Healthcare Triangle, Inc. [HCTI] Filings

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

Form 10-K

(Mark One)

☒ ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the fiscal year ended December 31, 2023

☐ TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the Transition Period from                      to                      

Commission File Number: 001-40903

HEALTHCARE TRIANGLE, INC.

(Exact name of registrant as specified in its charter)

(925) 270-4812

(Registrant’s telephone number, including area code)

Securities registered pursuant to Section 12(b) of the Act:

Securities registered pursuant to Section 12(g) of the Act: None

Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act.

Yes ☐ No ☒

Indicate by check if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act.

Yes ☐ No ☒

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days.

Yes ☒ No ☐

Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§ 232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files).

Yes ☒ No ☐

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, or a smaller reporting company. See the definitions of “large accelerated filer”, “accelerated filer”, “smaller reporting company”, and “emerging growth company” in Rule 12b-2 of the Exchange Act.

Large accelerated filer ☐     Accelerated filer ☐     Non-accelerated filer ☒     Smaller reporting company ☒      Emerging growth company ☒

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐

Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☒

If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the registrant included in the filing reflect the correction of an error to previously issued financial statements. ☐

Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant’s executive officers during the relevant recovery period pursuant to §240.10D-1(b). ☐

Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Act).

Yes ☐ No ☒

The aggregate market value of voting stock held by non-affiliates of the registrant on June 30, 2023, based on the closing price of $2.33 for shares of the registrant’s common stock as reported by The Nasdaq Stock Market, was approximately $3,723,021. Shares of common stock beneficially owned by each executive officer and director have been excluded in that such persons may be deemed to be affiliates.

As of March 18, 2024, 4,649,909 shares of the registrant’s common stock, $0.00001 par value per share, were issued and outstanding.

Table of Contents

NOTE ABOUT FORWARD-LOOKING STATEMENTS

This Annual Report on Form 10-K, including the sections titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and “Risk Factors,” contains certain forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, involving substantial risks and uncertainties. The words “believe,” “may,” “will,” “potentially,” “plan,” “could,” “should,” “predict,” “ongoing,” “estimate,” “continue,” “anticipate,” “intend,” “project,” “expect,” “seek,” or the negative of these words, or terms or similar expressions conveying uncertainty of future events or outcomes, or that concern our expectations, strategy, plans or intentions, are intended to identify forward-looking statements. Forward-looking statements involve risks and uncertainties that could cause actual results to differ materially from those projected, anticipated, or expected. When considering forward-looking statements, you should keep in mind the risk factors and other cautionary statements discussed under the heading “Risk Factors” and in our publicly available filings and press releases. These statements include, among other things, those regarding:

We operate in very competitive and rapidly changing environments, and new risks emerge from time-to-time. It is not possible for us to predict all risks, nor can we assess the impact of all factors on our business or the extent to which any factor, or combination of factors, may cause actual results to differ materially from those contained in any forward-looking statements we may make. In light of these risks, uncertainties and assumptions, the forward-looking events discussed in this report may not occur, and actual results could differ materially and adversely from those implied in our forward-looking statements.

You should not rely upon forward-looking statements as predictions of future events. Although we believe the expectations reflected in our forward-looking statements are reasonable, we cannot guarantee the future results, levels of activity, performance or events and circumstances described in the forward-looking statements will be achieved or occur. Neither we, nor any other person, assume responsibility for the accuracy and completeness of the forward-looking statements. We undertake no obligation to publicly update any forward-looking statements for any reason after the date of this report to confirm such statements to actual results or to changes in our expectations, except as required by law. Given these risks and uncertainties, readers are cautioned not to place undue reliance on such forward-looking statements.

Unless expressly indicated or the context suggests otherwise, references to “Healthcare Triangle,” “company,” “we,” “us” and “our” refer to Healthcare Triangle Inc. and its consolidated subsidiary.

We operate in very competitive and rapidly-changing environments, and new risks emerge from time-to-time. It is not possible for us to predict all risks, nor can we assess the impact of all factors on our business or the extent to which any factor, or combination of factors, may cause actual results to differ materially from those contained in any forward-looking statements we may make. In light of these risks, uncertainties and assumptions, the forward-looking events discussed in this report may not occur, and actual results could differ materially and adversely from those implied in our forward-looking statements.

You should not rely upon forward-looking statements as predictions of future events. Although we believe the expectations reflected in our forward looking statements are reasonable, we cannot guarantee the future results, levels of activity, performance or events and circumstances described in the forward looking statements will be achieved or occur. Neither we, nor any other person, assume responsibility for the accuracy and completeness of the forward looking statements. We undertake no obligation to publicly update any forward-looking statements for any reason after the date of this report to conform such statements to actual results or to changes in our expectations, except as required by law. Given these risks and uncertainties, readers are cautioned not to place undue reliance on such forward-looking statements.

Unless expressly indicated or the context suggests otherwise, references to “Healthcare Triangle”, “HTI”, “company”, “we”, “us” and “our” refer to Healthcare Triangle Inc. and its consolidated subsidiary.

All references to the number of common shares and price per Common Stock have been adjusted to reflect the one-for-ten reverse stock split effectuated in May 2023.

RISK FACTORS SUMMARY

Investing in our common stock involves numerous risks, including the risks summarized below and described in further detail in “Part I, Item 1A. Risk Factors” of this Annual Report on Form 10-K, any one of which could materially adversely affect our business, financial condition, results of operations, and prospects. These risks include, but are not limited to, the risks noted below.

The elimination of personal liability against our directors and officers under Delaware law and the existence of indemnification rights held by our directors, officers and employees may result in substantial expenses.

PART I

Item 1. Business

We are a Healthcare information technology company focused on advancing innovative industry-transforming solutions in the sectors of cloud services, data science, and professional and managed services for the Electronic Health Record (EHR), Healthcare and Life Sciences industry.

Our approach leverages our proprietary technology platforms, extensive industry knowledge, and healthcare domain expertise to provide solutions and services that reinforce healthcare progress. Through our platform, solutions, and services, we support healthcare delivery organizations, healthcare insurance companies, pharmaceutical and Life Sciences, biotech companies, and medical device manufacturers in their efforts to improve data management, develop analytical insights into their operations, and deliver measurable clinical, financial, and operational improvements.

We offer a comprehensive suite of software, solutions, platforms and services that enables some of the world’s leading healthcare and pharma organizations to deliver personalized healthcare, precision medicine, advances in drug discovery, development and efficacy, collaborative research and development, respond to real world evidence, and accelerate their digital transformation. We combine our expertise in the healthcare technology domain, cloud technologies, DevOps and automation, data engineering, advanced analytics, AI/ML, Internet of things (“IoT”), security, compliance, and governance to deliver platforms and solutions that drive improved results in the complex workflows of Life Sciences, biotech, healthcare providers, and payers. Our differentiated solutions, enabled by intellectual property platforms provide advanced analytics, data science applications, and data aggregation in a secure, compliant and cost-effective manner to our customers. Our approach reinforces healthcare progress through advanced technology, extensive industry knowledge, and domain expertise.

Our deep expertise in healthcare allows us to reinforce our clients’ progress by accelerating their innovation. Our healthcare IT services include EHR and software implementation, optimization, extension to community partners, as well as application managed services, and backup and disaster recovery capabilities on public cloud. Our 24x7 managed services are used by hospitals and health systems, payers, Life Sciences, and biotech organizations in their effort to improve health outcomes and deliver deeper, more meaningful patient and consumer experiences. Through our services, our customers achieve return on investment in their technology by delivering measurable improvements. Combined with our software and solutions, our services provide clients with an end-to-end partnership for their technology innovation.

We believe our principal competitive factors in our market include our technology capabilities, domain expertise, and on-demand customer support for companies to realize the benefits of modern cloud, data, and security architectures. There are several unique factors mentioned below that make HTI an attractive service provider for healthcare and Life Sciences companies:

Our organizational capabilities and unique advantages also include solving data insights and data interoperability challenges for the HCLS industry with our domain knowledge and technology solutions. To accelerate healthcare providers’ adoption of cloud and next-generation technologies, we leverage our Life Sciences and medical device industry experience in cloud, data, IoT, AI/ML, security & compliance.

The majority of our revenue is generated by our full-time employees who provide software services and Managed Services and Support to our clients. Our software services include strategic advisory, implementation and development services and Managed Services and Support include post implementation support and cloud hosting. We are in the early stages of marketing CloudEz, DataEz and Readabl.AI as our SaaS offerings on a subscription basis, which we expect will provide us with recurring revenues. We do not yet have enough information about our competition or customer acceptance of the proposed SaaS offerings to determine whether or not recurring subscription revenue will have a material impact on our revenue growth. Our SaaS offerings have been launched and commercially available for customers.

Background

As of December 31, 2023, SecureKloud Technologies, Inc., f/k/a 8K Miles Software Services, Inc., a Nevada corporation (the “Parent”), owns approximately 59.18% of the Company. Our Parent is 60.71% owned by SecureKloud Technologies Ltd., an Indian company that is publicly traded in India.

We are led by a diverse, global, and talented team of data scientists, thought leaders, software developers, and subject matter experts who seek to understand our customers’ challenges and are dedicated to tackling these challenges. As of December 31, 2023, we had a total of 33 full time employees, 164 sub-contractors, including 95 certified cloud engineers, 66 Epic Certified EHR experts and 21 MEDITECH Certified EHR experts. Many of the senior management team and the members of our board of directors hold advanced degrees and some are leading experts in software development, regulatory science, and market access.

The Company, along with the Parent, is a born-on-the-cloud Premier Partner of AWS and an audited next generation MSP. We are a leading partner of Google Cloud and a Gold Cloud Partner of Microsoft Azure Cloud. HTI, along with the Parent, is currently one of the top tier Healthcare and Life Sciences competency partners of AWS among more than 100,000 partners in their global community of partners. The Company is also recognized as one of the top eight partners of Google Cloud Healthcare Interoperability Readiness Program. The Company has also established partnerships with Medical Information Technology, Inc. MEDITECH, Epic Systems, Splunk Inc., Snowflake Inc., Looker Inc. (acquired by Google), and other technology companies. Our Parent was rated in 2021 by Solutions Review, an independent online magazine, as one of the 22 best AWS-managed services providers(1). The Company has several Fortune 500 clients in the Life Sciences industry and partners with many hospitals in their cloud transformation journey. We conduct our business directly with hospitals and other healthcare providers. Our Healthcare IT services include systems selection, EHR implementation, post-implementation support to manage EHRs, legacy support, optimization, training, and creation of efficient EHR systems, and improvement of clinical outcomes for hospitals.

Market

Our target markets are healthcare delivery organizations (e.g., hospitals, clinics, physician practices, and other healthcare providers) and Life Sciences organizations (e.g., pharmaceutical and biotech companies). These target markets are large and rapidly expanding, and the opportunity before us is substantial as data increasingly becomes more critical to successful clinical quality improvement and outcomes, financial performance, drug discoveries, and the ever-important need to ensure a positive patient and consumer experience.

The US healthcare cloud transformation services market will grow to $30B by 2027 with 17.4% CAGR as per Absolution Market Insights⁽²⁾. Bloomberg business report estimates that the global market for healthcare data science and analytics will be $40B by 2025 with a CAGR of 23.5%⁽³⁾. The US healthcare IT services market is estimated to be $149B by 2025 with a CAGR 11.7% as per Allied Market Research⁽⁴⁾. The medical document management market is estimated to be $555M by 2025 as per Market Data Forecast⁽⁵⁾.

Based on the above market data on cloud transformation, healthcare data science and analytics, healthcare IT services and medical document management, we believe CloudEz, DataEz and Readabl.AI platforms have significant market opportunity. As COVID-19 and technological advancements accelerate a rapid shift toward digital health, healthcare technology companies like HTI will help to transform the Healthcare and Life Sciences industry and pave the way for sizeable market opportunities.

We believe the industry challenges and market dynamics described below are transforming the way data and analytics are used by healthcare organizations and provide us with a significant opportunity.

Challenges associated with increasing complexity of healthcare data

Across the healthcare landscape, a significant amount of data is being created every day, driven by patient care, payment systems, regulatory compliance, and recordkeeping. This includes information within patient health records, clinical trials, pharmacy benefit programs, imaging systems, sensors, and monitoring platforms, laboratory results, patient-reported information, hospital, and physician performance programs, and billing and payment processing.

