount will reduce future, ongoing cost of professional services revenue. We further expect that the future savings from the reduced headcount will be offset by continued growth in our professional services, including TEMS.

Operating expense
Sales and marketing. Sales and marketing expenses primarily include salary and related personnel costs for our sales, marketing, and account management teams, lead generation, marketing events, including our HAS, marketing programs, and outside contractor costs associated with the sale and marketing of our offerings. We plan to continue to invest in sales and marketing to grow our client base, expand in new markets, and increase our brand awareness. The trend and timing of sales and marketing expenses will depend in part on the timing of our expansion into new markets and marketing campaigns. Our sales and marketing expenses may fluctuate as a percentage of our revenue from period to period due to the timing and extent of these expenses, including due to restructuring initiatives.
Research and development. Research and development expenses primarily include salary and related personnel costs for our data platform and analytics applications teams, subscriptions, and outside contractor costs associated with the development of products. We have developed an open, flexible, and scalable data platform. We plan to continue to invest in research and development to develop new solutions and enhance our applications library. The 2023 Restructuring Plan increased our research and development expenses in the fourth quarter of 2023 due to severance costs, but we expect that the reduction in headcount will reduce future, ongoing research and development expenses. Our research and development expenses may fluctuate as a percentage of our revenue from period to period due to the nature, timing, and extent of these expenses.
General and administrative. General and administrative expenses primarily include salary and related personnel costs for our legal, finance, people operations, IT, and other administrative teams, including certain executives. General and administrative expenses also include facilities, subscriptions, corporate insurance, outside legal, accounting, directors’ fees, and the change in fair value of contingent consideration liabilities. Our general and administrative expenses may fluctuate as a percentage of our revenue from period to period due to the timing and extent of these expenses, including due to restructuring initiatives.
Depreciation and amortization.   Depreciation and amortization expenses are primarily attributable to our capital investment and consist of fixed asset depreciation, amortization of intangibles considered to have definite lives, and amortization of capitalized internal-use software costs.

Interest and other income (expense), net
Interest and other income (expense), net primarily consists of income from our investment holdings offset by interest expense. Interest expense is primarily attributable to the 2.50% Convertible Senior Notes due 2025 (the Notes) and it also includes the amortization of deferred financing costs related to our debt arrangements. The adoption of ASU 2020-06 reduced our reported interest expense as it relates to our convertible senior notes in 2023 and 2022 as compared to 2021.

Income tax benefit
Income tax benefit consists of U.S. federal, state, and foreign income taxes. Because of the uncertainty of the realization of the deferred tax assets, we have a full valuation allowance for our net deferred tax assets, including net operating loss carryforwards (NOLs) and tax credits related primarily to research and development.
As of December 31, 2023, we had federal and state NOLs of $602.6 million and $505.5 million, respectively, which will begin to expire for federal and state tax purposes in 2032 and 2024, respectively.
71

Our existing NOLs may be subject to limitations arising from ownership changes and, if we undergo an ownership change in the future, our ability to utilize our NOLs and tax credits could be further limited by Sections 382 and 383 of the Code. Future changes in our stock ownership, many of which are outside of our control, could result in an ownership change under Sections 382 and 383 of the Code. Our NOLs and tax credits may also be limited under similar provisions of state law.
On March 27, 2020, the CARES Act was enacted and signed into U.S. law to provide economic relief to individuals and businesses facing economic hardship as a result of the COVID-19 pandemic. On March 11, 2021, the American Rescue Plan Act (ARPA) was enacted and signed into U.S. law to provide additional economic stimulus and tax credits. Changes in tax laws or rates are accounted for in the period of enactment. The income tax provisions of the CARES Act and ARPA do not have a significant impact on our current taxes, deferred taxes, or uncertain tax positions. The CARES Act also provided for the deferral of an employer’s portion of social security payroll taxes for the remainder of 2020. We deferred the social security payroll tax match beginning in April 2020 and fully paid all related deferred payroll taxes in December 2021.
On August 16, 2022, the Inflation Reduction Act of 2022 (IRA) was enacted and signed into U.S. law. The IRA includes provisions imposing a 1% excise tax on share repurchases in excess of the fair value of stock issuances, including compensatory stock issuances, that occur after December 31, 2022 and introduces a 15% corporate alternative minimum tax on adjusted financial statement income. We do not expect the tax provisions of the IRA to have a material impact on our consolidated financial statements.

Results of Operations
The following tables set forth our consolidated results of operations data and such data as a percentage of total revenue for each of the periods indicated:
Year Ended December 31,
202320222021
(in thousands)
Revenue:
Technology
$187,583 $176,288 $147,718 
Professional services
108,355 99,948 94,208 
Total revenue
295,938 276,236 241,926 
Cost of revenue, excluding depreciation and amortization shown below:
Technology(1)(2)(3)
62,474 56,642 47,516 
Professional services(1)(2)(3)
101,631 86,407 76,838 
Total cost of revenue, excluding depreciation and amortization
164,105 143,049 124,354 
Operating expenses:
Sales and marketing(1)(2)(3)
67,321 87,514 75,027 
Research and development(1)(2)(3)
72,627 75,680 62,733 
General and administrative(1)(2)(3)(4)(5)
76,559 61,701 85,934 
Depreciation and amortization
42,223 48,297 37,528 
Total operating expenses
258,730 273,192 261,222 
Loss from operations
(126,897)(140,005)(143,650)
Interest and other income (expense), net9,106 (1,678)(16,458)
Loss before income taxes
(117,791)(141,683)(160,108)
Income tax provision (benefit)356 (4,280)(6,898)
Net loss
$(118,147)$(137,403)$(153,210)
__________________
(1)Includes stock-based compensation expense, as follows:
72

Year Ended December 31,
202320222021
Stock-Based Compensation Expense:(in thousands)
Cost of revenue, excluding depreciation and amortization:
Technology$1,866 $2,058 $2,063 
Professional services7,369 8,230 8,047 
Sales and marketing20,982 28,082 22,698 
Research and development11,213 12,938 10,213 
General and administrative14,326 20,796 22,124 
Total$55,756 $72,104 $65,145 
(2)Includes acquisition-related costs, net, as follows:
Year Ended December 31,
202320222021
Acquisition-related costs, net:(in thousands)
Cost of revenue, excluding depreciation and amortization:
Technology$273 $351 $61 
Professional services391 655 127 
Sales and marketing697 1,894 592 
Research and development787 3,045 901 
General and administrative