The U.S. Healthcare system has invested billions of dollars to collect vast amounts of detailed information in digital format. Examples of major areas of investment include electronic transactional systems that digitize clinical information (e.g., EHR systems, pharmacy, laboratory, imaging, patient satisfaction, and healthcare information exchanges), financial information (e.g., general ledger, costing, and billing), and operational information (e.g., supply chain, human resources, time and attendance, IT support, and patient engagement). Wearables and sensors drive personalized health data for continuous monitoring of patients through daily activity logs, biometric sensors, fall sensors, social activity sensors, etc. These wearables and sensors result in a proliferation of healthcare data that also includes socioeconomic, genomic, and remote patient monitoring information. Collecting, storing, and using healthcare data is complicated by the breadth and depth of disparate sources, the multitude of formats, and increasing regulatory requirements.

The data is vital for Life Sciences and pharmaceutical industries; however, traditional and current data platforms are not equipped to meet this surge or the analytic demands. Today, the data platform is expected to stay relevant for at least 15 years, be able to democratize the data, and still be secure and compliant. Data and analytics in healthcare is transforming the way illnesses are identified and treated, improving quality of life and avoiding preventable deaths.

We believe our DataEz platform addresses these challenges. DataEz is a cloud-based data pipeline platform that helps to enable personal healthcare data management, analytics, and data science capabilities for large Life Sciences, pharmaceutical, and healthcare organizations. It integrates with a larger variety of data sources to ingest, process, store, analyze, and gain insights from the data. By leveraging the real-world evidence data and the ability to diagnose through advanced predictive modelling, AI/ML makes the process simpler and less expensive. Life Sciences industries will require a secure, privacy-compliant, and future-proof data platform as a foundation for large-scale genomics collaborations and for efforts to analyze archived data, including privacy-protected data. This means most organizations will turn into data organizations and will aggressively leverage data as a core asset to drive innovation in their businesses.

Challenges due to lack of coordination and interoperability

The healthcare industry is fragmented and inefficient, with different legacy health insurers, hospital systems, provider groups, and pharmacy networks each possessing distinct incentive structures—some or all of which may diverge from consumers’ interests. Even as consumer demand for greater coordination grows, inflexible and disparate legacy technological systems present a significant barrier to meeting consumers’ wants and needs.

After decades of investing in EHR technology, the state of interoperability is insufficient and inhibits care coordination, health data exchange, clinical efficiency, and the quality of care provided to patients. Given that the EHR is the principal electronic interface used today at the point of care, the path to improved data-driven decision support will require integration between EHR systems and other data and analytics providers. Incidentally, the U.S. Healthcare system is in the midst of an “open data wave,” with an increasing focus on, and demand for, patient data interoperability. Additionally, recent laws and regulations, such as the 21st Century Cures Act, promote and prioritize interoperability and the free exchange of health information. The federal government’s new regulations aim to help patients gain better control of their health data via smartphone apps, interoperability is expected to increase between providers, payers, and healthcare technology companies.

We believe our Healthcare Interoperability solutions and proprietary platforms drive resilient interoperable health infrastructure as a catalyst for delivering better care and reducing costs. We participate in Google Cloud’s Healthcare Interoperability Readiness Program, which aims to help free up patient data and make it more accessible across the continuum of care, as well as set up organizations for long-term success with more modern, interoperable API-first architectures. We help healthcare providers understand their current interoperability maturity levels and map out a stepwise journey to enable interoperability. For example, our Readabl.AI is a Google Cloud-based AI/ML platform to ingest documents, which provides OCR (optical character recognition) capabilities with Natural Language Processing where the patient information is extracted and matched/validated with healthcare providers’ EHR system via FHIR (Fast Healthcare Interoperability Resources) API.

Our Technology and Services

We offer two proprietary software platforms, CloudEz and DataEz, for cloud transformation, automation, data management, security and data governance, and clinical and non-clinical operations management. The platforms are composed of individual, proprietary technology toolsets and deep data assets that can be rapidly configured to empower the operationalization of large-scale, data-driven healthcare initiatives. The platforms enable healthcare organizations to implement highly sophisticated value-based initiatives on a very large scale. At the core of value-based initiatives is the need to aggregate and analyse data, garner meaningful insight from the results, and use these insights to drive material change to outcomes and economics. The platforms address these needs through their major competencies: (i) large-scale data connectivity, integration, and validation capabilities, (ii) advanced predictive analytics and high-speed computing, (iii) toolsets to translate resulting insights into real-world impact, and (iv) purpose-built data visualization and reporting.

CloudEz Technology Platform

CloudEz is an enterprise multi-cloud transformation and management platform that enables customers to manage their cloud infrastructure across private, hybrid, and public cloud infrastructures from providers such as AWS, Microsoft Azure, and Google Cloud. CloudEz offers cloud services to highly regulated industries, including healthcare, Life Sciences, and pharma and biotech organizations, in their cloud transformation journey. It leverages a library of infrastructure and application code developed ‘in-house’ to deliver infrastructure services that are secure and compliant. CloudEz also delivers an automated infrastructure compliance framework that facilitates our customers in being continuously compliant with regulatory requirements.

Implementing a secured cloud that requires continuous adherence of GxP / HIPAA compliance across a number of business units that individually span over a number of different vendors is the biggest challenge across all regulatory specific industries, such as pharma and healthcare. An automation framework that offers secure, continuous GxP / HIPAA compliance for pharmaceutical and healthcare businesses is required for faster deployment of business applications.

CloudEz platform has several security controls including identity & access management, cloud security & governance, data security, security information & event management, network and application security.

DataEz technology platform

Managing a data and data analytics platform is cumbersome with numerous moving components and current best practices that are prone to over-complication. The implemented architecture of some competing solutions is typically not scalable or does not allow workload flexibility. Reengineering such massive ecosystems is neither cost-effective nor practical for enterprises that want to focus on maintaining their market position. Additionally, and more importantly, when enterprise IT teams want to build their Data Lakes, centralized repository that store data, on the cloud, they must deal with overwhelming complexities – from choosing the right cloud provider that addresses their needs and ensures necessary government regulatory security and compliances are met to continuously managing a cost-effective infrastructure.

HTI brings together large-scale datasets, expansive connectivity, robust technology infrastructure, and industry-leading subject matter expertise. The capabilities of the HTI platforms enable both the efficient determination of highly meaningful insights and the reliable achievement of meaningful impact in the quality and economics of healthcare.

DataEz is a cloud-based data analytics and data science platform purpose-built for the data analytics and data science requirements of large Life Sciences/pharmaceutical and healthcare provider organizations. This platform enables our healthcare customers to ingest, securely analyze, and transform data from disparate sources to gain operational, financial, and clinical insights. DataEz is a fully secured and compliant platform that meets the regulatory requirements and we offer this as a solution and Software as a Service (SaaS) subscription model for Life Sciences and healthcare provider customers.

Combinations of all proprietary technology toolsets are configured to quickly empower highly differentiated solutions for customer needs in a highly scalable fashion. The flexibility of the platform’s modular design enables customers to integrate the capabilities of the platform with their own internal capabilities or other third-party solutions. The platforms bring to the marketplace a highly extensible, national-scale capability to interconnect with the healthcare ecosystem on a massive scale. This enables healthcare organizations to aggregate and analyze data in petabyte volumes, arrive at sophisticated insights in real-time, drive meaningful impact, and intuitively visualize data and information to inform business strategy and execution.

DataEz platform includes the advanced analytics capability for data scientists and analysts to rapidly spin up secure analytics workbenches. Analytics workbench enables agile analytics, by providing capabilities of data discovery, model building, model management, model consumption, visualization, and workflow management in an integrated platform to accelerate the data science life cycle using AI/ML algorithms as well as data analytics at scale.

DataEz Platform Architecture:

DataEz platform architecture is composed of various stages of data pipeline management including ingestion, quarantine, pre-curated, data curated, analytics/data warehouse, visualization/data warehouse and visualization/data science.

DataEz: Data Lake Management, Analytics & Data Science platform architecture diagram

Readabl.AI

Despite significant investments in electronic health records, paper-based unstructured data, such as faxes and clinical reports, remain the prevalent methods to share information about patients as they navigate the continuum of care. This reality has been particularly obvious during the COVID 19 pandemic. The NY Times recently highlighted that the fax machine continues to be a primary data communication tool in the fight against the virus.

Healthcare organizations demand an advanced automation solution to easily convert paper-based unstructured data into meaningful information for patient care. Readabl.AI uses state-of-the-art public cloud artificial intelligence and machine learning to recognize and extract healthcare information from documents, faxes, and narrative reports. Including Readabl.AI in customer organization’s workflow improves patient care and clinical efficiencies while maintaining security & confidentiality. Readabl.AI ensures that the necessary health information is available for patient care with reduced labor requirements and faster processing.

Readabl.AI is offered as a solution on public cloud marketplaces such as Google Cloud marketplace and is commercially available on a Software-as-a-Service (SaaS) subscription model.

Cloud IT Services

Cloud IT is a service offering that we provide that incorporates several of our existing technological platforms. Below are several of the benefits of our Cloud IT service:

Healthcare IT Services:

Healthcare IT is a separate service we provide primarily to hospitals and healthcare centres. Our healthcare IT services are utilized by 100+ hospitals across the US. These services include EHR implementation and optimization, managed services, interoperability, data assessments and tools, and clinical and training consulting to improve clinical outcomes and the patient experience.

Corporate Information

Our principal executive office is located at 7901 Stoneridge Drive, Suite 220, Pleasanton, CA 94588. Our telephone number is (925) 270-4812. Our website address is https://www.healthcaretriangle.com/. The information on our website or that may be accessed by links on our website is not incorporated by reference into this Form 10-K. We make available, free of charge and through our website, our Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and any amendments to any such reports filed or furnished pursuant to Section 13(a) or 15(d) of the Securities Exchange Act of 1934, as amended, as soon as reasonably practicable after they are electronically filed with or furnished to the U.S. Securities and Exchange Commission.

Item 1A. Risk Factors

Investing in our common stock is highly speculative and involves a significant degree of risk. Before you invest in our securities, you should give careful consideration to the following risk factors, in addition to the other information included in this Annual Report on Form 10-K, including our financial statements and related notes, before deciding whether to invest in our securities. The occurrence of any of the adverse developments described in the following risk factors could materially and adversely harm our business, financial condition, results of operations or prospects. In that case, the trading price of our common stock could decline, and you may lose all or part of your investment.

Risks Related to Our Company

Competition with companies that have greater financial, technical, and marketing resources than we have could result in a loss of clients and/or a lowering of prices for our products, causing a decrease in our revenues and/or market share.

There are a number of companies that are our principal and secondary competitors and offer products and systems that are comparable to our solutions and address the markets we serve. The principal competitive factors in our markets include product features, performance, and support, product scalability and flexibility, ease of deployment and use, the total cost of ownership, and time to value. Some of our current and potential competitors have advantages over us, such as longer operating histories, significantly greater financial, technical, marketing, or other resources, a stronger brand and business user recognition, larger intellectual property portfolios, and broader global distribution and presence. Further, competitors may be able to offer products or functionality similar to ours at a more attractive price than we can by integrating or bundling their software products with their other product offerings. In addition, our industry is evolving rapidly and is becoming increasingly competitive. Larger and more established companies may focus on creating a learning system or solutions that could directly compete with one or more of our offerings. If companies move a greater proportion of their data and computational needs to the cloud, new competitors may emerge which offer services comparable to ours or that are better suited for cloud-based data, and the demand for one or more of our offerings may decrease. Smaller companies could also launch new products and services that we do not offer and that could gain market acceptance quickly. We may also face competition from providers of cloud management systems and database systems, and other segment-specific applications. Any of these companies, as well as other technology or healthcare companies, could decide at any time to specifically target hospitals and Life Sciences companies within our target market. A number of existing and potential competitors are more established than we are and have greater name recognition and financial, technical, and marketing resources. Products of our competitors may have better performance, lower prices, and broader market acceptance than our products. We expect increased competition that could cause us to lose clients, lower our prices to remain competitive, and, consequently, experience lower revenues, revenue growth, and profit margins, which would have a material adverse effect on our financial condition and business prospects.

We are dependent on the continued availability of third-party hosting and transmission services. Loss of contractual relationship with operational issues with, or changes to the costs of, our third-party data center providers could harm our business, reputation, or results of operations.

We currently serve the majority of our platform functions from third-party data center hosting facilities operated by Amazon Web Services, Google Cloud, and Microsoft Azure Cloud, and we primarily use shared servers in such facilities. We are dependent on these third parties to provide continuous power, cooling, Internet connectivity, and physical and technological security for our servers, and our operations depend, in part, on their ability to protect these facilities against any damage or interruption from natural disasters, such as earthquakes and hurricanes, power or telecommunication failures, criminal acts, and similar events. In the event that any of our third-party facilities arrangements is terminated, or if there is a lapse of service or damage to a facility, we could experience interruptions in our platforms as well as delays and additional expenses in arranging new facilities and services.

Any damage to, or failure of, the systems of our third-party providers could result in interruptions to our platforms. Despite precautions taken at our data centers, the occurrence of spikes in usage volume, a natural disaster, such as earthquakes or hurricane, an act of terrorism, vandalism or sabotage, a decision to close a facility without adequate notice, or other unanticipated problems at a facility could result in lengthy interruptions in the availability of our platform. Even with current and planned disaster recovery arrangements, our business could be harmed. Also, in the event of damage or interruption, our insurance policies may not adequately compensate us for any losses that we may incur. These factors in turn could further reduce our revenue, subject us to liability and cause us to issue credits, or cause customers to stop using our platforms, any of which could materially and adversely affect our business.

Our Parent’s control could prevent us from obtaining essential services at lower rates and if our Parent ceases to provide us with services our business could suffer.

Our Parent provides us with essential services, including software development, infrastructure development, sales support, recruitment and immigration support, project coordination, human resources and operation support and management/advisory services. Although we pay our Parent for these services at what we believe are market rates and were negotiated in good faith on an arms-length basis, if we became aware in the future of third parties that could provide such services on terms more favorable than the Parent, our Parent’s control over our Board and our Company could prevent us from obtaining these services on more favorable terms from such third parties or renegotiating the terms with our Parent. Also, if the Parent was no longer able to provide us these services, we may be forced to obtain them from third parties on terms that are less favorable. If we are prevented by the Parent in the future from paying third parties less for services currently provided by the Parent or if the Parent is unable to provide us services it now provides, such events could have a material adverse effect on our business and financial condition.

As a “controlled company” under the Nasdaq Marketplace Rules, we may choose to exempt our Company from certain corporate governance requirements that could have an adverse effect on our public stockholders.

Under Rule 4350(c) of the Nasdaq Marketplace Rules, a company of which more than 50% of the voting power is held by an individual, group or another company is a “controlled company” and may elect not to comply with certain corporate governance requirements, including the requirement that a majority of our directors be independent, as defined in Nasdaq rules and the requirement that our compensation and nominating and corporate governance committees consist entirely of independent directors. Although we do not intend to rely on the “controlled company” exemption under Nasdaq rules, we could elect to rely on this exemption in the future. If we elect to rely on the “controlled company” exemption, a majority of the members of our Board might not be independent directors and our nominating and corporate governance and compensation committees might not consist entirely of independent directors. Accordingly, during any time while we remain a controlled company relying on the exemption and during any transition period following a time when we are no longer a controlled company, you would not have the same protections afforded to shareholders of companies that are subject to all of the Nasdaq corporate governance requirements. Our status as a controlled company could cause our common stock to look less attractive to certain investors or otherwise harm our trading price.

A significant inadvertent disclosure or breach of confidential and/or personal information we hold, or of the security of our or our customers’, suppliers’, or other partners’ computer systems could be detrimental to our business, reputation, and results of operations.

Our business requires the storage, transmission, and utilization of data, including healthcare information, patient’s information, personal information, and other information that must be maintained on a confidential basis. These activities have made, and may in the future make, our clients and our products a target of cyber-attacks by third parties seeking unauthorized access to the data contained on our platforms. As a result of the types and volume of personal data on our systems, we believe that healthcare companies may be a target for such breaches and attacks.

In recent years, the frequency, severity, and sophistication of cyber-attacks, computer malware, viruses, social engineering, and other intentional misconduct by computer hackers have significantly increased, and government agencies and security experts have warned about the growing risks of hackers, cybercriminals, and other potential attackers targeting information technology systems. Such third parties could attempt to gain entry into our systems for the purpose of stealing data or disrupting the systems. In addition, our security measures may also be breached due to employee error, malfeasance, system errors, or vulnerabilities, including vulnerabilities of our vendors, suppliers, their products, or otherwise. Third parties may also attempt to fraudulently induce employees or customers into disclosing sensitive information such as user names, passwords, or other information to gain access to the data contained on our platforms, including patient information.

While we and our third-party cloud providers have implemented security measures designed to protect against security breaches, these measures could fail or may be insufficient, particularly as techniques used to sabotage or obtain unauthorized access to systems change frequently and generally are not recognized until launched against a target, resulting in the unauthorized disclosure, modification, misuse, destruction, or loss of our or our customers’ data or other sensitive information. Any failure to prevent or mitigate security breaches and improper access to or disclosure of the data we maintain, including personal information, could result in litigation, indemnity obligations, regulatory enforcement actions, investigations, fines, penalties, mitigation and remediation costs, disputes, reputational harm, diversion of management’s attention, and other liabilities and damage to our business.

We cannot be certain that advances in criminal capabilities, the discovery of new vulnerabilities in our systems, and attempts to exploit those vulnerabilities, physical system or facility break-ins and data thefts or other developments will not compromise or breach the technology protecting our systems and the information we possess.

We may incur significant costs in protecting against or remediating cyber-attacks. Any security breach could result in operational disruptions that impair our ability to meet our customers’ requirements, which could result in decreased revenue. Also, whether there is an actual or a perceived breach of our security, our reputation could suffer irreparable harm, causing our current and prospective customers to reject our products and services in the future, deterring data suppliers from supplying us data or customers from using our services, or changing consumer behaviour adversely affecting our technology’s market coverage. Further, we could be forced to expend significant resources in response to a security breach, including those expended in notifying individuals and providing mitigating services, repairing system damage, increasing cybersecurity protection costs by deploying additional personnel and protection technologies, and litigating and resolving legal claims or governmental inquiries and investigations, all of which could divert the attention of our management and key personnel away from our business operations.

Finally, while we provide guidance and specific requirements in some cases, we do not directly control any of our clients’ cybersecurity operations, or the amount of investment they place in guarding against cybersecurity threats. Accordingly, we are subject to any flaws in or breaches of their systems, which could materially impact our business, operating results, and financial results.

An inability to attract and retain highly skilled employees could adversely affect our business.

To execute our growth plan, we must attract and retain highly qualified employees skilled in both software engineering and healthcare industry regulations. Competition for these employees is intense, especially with respect to software engineers with high levels of experience in cloud-related services. We have, from time to time, experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with the appropriate level of qualifications. Many of the companies with which we compete for experienced employees have greater resources than we have and may offer compensation packages that are perceived to be better than ours. Additionally, changes in our compensation structure may be negatively received by employees and result in attrition or cause difficulty in the recruiting process. If we fail to attract new employees or fail to retain and motivate our current employees, our business and future growth prospects could be adversely affected.

Defects or disruptions in our cloud software solutions could result in diminished demand for our platforms and services, a reduction in our revenues, and subject us to substantial liability.

We have from time to time found defects in our solutions, and new defects may be detected in the future. In addition, we have experienced, and may in the future experience, service disruptions, degradations, outages, and other performance problems. These types of problems may be caused by a variety of factors, including human or software errors, viruses, cyber-attacks, fraud, spikes in customer usage, problems associated with our third-party computing infrastructure and network providers, infrastructure changes, and denial of service issues. Service disruptions may result from errors we make in delivering, configuring, or hosting our solutions, or designing, installing, expanding, or maintaining our platform’s computing infrastructure. In some instances, we may not be able to identify the cause or causes of these performance problems within an acceptable period of time. It is also possible that such problems could result in losses of data.

Since our customers use our platforms and services for important aspects of their business, any errors, defects, disruptions, service degradations, or other performance problems with our solutions could hurt our reputation and may damage our customers’ businesses. If that occurs, our customers may delay or withhold payment to us, cancel their agreements with us, elect not to renew, or make service credit claims, warranty claims, or other claims against us, and we could lose future sales. The occurrence of any of these events could result in diminishing demand for our solutions, a reduction of our revenues, an increase in our bad debt expense or in collection cycles for accounts receivable, or could require us to incur the expense of litigation or substantial liability.

We have experienced rapid growth, and if we fail to manage our growth effectively, we may be unable to execute our business plan.

Since we were founded, we have experienced rapid growth and expansion of our operations. Our revenues, customer count, product and service offerings, countries of operation, facilities, and computing infrastructure needs have all increased significantly, and we expect them to increase in the future. We have also experienced rapid growth in our employee base. As we continue to grow, both organically and through acquisitions, we must effectively integrate, develop, and motivate an increasing number of employees (an increasing portion of whom are expected to work remotely due to the COVID-19 pandemic), while executing our growth plan and maintaining the beneficial aspects of our culture. Any failure to preserve our culture could negatively affect our future success, including our ability to attract and retain highly qualified employees and to achieve our business objectives.

Our rapid growth has placed, and will continue to place, a significant strain on our management capabilities, administrative and operational infrastructure, facilities, IT, and other resources. We anticipate that additional investments in our facilities and computing infrastructure will be required to scale our operations. To effectively manage growth, we must continue to: improve our key business applications, processes, and computing infrastructure; enhance information and communication systems; and ensure that our policies and procedures evolve to reflect our current operations and are appropriately communicated to and observed by employees (an increasing portion of whom are working and are expected to work remotely). These enhancements and improvements will require additional investments and allocation of valuable management and employee time and resources. Failure to effectively manage growth could result in difficulty or delays in deploying our solutions, declines in quality or customer satisfaction, increases in costs, difficulties in introducing new features, or other operational difficulties, and any of these difficulties could adversely impact our business performance and results of operations.

We may be unable to successfully introduce new products or services or fail to keep pace with advances in technology.

The successful implementation of our business model depends on our ability to adapt to evolving technologies and increasingly aggressive industry standards and introduce new products and services accordingly. We cannot provide assurance that we will be able to introduce new products on schedule, or at all, or that such products will achieve market acceptance. Moreover, competitors may develop competitive products that could adversely affect our operating results. Any failure by us to introduce planned products or other new products or to introduce these products on schedule could have an adverse effect on our revenue growth and operating results.

If we cannot adapt to changing technologies, our products and services may become obsolete and our business could suffer. Because the markets in which we operate are characterized by rapid technological change, we may be unable to anticipate changes in our current and potential clients’ or users’ requirements that could make our existing technology obsolete. Our success will depend, in part, on our ability to continue to enhance our existing products and services, develop new technology that addresses the increasingly sophisticated and varied needs of our prospective clients and users, license leading technologies and respond to technological advances and emerging industry standards and practices, all on a timely and cost-effective basis. The development of our proprietary technology entails significant technical and business risks. We may not be successful in using new technologies effectively or adapting our proprietary technology to evolving client or user requirements or emerging industry standards. Any of the foregoing could materially and adversely impact our business, financial condition, and operating results.

Our business depends in part on our ability to establish and maintain additional strategic relationships.

To be successful, we must continue to maintain our existing strategic relationships and establish additional strategic relationships with leaders in a number of the markets in which we operate. This is critical to our success because we believe that these relationships contribute towards our ability to:

Entering into strategic relationships is complicated because strategic partners may decide to compete with us in some or all of the markets in which we operate. In addition, we may not be able to maintain or establish relationships with key participants in the healthcare and Life Sciences industries if we conduct business with their competitors.

We depend, in part, on our strategic partners’ ability to generate increased acceptance and use of our products and services. If we lose any of these strategic relationships or fail to establish additional relationships, or if our strategic relationships fail to benefit us as expected, this could materially and adversely impact our business, financial condition, and operating results.

Our sales cycle can be lengthy and unpredictable, which may cause our revenue and operating results to fluctuate significantly.

Our sales cycle can be lengthy and unpredictable. Our sales efforts involve educating our customers about the use and benefits of our offerings and solutions, including the technical capabilities of our solutions and the potential cost savings and productivity gains achievable by deploying them. Additionally, many of our potential clients are typically already in long-term contracts with their current providers and face significant costs associated with transitioning to our offerings and solutions. As a result, potential customers typically undertake a significant evaluation process, which frequently involves not only our software platforms and component systems infrastructure and platforms but also their existing capabilities and solutions and can result in a lengthy sales cycle. We spend substantial time, effort, and money on our sales efforts without any assurance that our efforts will produce any sales. In addition, purchases of our platform as a service infrastructure are frequently subject to budget constraints, multiple approvals, and unplanned administrative, processing, and other delays. Many of our potential hospital clients have used all or a significant portion of their revenues to comply with federal mandates to adopt electronic medical records to maintain their Medicaid and Medicare reimbursement levels. In the event we are unable to manage our lengthy and unpredictable sales cycle, our business may be adversely affected.

Our revenues have historically been concentrated among our top customers, and the loss of any of these customers could reduce our revenues and adversely impact our operating results.

Historically, our revenue has been concentrated among a small number of customers. In the fiscal year ended December 31, 2023, our top customer and our top five customers accounted for 23% and 77% of our revenue, respectively. As a result, the loss of one or more of these customers could materially reduce our revenue, harm our results of operations, and limit our growth.

Risks Related to Our Intellectual Property and Our Platforms and Services

Protection of certain intellectual property may be difficult and costly, and our inability to protect our intellectual property could reduce the value of our products and services.

Our trademarks, trade secrets, copyrights, and other intellectual property rights are important assets to us. Various events outside of our control pose a threat to our intellectual property rights, as well as to our products, services, and technologies. For instance, any of our current or future intellectual property rights may be challenged by others or invalidated through administrative process or litigation.

We have taken efforts to protect our proprietary rights, including a combination of license agreements, confidentiality policies and procedures, confidentiality provisions in employment agreements, confidentiality agreements with third parties, and technical security measures, as well as our reliance on copyright, trademark, trade secret, and unfair competition laws. These efforts may not be sufficient or effective. For example, the secrecy of our trade secrets or other confidential information could be compromised by our employees or by third parties, which could cause us to lose the competitive advantage resulting from those trade secrets or confidential information. Unauthorized third parties may try to copy or reverse engineer portions of our products or otherwise infringe upon, misappropriate or use our intellectual property. We may not be able to discover or determine the extent of any unauthorized use of our proprietary rights. We may also conclude that, in some instances, the benefits of protecting our intellectual property rights may be outweighed by the expense.

In addition, our platforms incorporate “open source” software components that are licensed to us under various public domain licenses. Open-source license terms are often ambiguous, and there is little or no legal precedent governing the interpretation of many of the terms of certain of these licenses. Therefore, the potential impact of such terms on our business is somewhat unknown. Further, some enterprises may be reluctant or unwilling to use cloud-based services, because they have concerns regarding the risks associated with the security and reliability, among other things, of the technology delivery model associated with these services. If enterprises do not perceive the benefits of our services, then the market for these services may not expand as much or develop as quickly as we expect, either of which would adversely affect our business, financial condition, or operating results.

Legal standards relating to the validity, enforceability, and scope of protection of intellectual property rights are uncertain and still evolving. The laws of some foreign countries may not be as protective of intellectual property rights as those in the United States, and effective intellectual property protection may not be available in every country in which our products and services are distributed.

Any impairment of our intellectual property rights, or our failure to protect our intellectual property rights adequately, could give our competitors access to our technology and could materially and adversely impact our business and operating results. Any increase in the unauthorized use of our intellectual property could also divert the efforts of our technical and management personnel and resulting in significant additional expense to us, which could materially and adversely impact our operating results.

Finally, in order to protect our intellectual property rights, we may be required to spend significant resources to monitor and protect these rights. Litigation brought to protect and enforce our intellectual property rights could be costly, time-consuming, and distracting to management and could result in the impairment or loss of portions of our intellectual property. Furthermore, our efforts to enforce our intellectual property rights may be met with defences, counterclaims, and countersuits attacking the validity and enforceability of our intellectual property rights. Negative publicity related to a decision by us to initiate such enforcement actions against a customer or former customer, regardless of its accuracy, may adversely impact our other customer relationships or prospective customer relationships, harm our brand and business, and could cause the market price of our common stock to decline. Our failure to secure, protect and enforce our intellectual property rights could adversely affect our brand and our business.

We may be liable for infringing the intellectual property rights of others.

Our competitors may develop similar intellectual property, duplicate our products and/or services, or design around any patents or other intellectual property rights we hold. Litigation may be necessary to enforce our intellectual property rights or to determine the validity and scope of the patents, intellectual property, or other proprietary rights of third parties, which could be time-consuming and costly and have an adverse effect on our business and financial condition. Intellectual property infringement claims could be made against us and our ecosystem partners, especially as the number of our competitors grows. These claims, even if not meritorious, could be expensive and divert our attention from operating our company and result in a temporary inability to use the intellectual property subject to such claim. In addition, if we, our ecosystem partners, and/or customers become liable to third parties for infringing their intellectual property rights, we could be required to pay a substantial damage award and develop comparable non-infringing intellectual property, to obtain a license, or to cease providing the content or services that contain the infringing intellectual property. We may be unable to develop a non-infringing intellectual property or obtain a license on commercially reasonable terms, if at all.

We may not be able to protect our intellectual property rights throughout the world.

Third parties may attempt to commercialize competitive products or services in foreign countries where we do not have a trademark or copyright registration or where legal recourse may be limited. This may have a significant commercial impact on our foreign business operations which we expect to expand.

Registration and enforcement of intellectual property rights to our platforms and services in all countries throughout the world would be prohibitively expensive, and our intellectual property rights in some countries outside the United States can be less extensive than those in the United States. The requirements for patentability may differ in certain countries, particularly developing countries. For example, Europe has a heightened requirement for patentability of software inventions. Thus, even in countries where we do pursue patent protection, there can be no assurance that any patents will issue with claims that cover our products. In addition, the laws of some foreign countries do not protect intellectual property rights to the same extent as laws in the United States and in some cases may even force us to grant a compulsory license to competitors or other third parties. Consequently, we may not be able to prevent third parties from practicing our inventions in all countries outside the United States or from selling or importing products concerning our healthcare technology into the United States or other jurisdictions. Competitors may use our technologies in jurisdictions where we have not obtained patent protection to develop their own products and services and further, may export otherwise infringing products and services to territories where we have patent protection, but enforcement on infringing activities is inadequate. These products or services may compete with ours, and our patents or other intellectual property rights may not be effective or sufficient to prevent them from competing.

Many companies have encountered significant problems in protecting and defending intellectual property rights in foreign jurisdictions. The legal systems of certain countries, particularly certain developing countries, do not favor the enforcement of patents and other intellectual property protection, which could make it difficult for us to stop the infringement of our patents or marketing of competing products in violation of our proprietary rights generally. Proceedings to enforce our patent rights in foreign jurisdictions could result in substantial costs and divert our efforts and attention from other aspects of our business, could put our patents at risk of being invalidated or interpreted narrowly and our patent applications at risk of not issuing, and could provoke third parties to assert claims against us. We may not prevail in any lawsuits that we initiate and the damages or other remedies awarded, if any, may not be commercially meaningful. In addition, certain countries in Europe and certain developing countries, including India and China, have compulsory licensing laws under which a patent owner may be compelled to grant licenses to third parties. In those countries, we may have limited remedies if our patents are infringed or if we are compelled to grant a license to our patents to a third party, which could materially diminish the value of those patents. This could limit our potential revenue opportunities. Accordingly, our efforts to enforce our intellectual property rights around the world may be inadequate to obtain a significant commercial advantage from the intellectual property that we own or license. Finally, our ability to protect and enforce our intellectual property rights may be adversely affected by unforeseen changes in foreign intellectual property laws.

Our use of third-party open-source software could negatively affect our ability to offer our products and services through our platforms and subject us to possible litigation.

We have incorporated, and may in the future incorporate, third-party open-source software in our technologies. Open-source software is generally licensed by its authors or other third parties under open source licenses. From time to time, companies that use third-party open-source software have faced claims challenging the use of such open-source software and requesting compliance with the open-source software license terms. Accordingly, we may be subject to suits by parties claiming ownership of what we believe to be open-source software or claiming non-compliance with the applicable open-source licensing terms. Some open-source software licenses require end-users who use, distribute or make available across a network software and services that include open-source software to offer to the public aspects of the technology that incorporates the open-source software for no cost, make publicly available source code (which in some circumstances could include valuable proprietary code) for modifications or derivative works created based upon incorporating or using the open-source software and/or to license such modifications or derivative works under the terms of the particular open source license. If we combine our proprietary software with open-source software in a certain manner, we could, under certain open-source licenses, be required to release or license the source code of our proprietary software to the public. Additionally, if a third-party software provider has incorporated open-source software into software that we license from such provider, we could be required to disclose any of our source code that incorporates or is a modification of our licensed software. While we use tools designed to help us monitor and comply with the licenses of third-party open-source software and protect our valuable proprietary source code, we may inadvertently use third-party open-source software in a manner that exposes us to claims of non-compliance with the terms of their licenses, including claims of intellectual property rights infringement or for breach of contract. Furthermore, there exists today an increasing number of types of open-source software licenses, almost none of which have been tested in courts of law to provide guidance of their proper legal interpretations, and there is a risk that such licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our use of the open-source software. If we were to receive a claim of non-compliance with the terms of any of these open-source licenses, we may be required to publicly release certain portions of our proprietary source code, expend substantial time and resources to re-engineer some of our software, or pay damages, settlement fees or a royalty to use certain open-source software. Any of the foregoing could disrupt and harm our business.

In addition, the use of third-party open-source software typically exposes us to greater risks than the use of third-party commercial software because open-source licensors generally do not provide support, warranties, controls, indemnification, or other contractual protections regarding the functionality or origin of the software. Use of open-source software may also present additional security risks because the public availability of such software may make it easier for hackers and other third parties to determine how to compromise our platform. Any of the foregoing could harm our business, financial condition, results of operations, and prospects and could help our competitors develop products and services that are similar to or better than ours.

Any failure to protect our intellectual property that is not registered could impair our business.

Although we rely on copyright laws to protect the works of authorship (including software) created by us, we do not register the copyrights in any of our copyrightable works. Copyrights of U.S. origin must be registered before the copyright owner may bring an infringement suit in the United States. Furthermore, if a copyright of U.S. origin is not registered within three months of publication of the underlying work, the copyright owner may be precluded from seeking statutory damages or attorney’s fees in any United States enforcement action, and may be limited to seeking actual damages and lost profits. Accordingly, if one of our unregistered copyrights of U.S. origin is infringed by a third party, we will need to register the copyright before we can file an infringement suit in the United States, and our remedies in any such infringement suit may be limited.

We are subject to numerous privacy and data security laws and related contractual requirements and our failure to comply with those obligations could cause us significant harm.

In the normal course of our business, we collect, process, use and disclose information about individuals, including protected health information and other patient data, as well as information relating to health professionals and our employees. The collection, processing, use, disclosure, disposal, and protection of such information is highly regulated both in the United States and other jurisdictions, including but not limited to, under HIPAA, as amended by HITECH; U.S. state privacy, security, and breach notification and healthcare information laws; the European Union’s GDPR; and other European privacy laws as well as privacy laws being adopted in other regions around the world. These laws and regulations are complex and their interpretation is rapidly evolving, making implementation and enforcement, and thus compliance requirements, ambiguous, uncertain, and potentially inconsistent. In addition, our collection, processing, use, disclosure, and protection of information are subject to related contractual requirements. Compliance with such laws and related contractual requirements may require changes to our collection, use, transfer, disclosure, or other processing of information about individuals, and may thereby increase compliance costs. Failure to comply with such laws and/or related contractual obligations could result in regulatory enforcement or claims against us for breach of contract, or may lead third parties to terminate their contracts with us and/or choose not to work with us in the future. Should this occur, there could be a material adverse effect on our reputation, business, financial condition, and results of operations.

These regulations often govern the use, handling, and disclosure of information about individuals, including medical information, and require the use of standard contracts, privacy and security standards, and other administrative simplification provisions. In relation to HIPAA, we do not consider our service offerings to generally cause us to be subject as a covered entity; however, in certain circumstances, we are subject to HIPAA as a business associate and may enter into business associate agreements.

Additionally, the Federal Trade Commission (the “FTC”) and many state attorneys general are interpreting existing federal and state consumer protection laws to impose evolving standards for the online collection, use, dissemination, and security of information about individuals, including health-related information. Courts may also adopt the standards for fair information practices promulgated by the FTC, which concern consumer notice, choice, security, and access. Consumer protection laws require us to publish statements that describe how we handle information about individuals and choices individuals may have about the way we handle their information. If such information that we publish is considered untrue, we may be subject to government claims of unfair or deceptive trade practices, which could lead to significant liabilities and consequences. Furthermore, according to the FTC violating consumers’ privacy rights or failing to take appropriate steps to keep information about consumers secure may constitute unfair acts or practices in or affecting commerce in violation of Section 5(a) of the FTC Act.

In addition, certain states have adopted robust privacy and security laws and regulations. Such laws and regulations will be subject to interpretation by various courts and other governmental authorities, thus creating potentially complex compliance issues for us and our future customers and strategic partners. For example, the CCPA, which took effect in 2020, imposes obligations and restrictions on businesses regarding their collection, use, and sharing of personal information and provides new and enhanced data privacy rights to California residents, such as affording them the right to access and delete their personal information and to opt-out of certain sharing of personal information. Protected health information that is subject to HIPAA is excluded from the CCPA, however, the information we hold about individuals that is not subject to HIPAA would be subject to the CCPA. It is unclear how HIPAA and the other exceptions may be applied under the CCPA. The CCPA may increase our compliance costs and potential liability. Many similar privacy laws have been proposed at the federal level and in other states.

The GDPR became enforceable on May 25, 2018. The GDPR regulates our processing of personal data, and imposes stringent requirements. The GDPR includes sanctions for violations up to the greater of €20 million or 4.0% of worldwide gross annual revenue and applies to services providers such as us. In addition, from the beginning of 2021(when the transitional period following Brexit expires), we will have to comply with the GDPR and also the UK GDPR, with each regime having the ability to fine up to the greater of €20 million (£17 million) or 4% of global turnover. The relationship between the United Kingdom and the European Union in relation to certain aspects of data protection law remains unclear, for example how data transfers between EU member states and the United Kingdom will be treated and the role of the Information Commissioner’s Office following the end of the transitional period. These changes will lead to additional costs and increase our overall risk exposure.

Recent legal developments in Europe have created complexity and uncertainty regarding transfers of personal data from the EEA to the United States, e.g., on July 16, 2020, the Court of Justice of the European Union (“CJEU”) invalidated the EU-US Privacy Shield Framework (“Privacy Shield”) under which personal data could be transferred from the EEA to U.S. entities who had self-certified under the Privacy Shield scheme. While the CJEU upheld the adequacy of the standard contractual clauses (a standard form of contract approved by the European Commission as an adequate personal data transfer mechanism, and a potential alternative to the Privacy Shield), it made clear that reliance on them alone may not necessarily be sufficient in all circumstances; this has created uncertainty. At the moment we have not implemented any Privacy Shield procedures or certifications. We also currently rely on the standard contractual clauses to transfer personal data outside the EEA, including to the United States. It may subject us to a lawsuit of a European Union citizen, if we inadvertently process their personally-identifiable information.

The United States, the European Union, and other jurisdictions where we operate continue to issue new and enhance existing, privacy and data security protection regulations related to the collection, use, disclosure, disposal, and protection of information about individuals, including medical information. Privacy and data security laws are rapidly evolving both in the United States and internationally, and the future interpretation of those laws is somewhat uncertain. E.g., we do not know how E.U. regulators will interpret or enforce many aspects of the GDPR and some regulators may do so in an inconsistent manner. In the United States, privacy and data security is an area of emphasis for some but not all state regulators, and new legislation has been and likely will continue to be introduced at the state and/or federal level. For instance, there is a new act on the ballot in California, the California Privacy Rights Act, which may go into effect in 2023. Additional legislation or regulation might, among other things, require us to implement new security measures and processes or bring within the legislation or regulation de-identified health or other information about individuals, each of which may require substantial expenditures or limit our ability to offer some of our services.

Risks Related to Our Industry

Markets for our products and services are highly competitive and subject to rapid technological change, and we may be unable to compete effectively in these markets.

The market for healthcare solutions is intensely competitive and is characterized by rapidly evolving technology, solution standards, and users’ needs, and the frequent introduction of new products and services. There can be no assurance that we capture additional opportunities in such rapidly evolving markets. Some of our competitors may be more established, benefit from greater name, recognition and have substantially greater financial, technical, and marketing resources than us. Moreover, we expect that competition will continue to increase as a result of potential incentives provided by government programs and as a result of consolidation in both the IT and healthcare industries. If one or more of our competitors or potential competitors were to merge or partner with another of our competitors, the change in the competitive landscape could adversely affect our ability to compete effectively.

We compete on the basis of several factors, including:

There can be no assurance that we will be able to compete successfully against current and future competitors or that the competitive pressures that we face will not materially and adversely impact our business, financial condition, and operating results.

Increased government involvement in healthcare could materially and adversely impact our business.

United States healthcare system reform at both the federal and state level could increase government involvement in healthcare, reconfigure reimbursement rates and otherwise change the business environment of our clients and the other entities with which we have a business relationship. We cannot predict whether or when future healthcare reform initiatives at the federal or state level or other initiatives affecting our business will be proposed, enacted, or implemented or what impact those initiatives may have on our business, financial condition, or operating results. Our clients and the other entities with which we have a business relationship could react to these initiatives and the uncertainty surrounding these proposals by curtailing or deferring investments, including those for our products and services.

Consolidation in the healthcare industry could adversely impact our business, financial condition, and operating results.

Many healthcare industry organizations are consolidating to create integrated healthcare delivery systems with greater market power. As provider networks and managed care organizations consolidate, thus decreasing the number of market participants, the competition to provide products and services like ours will become more intense, and the importance of establishing and maintaining relationships with key industry participants will increase. These industry participants may try to use their market power to negotiate price reductions for our products and services. Further, consolidation of management and billing services through integrated delivery systems may decrease demand for our products. Such consolidation may also lead to integrated delivery systems requiring newly acquired physician practices to replace our products and services with those already in use in the larger enterprise. Any of these factors could materially and adversely impact our business, financial condition, and operating results.

We are subject to numerous regulatory requirements of the healthcare industry and is susceptible to a changing regulatory environment.

As a participant in the healthcare industry, our operations and relationships, and those of our clients, are regulated by a number of foreign, federal, state, and local governmental entities. The impact of such regulations on us, our products, and our services can be both direct and indirect. The direct impact is present to the extent we are ourselves subject to the pertinent laws and regulations. The indirect effect of such regulations can be experienced both in terms of the level of government reimbursement available to our clients and to the extent, our products must be capable of being used by our clients in a manner compliant with applicable laws and regulations. Furthermore, our efforts to expand into new markets internationally may subject us to numerous additional laws and regulations that may be potentially burdensome in compliance.

The ability of our clients to comply with laws and regulations while using our software platforms and solutions could affect the marketability of our products or our compliance with our client contracts, or even expose us to direct liability under the theory that we had assisted our clients in a violation of healthcare laws or regulations. Because our business relationships with doctors, hospitals, and Life Sciences clients are unique and the healthcare IT industry as a whole is to a certain extent, in its incipient stage, the application of many state and federal regulations to our business operations and to our clients may be uncertain.

Additionally, a tendency to impose additional regulation in the U.S. federal and state privacy and security laws (such as CCPA); fraud and abuse laws, including anti-kickback laws and limitations on physician referrals; numerous quality measurement programs being adopted by our clients; and laws related to distribution and marketing, including the off-label promotion of prescription drugs, which may be directly or indirectly applicable to our operations and relationships or the business practices of our clients. It is possible that a review of our business practices or those of our clients by courts or regulatory authorities could result in a determination that could adversely affect us.

In addition, the healthcare regulatory environment may change in a way that restricts our existing operations or our growth. The healthcare industry generally and the EHR industry specifically are expected to continue to undergo significant legal and regulatory changes for the foreseeable future, which could have an adverse effect on our business, financial condition, and operating results. We cannot predict the effect of possible future enforcement, legislation, and regulation.

We may be directly and indirectly liable for its client’s non-compliance with laws and regulations addressing Electronic Health Records.

A number of relevant federal and state laws govern the use and content of EHRs, including fraud and abuse laws that may affect the approach to our technological solutions. We provide solutions and expert services in connection with EHR to a variety of healthcare providers. As a result, our platforms and services have to be designed in a manner that facilitates our clients’ compliance with applicable laws and regulations. We cannot predict the content or effect of possible changes to these laws or new federal and state laws that might govern these systems and services. Furthermore, we may be required to obtain pertinent certifications or permissions to meet industry standards that could adversely impact our business.

The Company and its products are subject to laws and regulations concerning privacy, information security, data protection, consumer protection, and protection of minors, and these laws and regulations are continually evolving. Our actual or perceived failure to comply with these laws and regulations could harm our business, financial condition, results of operations, reputation, or prospects.

In addition to healthcare-specific information protection requirements, we store sensitive information, including personal information about our employees, and our platforms involve the storage and transmission of customers’ personal information on equipment, networks, and corporate systems run by us or managed by third parties including Amazon, Apple, Facebook, Google, and Microsoft. We are subject to a number of laws, rules, and regulations requiring us to provide notification to players, investors, regulators, and other affected parties in the event of a security breach of certain personal data, or requiring the adoption of minimum information security standards that are often vaguely defined and difficult to practically implement. The costs of compliance with these laws, including the European Union’s General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act of 2018 (“CCPA”), have increased and may increase in the future. Our corporate systems, third-party systems, and security measures may be breached due to the actions of outside parties, employee error, malfeasance, a combination of these, or otherwise, and, as a result, an unauthorized party may obtain access to, or compromise the integrity of, our data, our employees’ data, our customers’ data or any third-party data we may possess. Any such security breach could require us to comply with various breach notification laws, may affect our ability to operate, and may expose us to litigation, remediation and investigation costs, increased costs for security measures, loss of revenue, damage to our reputation, and potential liability, each of which could be material.

Various government and consumer agencies have called for new regulation and changes in industry practices and are continuing to review the need for greater regulation for the collection of information concerning consumer behavior on the Internet, including regulation aimed at restricting certain targeted advertising practices. For example, the State of California’s passage of the CCPA, which went into effect on January 1, 2020, and created new privacy rights for consumers residing in the state. There is also increased attention being given to the collection of data from minors. For instance, the Children’s Online Privacy Protection Act (“COPPA”) requires companies to obtain parental consent before collecting personal information from children under the age of 13. Compliance with GDPR, CCPA, COPPA, and similar legal requirements has required us to devote significant operational resources and incur significant expenses.

We strive to comply with all applicable laws, policies, legal obligations, and certain industry codes of conduct relating to privacy and data protection, to the extent reasonably attainable. However, it is possible that these obligations may be interpreted and applied in a manner that is inconsistent from one jurisdiction to another and may conflict with other rules or our practices. It is also possible that new laws, policies, legal obligations, or industry codes of conduct may be passed, or existing laws, policies, legal obligations, or industry codes of conduct may be interpreted in such a way that could prevent us from being able to offer services to citizens of a certain jurisdiction or may make it costlier or more difficult for us to do so. Any failure or perceived failure by us to comply with our privacy policy and terms of service, our privacy-related obligations to players or other third parties, or our privacy-related legal obligations, or any compromise of security that results in the unauthorized release or transfer of personally identifiable information or other player data, may result in governmental enforcement actions, litigation or public statements against us by consumer advocacy groups or others and could cause our players to lose trust in us, which could have an adverse effect on our business, financial condition, results of operations, reputation or prospects. Additionally, if third parties we work with, such as players, vendors, or developers violate applicable laws or our policies, such violations may also put our clients’ and their patients’ information at risk and could, in turn, have an adverse effect on our business, financial condition, results of operations, reputation, or prospects.

The Company and its products are subject to laws and regulations concerning healthcare provider’s practices and patients’ information protection. Our actual or perceived failure to comply with these laws and regulations could harm our business, financial condition, results of operations, reputation, or prospects.

As part of the operation of our business, we, and our subcontractors may have access to, or our clients may provide to us, individually identifiable health information related to the treatment, payment, and operations of providers’ practices. In the United States, government and industry legislation and rulemaking, especially HIPAA, HITECH, and standards and requirements published by industry groups such as the Joint Commission require the use of standard transactions, standard identifiers, security other standards and requirements for the transmission of certain electronic health information. National standards and procedures underripe include the “Standards for Electronic Transactions and Code Sets” (the “Transaction Standards”); the “Security Standards” (the “Security Standards”); and the “Standards for Privacy of Individually Identifiable Health Information” (the “Privacy Standards”). The Transaction Standards require the use of specified data coding, formatting, and content in all specified “healthcare Transactions” conducted electronically. The Security Standards require the adoption of specified types of security measures for certain electronic health information, which is called Protected Health Information (“PHI”). The Privacy Standards grant a number of rights to individuals as to their PHI and restrict the use and disclosure of PHI by “Covered Entities,” defined as “health plans,” “healthcare providers,” and “healthcare clearinghouses.”

Any failure or perceived failure by us to comply with the aforementioned laws and regulations in connection with our products and services provided to our clients or used by third parties, or our related legal obligations, or any compromise of security that results in the unauthorized release or transfer protected information, may result in governmental enforcement actions, litigation, class action, or public statements against us by consumer advocacy groups or others and could cause our clients to lose trust in us, which could have an adverse effect on our business, financial condition, results of operations, reputation or prospects.

The Company and its products are subject to laws and regulations concerning electronic prescribing standards and the adoption of controlled substance electronic prescribing. Our actual or perceived failure to comply with these laws and regulations could harm our business, financial condition, results of operations, reputation, or prospects.

The use of our software by physicians to perform a variety of functions, including electronic prescribing, which refers to the electronic routing of prescriptions to pharmacies and the ensuing dispensation, is governed by state and federal law, including fraud and abuse laws. States have differing prescription format requirements, which we have programmed into our software. There is significant variation in the laws and regulations governing prescription activity, as federal law and the laws of many states permit the electronic transmission of certain controlled prescription orders, while the laws of several states neither specifically permit nor specifically prohibit the practice. Restrictions exist at the federal level on the use of electronic prescribing for controlled substances and certain other drugs, including a regulation enacted by the Drug Enforcement Association in mid-2010. However, some states (most notably New York) have passed complementary laws governing the use of electronic prescribing tools in the use of prescribing opioids and other controlled substances, and we expect this to continue to be addressed with regulations in other states. In addition, the HHS published its final “E-Prescribing and the Prescription Drug Program” regulations in 2005 (effective January 1, 2006), and final regulations governing the standards for electronic prescribing under Medicare Part D in 2008 (effective June 6, 2008) (the “ePrescribing Regulations”). These regulations are required by the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (“MMA”) and consist of detailed standards and requirements, in addition to the HIPAA Standard discussed above, for prescription and other information transmitted electronically in connection with a drug benefit covered by the MMA’s Prescription Drug Benefit. Further, in 2016, Congress passed the Comprehensive Addiction and Recovery Act, which contained components related to Prescription Drug Monitoring Programs and other elements that relate to the use of our technologies. These standards are detailed and broad, and cover not only routing transactions between prescribers and pharmacies, but also electronic eligibility, formulary, and benefits inquiries. In general, regulations in this area can be burdensome and evolve regularly, meaning that any potential benefits to our clients from utilizing such solutions and services may be superseded by a newly-promulgated regulation that adversely affects our business model. Our efforts to provide solutions that enable our clients to comply with these regulations could be time consuming and expensive.

Any failure or perceived failure by us to comply with the aforementioned laws and regulations in connection with our products and services provided to our clients or used by third parties, or our related legal obligations, or any compromise of security that results in the unauthorized release or transfer protected information, may result in governmental enforcement actions, litigation, class action, or public statements against us by consumer advocacy groups or others and could cause our clients to lose trust in us, which could have an adverse effect on our business, financial condition, results of operations, reputation, or prospects.

We may be subject to liability as a result of a failure or a perceived failure to comply with laws and regulations governing approval and reimbursement of claims by healthcare industry payers.

Our software solutions allow to electronically transmits medical claims by physicians to patients’ payers for approval and reimbursement. In addition, our services include assistance in cloud processing and submission of medical claims by physicians to patients’ payers for approval and reimbursement. Federal law provides that it is both a civil and a criminal violation for any person to submit, or cause to be submitted, a claim to any payer, including, without limitation, Medicare, Medicaid, and all private health plans and managed care plans, seeking payment for any services or products that overbills or bills for items that have not been provided to the patient. We have in place policies and procedures that we believe assure that all claims that are transmitted by our system and through our services are accurate and complete, provided that the information given to us by our clients is also accurate and complete. If, however, we or our subcontractors do not follow those procedures and policies, or they are not sufficient to prevent inaccurate claims from being submitted, we could be subject to liability.

In the event our software platforms and solutions are found to be subject to FDA’s regulations and approval in connection with the certain types of medical devices our software integrates with, we may have to incur additional costs or be subjected to potential criminal and civil penalties in case of the actual or perceived failure of us to comply with such regulations.

Certain computer software products are regulated as medical devices under the Federal Food, Drug and Cosmetic Act. The 21^st Century Cures Act, passed in December 2016, clarified the definition of a medical device to exclude health information technology such as Electronic Health Records; however, the legislation did leave the opportunity for that designation to be revisited if determined to be necessary by changing industry and technological dynamics. Accordingly, the Food and Drug Administration (the “FDA”) may become increasingly active in regulating computer software intended for use in healthcare settings. Depending on the product, we could be required to notify the FDA and demonstrate substantial equivalence to other products on the market before marketing such products or obtain FDA approval by demonstrating safety and effectiveness before marketing a product. Depending on the intended use of a device, the FDA could require us to obtain extensive data from clinical studies to demonstrate safety or effectiveness or substantial equivalence. If the FDA requires this data, we could be required to obtain approval of an investigational device exemption before undertaking clinical trials. Clinical trials can take extended periods of time to complete. We cannot provide assurances that the FDA would approve or clear a device after the completion of such trials. In addition, these products would be subject to the Federal Food, Drug, and Cosmetic Act’s general controls. The FDA can impose extensive requirements governing pre- and post-market conditions such as approval, labelling, and manufacturing, as well as governing product design controls and quality assurance processes. Failure to comply with FDA requirements can result in criminal and civil fines and penalties, product seizure, injunction, and civil monetary policies—each of which could have an adverse effect on our business.

We may have to incur material expenses in order to accommodate its client’s interoperability requests dictated by interoperability standards of exchange of health information.

Our clients are concerned with and often require that our software solutions and health care devices be interoperable with other third-party health care information technology suppliers. With the passing of the MACRA in 2015, the U.S. Congress declared it a national objective to achieve widespread exchange of health information through interoperable certified EHR technology nationwide by December 31, 2018. The 21st Century Cures Act, which was passed and signed into law in December 2016, includes numerous provisions intended to encourage this nationwide interoperability.

In February 2019, HHS’s Office of the National Coordinator for Health Information Technology (“ONC”) released a proposed rule titled, “21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program.” Following an extended public comment period, in March 2020 ONC released the final rule which implements the key interoperability provisions included in the Cures Act. Specifically, it calls on developers of certified EHRs and health IT products to adopt standardized application programming interfaces (“APIs”), which will help allow individuals to securely and easily access structured and unstructured EHI formats using smartphones and other mobile devices. This provision and others included in the rule create a lengthy list of new certification and maintenance of certification requirements that developers of EHRs and other health IT products have to meet in order to maintain approved federal government certification status. Although our current products do not require such certification, they may be required to be certified in future. Meeting and maintaining this certification status will require additional development costs.

The ONC rule also implements the information blocking provisions of the 21st Century Cures Act, including identifying reasonable and necessary activities that do not constitute information blocking. Under the 21st Century Cures Act, the U.S. Department of Health and Human Services (“HHS”) has the regulatory authority to investigate and assess civil monetary penalties of up to $1,000,000 against certified health IT developers found to be in violation of “information blocking.” This new oversight and authority to investigate claims of information blocking creates significant risks for us and our clients and could potentially create substantial new compliance costs.

Other regulatory provisions included in the ONC Cures Act final rule could create compliance costs and/or regulatory risks for us. Because these regulations are subject to future changes and/or significant enforcement discretion by federal agencies, the ultimate impact of these regulations is unknown.

There is significant uncertainty in the healthcare industry, both as a result of recently enacted legislation and changing government regulation, which may have a material adverse impact on the businesses of our hospital clients and ultimately on our business, financial condition, and results of operations.

The healthcare industry is subject to changing political, economic, and regulatory influences that may affect the procurement processes and operation of healthcare facilities, including our hospital clients. During the past decade, the healthcare industry has been subject to increased legislation and regulation of, among other things, reimbursement rates, payment programs, information technology programs, and certain capital expenditures (collectively, the “Health Reform Laws”). The Health Reform Laws contain various provisions that impact us and our clients. Some of these provisions have a positive impact, by expanding the use of electronic health records in certain federal programs, for example, while others, such as reductions in reimbursement for certain types of providers, have a negative impact due to fewer available resources. The continued increase in fraud and abuse penalties is expected to adversely affect participants in the healthcare sector, including us.

The activity related to the repeal, repair, and/or replacement of the Patient Protection and Affordable Care Act (“PPACA”), including any changes resulting from continued judicial and congressional challenges to certain aspects of the law, and the 2015 repeal of the Sustainable Growth Rate and replacement with the MACRA may have an impact on our business. The Affordable Care Act, passed in 2010, contained various provisions that have impacted us and our clients, and any replacement or adjustment of that law may change requirements related to our products or how our clients use them, as well as reimbursement available to our clients. These may have a positive impact by requiring the expanded use of EHRs and analytics tools to participate in certain federal programs, for example, while others, such as those mandating reductions in reimbursement for certain types of providers, may have a negative impact by reducing the resources available to purchase our products. Increases in fraud and abuse enforcement and penalties may also adversely affect participants in the healthcare sector, including us.

As existing regulations mature and become better defined, we anticipate that these regulations will continue to directly affect certain of our products and services, but we cannot fully predict the effect at this time. We have taken steps to modify our products, services, and internal practices as necessary to facilitate our compliance with the regulations, but there can be no assurance that we will be able to do so in a timely or complete manner. Achieving compliance with these regulations could be costly and distract management’s attention and divert other company resources, and any non-compliance by us could result in civil and criminal penalties.

We may not see the benefits from government funding programs initiated to accelerate the adoption and utilization of health information technology.

While government programs have been implemented to improve the efficiency and quality of the healthcare sector, including expenditures to stimulate business and accelerate the adoption and utilization of healthcare technology, we may not see the anticipated benefits of such programs. Under the ARRA, the PPACA, and the MACRA, significant government financial resources are being invested in healthcare, including financial incentives to healthcare providers who can demonstrate meaningful use of certified EHR technology since 2011. While we expect the ARRA, the PPACA, and the MACRA to continue to create sales opportunities over the next several years, we are unsure of the immediate or long-term impact of these government actions.

HITECH established the Medicare and Medicaid EHR Incentive Programs to provide incentive payments for eligible professionals, hospitals, and critical access hospitals as they adopt, implement, upgrade, or demonstrate meaningful use of certified EHR technology. HITECH, and subsequently MACRA, also authorized CMS to apply payment adjustments, or penalties, to Medicare eligible professionals and eligible hospitals that are not meaningful users under the Medicare EHR Incentive Program. Centers for Medicare & Medicaid Services (“CMS”).

Although we believe that our service offerings will meet the requirements of HITECH and MACRA to allow our clients to qualify for financial incentives and avoid financial penalties for implementing and using our services, there can be no guaranty that our clients will achieve meaningful use (or its equivalent under MACRA’s Merit Based Incentive Payment System, Promoting Interoperability) or actually receive such planned financial incentives for our services. We also cannot predict the speed at which healthcare providers will adopt electronic health record systems in response to these government incentives, whether healthcare providers will select our products and services, or whether healthcare providers will implement an electronic health record system at all. In addition, the financial incentives associated with the meaningful use program are tied to provider participation in Medicare and Medicaid, and we cannot predict whether providers will continue to participate in these programs. Any delay in the purchase and implementation of electronic health records systems by healthcare providers in response to government programs, or the failure of healthcare providers to purchase an electronic health record system, could have an adverse effect on our business, financial condition, and results of operations. It is also possible that additional regulations or government programs related to electronic health records, amendment or repeal of current healthcare laws and regulations, or the delay in regulatory implementation could require us to undertake additional efforts to meet meaningful use standards, materially impact our ability to compete in the evolving healthcare IT market, materially impact healthcare providers’ decisions to implement electronic health records systems or have other impacts that would be unfavorable to our business. The costs of achieving and maintaining certified electronic health record technology (“CEHRT”) are also significant and because the definition of CEHRT and its use requirements for clients are subject to regulatory changes, these programs and future regulatory changes to them could adversely impact our business.

We may be subject to false or fraudulent claim laws.

There are numerous federal and state laws that forbid the submission of false information or the failure to disclose information in connection with submission and payment of physician claims for reimbursement. In some cases, these laws also forbid the abuse of existing systems for such submission and payment. Any failure of our revenue cycle management services to comply with these laws and regulations could result in substantial liability including, but not limited to, criminal liability, could adversely affect demand for our services and could force us to expend significant capital, research and development, and other resources to address the failure. Errors by us or our systems with respect to entry, formatting, preparation, or transmission of claim information may be determined or alleged to be in violation of these laws and regulations. Determination by a court or regulatory agency that our services violate these laws could subject us to civil or criminal penalties, invalidate all or portions of some of our client contracts, require us to change or terminate some portions of our business, require us to refund portions of our services fees, cause us to be disqualified from serving clients doing business with government payers and have an adverse effect on our business.

If the healthcare information technology market fails to continue to develop as quickly as expected, our business, financial condition, and operating results could be materially and adversely affected.

The electronic healthcare information market is rapidly evolving. A number of market entrants have introduced or developed products and services that are competitive with one or more components of the platforms and programmatic solutions we offer. We expect that additional companies will continue to enter this market, especially in response to recent legislative actions. In new and rapidly evolving industries, there is significant uncertainty and risk as to the demand for, and market acceptance of, recently introduced products and services. Because the markets for our products and services are new and evolving, we are not able to predict the size and growth rate of the markets with any certainty. If markets fail to develop, develop more slowly than expected, or become saturated with competitors, our business, financial condition, and operating results could be materially and adversely impacted.

If the demand for cloud-based solutions declines, particularly in the Life Sciences industry, our revenues could decrease, and our business could be adversely affected.

The continued expansion of the use of cloud-based solutions, particularly in the Life Sciences industry, depends on a number of factors, including the cost, performance, and perceived value associated with cloud-based solutions, as well as the ability of providers of cloud-based solutions to address and maintain security, privacy, and unique regulatory requirements or concerns. If we or other cloud-based solution providers experience security incidents, loss of customer data, disruptions in delivery, or other problems, the market for cloud-based solutions in the Life Sciences industry, including our solutions, may be adversely affected. If cloud-based solutions do not continue to achieve more widespread adoption in the Life Sciences industry, or there is a widespread reduction in demand for cloud-based solutions, our revenues could decrease and our business could be adversely affected.

Unfavorable conditions in our industry or the U.S. economy, or reductions in information technology spending, could limit our ability to grow our business and negatively affect our operating results.

Our operating results may vary based on the impact of changes in our industry or the United States economy on us or our clients. The revenue growth and potential profitability of our business depend on demand for the workforce and provide platforms and programmatic for healthcare providers. We sell our products and services to organizations whose businesses fluctuate based on general economic and business conditions. In addition, a portion of our revenue is attributable to the number of users of our products at each of our clients, which in turn is influenced by the employment and hiring patterns of our clients and potential clients. To the extent that economic uncertainty or weak economic conditions cause our clients and potential clients to freeze or reduce their headcount, demand for our products may be negatively affected. If economic conditions deteriorate, our clients and potential clients may elect to decrease their workforce development budgets for cloud-based platforms and programmatic solutions by deferring or reconsidering purchases, which would limit our ability to grow our business and negatively affect our operating results.

The market for our data analysis systems and software solutions is new and unproven and may not grow.

We believe our future success will depend in large part on establishing and growing a market for our systems infrastructure and that are able to provide operational intelligence, particularly designed to collect and index machine data. Our systems infrastructure is designed to address interoperability challenges across the healthcare continuum. It integrates big data with real-time resources and applies machine learning algorithms to inform and optimize treatment decisions. In order to grow our business, we intend to expand the functionality of our offering to increase its acceptance and use by the broader market. In particular, our systems infrastructure is targeted at those in the healthcare continuum that are transitioning from fee-for-service to a value-based reimbursement model. While we believe this to be the current trend in healthcare, this trend may not continue in the future. Our systems infrastructure is less effective with a traditional fee-for-service model and if there is a reversion in the industry towards fee-for-service, or a shift to another model, we would need to update our offerings and we may not be able to do so effectively or at all. It is difficult to predict client adoption and renewal rates, client demand for our software, the size and growth rate of the market for our solutions, the entry of competitive products, or the success of existing competitive products. Many of our potential clients may already be a party to existing agreements for competing offerings that may have lengthy terms or onerous termination provisions, and they may have already made substantial investments into those platforms which would result in high switching costs. Any expansion in our market depends on several factors, including the cost, performance, and perceived value associated with such operating system and software applications particularly considering the shifting market dynamics. Although we have experienced rapid adoption of our systems infrastructure and software solutions, the rate may slow or decline in the future, which would harm our business and operating results. In addition, while many large hospital systems and payers use our solutions, many of these entities use only certain of our offerings, and we may not be successful in driving broader adoption of our solutions among these existing users, which would limit our revenue growth.

If the market for our offerings does not achieve widespread adoption or there is a reduction in demand for our offerings in our market caused by a lack of customer acceptance, technological challenges, lack of accessible machine data, competing technologies and products, decreases in corporate spending, weakening economic conditions, or otherwise, it could result in reduced customer orders, early terminations, reduced renewal rates or decreased revenues, any of which would adversely affect our business operations and financial results. You should consider our business and prospects in light of the risks and difficulties we may encounter in this new and unproven market.

If our shares of common stock become subject to the penny stock rules, it would become more difficult to trade our shares.

The Securities and Exchange Commission (or SEC) has adopted rules that regulate broker-dealer practices in connection with transactions in penny stocks. Penny stocks are generally equity securities with a price of less than $5.00, other than securities registered on certain national securities exchanges or authorized for quotation on certain automated quotation systems, provided that current price and volume information with respect to transactions in such securities is provided by the exchange or system. If we do not retain a listing on Nasdaq and if the price of our common stock is less than $5.00, our common stock will be deemed a penny stock. The penny stock rules require a broker-dealer, before a transaction in a penny stock not otherwise exempt from those rules, to deliver a standardized risk disclosure document containing specified information. In addition, the penny stock rules require that before effecting any transaction in a penny stock not otherwise exempt from those rules, a broker-dealer must make a special written determination that the penny stock is a suitable investment for the purchaser and receive (i) the purchaser’s written acknowledgment of the receipt of a risk disclosure statement; (ii) a written agreement to transactions involving penny stocks; and (iii) a signed and dated copy of a written suitability statement. These disclosure requirements may have the effect of reducing the trading activity in the secondary market for our common stock, and therefore stockholders may have difficulty selling their shares.

Our Parent owns approximately 59.18% of our common stock and will be able to exert a controlling influence over our business affairs and matters submitted to stockholders for approval.

Our Parent owns approximately 59.18% of our common stock. As a result, our Parent has control over all matters submitted to our stockholders for approval, including the election and removal of directors, amendments to our certificate of incorporation and bylaws, the approval of any business combination, and any other significant corporate transaction. These actions may be taken even if they are opposed by other stockholders, including public stockholders like you.

Sales of a significant number of shares of our common stock in the public markets, or the perception that such sales could occur, could depress the market price of our common stock.

Sales of a substantial number of shares of our common stock in the public markets could depress the market price of our common stock and impair our ability to raise capital through the sale of additional equity securities. We cannot predict the effect that future sales of our common stock would have on the market price of our common stock.

If securities or industry analysts do not publish research or publish inaccurate or unfavorable research about our business, our stock price and trading volume could decline.

The trading market for our common stock will depend in part on the research and reports that securities or industry analysts publish about us or our business. Several analysts cover our stock. If one or more of those analysts downgrade our stock or publish inaccurate or unfavorable research about our business, our stock price would likely decline. If one or more of these analysts cease coverage of our company or fail to publish reports on us regularly, demand for our stock could decrease, which might cause our stock price and trading volume to decline.

We are an “emerging growth company” and the reduced disclosure requirements applicable to emerging growth companies may make our common stock less attractive to investors.

We are an “emerging growth company,” as defined in the JOBS Act. For so long as we remain an emerging growth company, we are permitted by SEC rules and plan to rely on exemptions from certain disclosure requirements that are applicable to other SEC-registered public companies that are not emerging growth companies. These exemptions include not being required to comply with the auditor attestation requirements of Section 404 of the SOX, not being required to comply with any requirement that may be adopted by the Public Company Accounting Oversight Board regarding mandatory audit firm rotation or a supplement to the auditor’s report providing additional information about the audit and the financial statements, reduced disclosure obligations regarding executive compensation and exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved. As a result, the information we provide stockholders will be different than the information that is available with respect to other public companies. In this prospectus, we have not included all of the executive compensation-related information that would be required if we were not an emerging growth company. We cannot predict whether investors will find our common stock less attractive if we rely on these exemptions. If some investors find our common stock less attractive as a result, there may be a less active trading market for our common stock and our stock price may be more volatile.

In addition, the JOBS Act provides that an emerging growth company can take advantage of an extended transition period for complying with new or revised accounting standards. This allows an emerging growth company to delay the adoption of certain accounting standards until those standards would otherwise apply to private companies. We have elected to avail ourselves of this exemption from new or revised accounting standards and, therefore, we will not be subject to the same new or revised accounting standards as other public companies that are not emerging growth companies. As a result, our financial statements may not be comparable to companies that comply with new or revised accounting pronouncements as of public company effective dates.

The elimination of personal liability against our directors and officers under Delaware law and the existence of indemnification rights held by our directors, officers and employees may result in substantial expenses.

Our Amended and Restated Certificate of Incorporation and our Bylaws eliminate the personal liability of our directors and officers to us and our stockholders for damages for breach of fiduciary duty as a director or officer to the extent permissible under Delaware law. Further, our amended and restated certificate of incorporation and our Bylaws and individual indemnification agreements we have entered with each of our directors and executive officers provide that we are obligated to indemnify each of our directors or officers to the fullest extent authorized by the Delaware law and, subject to certain conditions, advance the expenses incurred by any director or officer in defending any action, suit or proceeding prior to its final disposition. Those indemnification obligations could expose us to substantial expenditures to cover the cost of settlement or damage awards against our directors or officers, which we may be unable to afford. Further, those provisions and resulting costs may discourage us or our stockholders from bringing a lawsuit against any of our current or former directors or officers for breaches of their fiduciary duties, even if such actions might otherwise benefit our stockholders.

Our certificate of incorporation will designate the Court of Chancery of the State of Delaware as the exclusive forum for certain litigation that may be initiated by our stockholders, which could limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us.

Our amended and restated certificate of incorporation specifies that, unless we consent in writing to the selection of an alternative forum, the Court of Chancery of the State of Delaware shall be the sole and exclusive forum for (a) any derivative action or proceeding brought on behalf of us, (b) any action asserting a claim of breach of a fiduciary duty owed by any of our directors, officers, employees or agents or our stockholders, (c) any action asserting a claim arising pursuant to any provision of the Delaware General Corporation Law, our Certificate of Incorporation or the Bylaws, or (d) any action asserting a claim governed by the internal affairs doctrine, in each case subject to said Court of Chancery having personal jurisdiction over the indispensable parties named as defendants therein. Any person or entity purchasing or otherwise acquiring any interest in shares of our capital stock shall be deemed to have notice of and to have consented to the provisions of our amended and restated certificate of incorporation described above

We believe these provisions benefit us by providing increased consistency in the application of Delaware law by chancellors particularly experienced in resolving corporate disputes, efficient administration of cases on a more expedited schedule relative to other forums and protection against the burdens of multi-forum litigation. However, the provision may have the effect of discouraging lawsuits against our directors, officers, employees and agents as it may limit any stockholder’s ability to bring a claim in a judicial forum that such stockholder finds favorable for disputes with us or our directors, officers, employees or agents. The enforceability of similar choice of forum provisions in other companies’ certificates of incorporation has been challenged in legal proceedings, and it is possible that, in connection with any applicable action brought against us, a court could find the choice of forum provisions contained in our restated certificate of incorporation to be inapplicable or unenforceable in such action. If a court were to find the choice of forum provision contained in our restated certificate of incorporation to be inapplicable or unenforceable in an action, we may incur additional costs associated with resolving such action in other jurisdictions, which could adversely affect our business, financial condition or results of operations.

These broad market and industry fluctuations may materially adversely affect the market price of our common stock, regardless of our actual operating performance. In addition, price volatility may be greater if the public float and trading volume of our common stock are low.

In the past, following periods of market volatility, stockholders have instituted securities class action litigation. If we were involved in securities litigation, it could have a substantial cost and divert resources and the attention of executive management from our business regardless of the outcome of such litigation.

We currently do not intend to declare dividends on our common stock in the foreseeable future and, as a result, your returns on your investment may depend solely on the appreciation of our common stock.

We currently do not expect to declare any dividends on our common stock in the foreseeable future. Instead, we anticipate that all of our earnings in the foreseeable future will be used to provide working capital, to support our operations, and to finance the growth and development of our business. Any determination to declare or pay dividends in the future will be at the discretion of our board of directors, subject to applicable laws, and dependent upon a number of factors, including our earnings, capital requirements, and overall financial conditions. In addition, our ability to pay dividends on our common stock may be restricted by the terms of any future debt or preferred securities issuances. Accordingly, your only opportunity to achieve a return on your investment in our Company may be if the market price of our common stock appreciates and you sell your shares at a profit. The market price for our common stock may never exceed, and may fall below, the price that you pay for such common stock.

Item 1B. Unresolved Staff Comments

None

Item 1C. Cybersecurity

HCTI employs a multilayer approach to addressing cybersecurity risk based on the National Institute of Standards and Technology (NIST) framework. It has established a dedicated cybersecurity team that utilizes internal and external assessments, automated monitoring tools, and input from public and private partners to identify potential cyber threats. External third party security firms are engaged to assist with cybersecurity risk assessments, penetration testing and system security analysis. HCTI’s cybersecurity team works in conjunction with the risk management, legal, finance, accounting, operations, and information technology areas to assess the risk these identified cybersecurity threats present to the organization. To ensure consistency, these cybersecurity risk assessments are incorporated into HCTI’s Enterprise Risk Management process, HCTI’s information technology leadership reviews the company’s enterprise risk management-level cybersecurity risks on a quarterly basis, and key cybersecurity risks are incorporated into HCTI’s enterprise risk management framework. Cybersecurity risks are managed and controlled through multiple overlapping layers of cybersecurity defenses that include:

The HCTI board of directors provides enterprise-level oversight of risks associated with cybersecurity threats through the Audit Committee, which assists the Board in fulfilling its oversight responsibilities regarding the Company’s policies and processes with respect to risk assessment and risk management, including any significant non-financial risk exposures; reviewing and discussing the Company’s information security policies and internal controls regarding information security; and reviewing the Company’s annual disclosures concerning the role of the Board in the risk oversight of the Company. The Audit Committee performs an annual review of the Company’s cybersecurity program and receives quarterly updates on key cybersecurity risks, the cybersecurity risk management plan, and cyber incident event trends.

HCTI’s technical officers have primary responsibility for the development and oversight of HCTI’s cybersecurity team and the development and maintenance of the company’s related cybersecurity policies and procedures. The team has several years’ worth of experience working in the information and operational technology field and are registered professional engineers. The company’s cybersecurity team continuously assesses the evolving cyber threat landscape based on their expertise and that of our third-party partners. They then work with all parts of HCTI to protect against, detect, identify, respond to, and recover from the risks that cybersecurity threats present. The cybersecurity team views and responds to cybersecurity risks in a holistic manner, applying a comprehensive multilayered strategy to prevent, detect, and mitigate them. They have identified HCTI’s critical cyber assets and taken appropriate steps to protect them. External expertise is regularly engaged to assess HCTI’s cybersecurity program and help the cybersecurity team to strengthen the organization’s monitoring, alerting, prevention, mitigation, and recovery capabilities. Tabletop simulations, third party cyber vulnerability assessments, maturity assessments, and partnerships are used to assess and refine all elements of our cybersecurity program.

In addition to managing our own cybersecurity preparedness, we also consider and evaluate cybersecurity risks associated with the use of third-party service providers. Risk assessments are performed against third-party service providers with a specific focus on any sensitive data that is to be shared with them. The internal business owners of HCTI’s applications are required to document user access reviews regularly. We request a System and Organizational Controls (SOC) 2 report from the vendors of our enterprise cloud applications. If they do not provide us with a SOC 2, we seek additional compensating risk assurance in our contract language with them. Risks associated with the use of third-party service providers are managed as part of our overall cybersecurity risk management framework.

To continually manage and control the material risks that cybersecurity threats present to the organization, HCTI invests significantly in the cybersecurity elements outlined above. In addition, the Company has made significant investments to fulfill the operational and financial regulatory requirements laid out by the North American Electric Reliability Corporation Critical Infrastructure Protection Standards and Sarbanes-Oxley Act of 2002.

HCTI faces a number of cybersecurity risks in connection with its business. Although such risks have not materially affected us, including our business strategy, results of operations, and financial conditions, to date, we have, from time to time, experienced threats to and breaches of our data systems, including malware, phishing and computer virus attacks. See “Item 1A. Risk Factors” for additional information regarding our organization’s cybersecurity risks, which should be read together with this “Item 1C. Cybersecurity”.

Item 2. Properties

We lease and maintain our primary offices at 7901 Stoneridge Drive, Suite # 220 Pleasanton CA, USA 94588.We also have our satellite lease offices at 666 Plainsboro Road, Suite 448, Plainsboro, NJ 08536, USA. We currently do not own any real estate.

Item 3. Legal Proceedings

From time to time, we may be subject to legal proceedings and claims in the ordinary course of business. We may in the future receive claims from third parties asserting, among other things, infringement of their intellectual property rights. Future litigation may be necessary to defend ourselves, our partners and our customers by determining the scope, enforceability and validity of third-party proprietary rights, or to establish our proprietary rights. The results of any future litigation cannot be predicted with certainty, and regardless of the outcome, litigation can have an adverse impact on us. To date, we have not been made aware of any actual, pending or threatened litigation against the Company.

Item 4. Mine Safety Disclosures

Not applicable.

PART II

Item 5. Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities.

Market Information

Our common stock is trading on the Nasdaq Capital Market under the symbol “HCTI.”

Holders

As of March 18, 2024, there were 49 stockholders of record of our common stock. Because many of our shares of common stock are held by brokers and other institutions on behalf of stockholders, this number is not representative of the total number of beneficial owners of our stock.

Dividends

We have never declared or paid any cash dividend on our common stock. We intend to retain any future earnings to finance the operation and expansion of our business and fund our share repurchase program, and we do not expect to pay cash dividends in the foreseeable future.

Recent Sales of Unregistered Securities

None

Securities Authorized for Issuance under Equity Compensation Plans

The following table provides information as of December 31, 2023, regarding our common stock that may be issued under the Plan.

We have not issued any options outside of the Plan.

Transfer Agent

The transfer agent for the common stock is VStock Transfer LLC, 18 Lafayette Place, Woodmere, New York, telephone (212) 828-8436.

Item 6. [Reserved]

The Company is a smaller reporting company as defined by Rule 12b-2 of the Exchange Act and is not required to provide the information required under this item.

Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations.

The following discussion summarizes the significant factors affecting the operating results, financial condition, liquidity, and cash flows of our Company as of and for the periods presented below. The following discussion and analysis should be read in conjunction with the condensed consolidated financial statements and the related notes thereto, and the consolidated financial statements and the related notes thereto all included elsewhere in this report. The statements in this discussion regarding industry outlook, our expectations regarding our future performance, liquidity, and capital resources, and all other non-historical statements in this discussion are forward-looking statements and are based on the beliefs of our management, as well as assumptions made by, and information currently available to, our management. Actual results could differ materially from those discussed in or implied by forward-looking statements as a result of various factors, including those discussed below and elsewhere in this report, and in the sections entitled “Special Note Regarding Forward-Looking Statements” and “Risk Factors”.

Overview

Healthcare Triangle, Inc. is a leading healthcare information technology company focused on advancing innovative, industry-transforming solutions in the areas of cloud services, data science, professional and managed services for the Healthcare and Life Sciences industry.

The Company was formed on October 29, 2019, as a Nevada corporation and then converted into a Delaware corporation on April 24, 2020, to provide IT and data services to the Healthcare and Life Sciences (“HCLS”) industry. The business commenced on January 1, 2020, after the Parent transferred its s Life Sciences business to us. As of December 31, 2023, we had a total of 33 full time employees, 164 sub-contractors, including 95 certified cloud engineers, 66 Epic Certified EHR experts and 21 MEDITECH Certified EHR experts. Many of the senior management team and the members of our board of directors hold advanced degrees and some are leading experts in software development, regulatory science, and market access. During the twelve months ended December 31, 2023, we generated revenues of approximately $33.2 million compared to revenue of $45.9 million for the twelve months ended December 31, 2022, which represents a decrease of $12.7 million or 28% compared to the previous year.

Our approach leverages our proprietary technology platforms, extensive industry knowledge, and healthcare domain expertise to provide solutions and services that reinforce healthcare progress. Through our platform, solutions, and services, we support healthcare delivery organizations, healthcare insurance companies, pharmaceutical, and Life Sciences, biotech companies, and medical device manufacturers in their efforts to improve data management, develop analytical insights into their operations, and deliver measurable clinical, financial, and operational improvements.

We offer a comprehensive suite of software, solutions, platforms, and services that enables some of the world’s leading healthcare and pharma organizations to deliver personalized healthcare, precision medicine, advances in drug discovery, development and efficacy, collaborative research and development, respond to real-world evidence, and accelerate their digital transformation. We combine our expertise in the healthcare technology domain, cloud technologies, DevOps and automation, data engineering, advanced analytics, AI/ML, IoT, security, compliance, and governance to deliver platforms and solutions that drive improved results in the complex workflows of Life Sciences, biotech, healthcare providers, and payers. Our differentiated solutions, enabled by our intellectual property and delivered as a service, provide advanced analytics, data science applications, and data aggregation in these highly regulated environments in a more compliant, secure, and cost-effective manner to our customers.

Our deep expertise in healthcare allows us to reinforce our clients’ progress by accelerating their innovation. Our healthcare IT services include Electronic Health Records (EHR) and software implementation, optimization, extension to community partners, as well as application managed services, and backup and disaster recovery capabilities on public cloud. Our 24x7 managed services are used by hospitals and health systems, payers, Life Sciences, and biotech organizations in their effort to improve health outcomes and deliver deeper, more meaningful patient and consumer experiences. Through our services, our customers achieve a return on investment in their technology by delivering measurable improvements. Combined with our software and solutions, our services provide clients with an end-to-end partnership for their technology innovation.

Our Business Model

The majority of our revenue is generated by our full-time employees/consultants who provide software services and Managed Services and Support to our clients in the Healthcare and Life Sciences industry. Our software services include strategic advisory, implementation and development services and Managed Services and Support include post implementation support and cloud hosting. Our CloudEz and DataEz platforms became commercially available to deploy under solution delivery model in 2019 and Readabl.AI platform from last quarter of 2020. While these platforms are commercially available, we continue to upgrade them on a regular basis.

We are in the early stages of marketing CloudEz, DataEz and Readabl.AI as our SaaS offerings on a subscription basis, which we expect will provide us with recurring revenues. We do not yet have enough information about our competition or customer acceptance of our SaaS offerings to determine whether or not recurring subscription revenue will have a material impact on our revenue growth.

Key Factors of Success

We believe that our future growth, success, and performance are dependent on many factors, including those mentioned below. While these factors present significant opportunities for us, they also represent the challenges that we must successfully address in order to grow our business and improve our results of operations.

Investment in scaling the business

We need to continuously invest in research and development to build new solutions, sales, and marketing to promote our solutions to new and existing customers in various geographies, and other operational and administrative functions in systems, controls and governance to support our expected growth and our transition to a public company. We anticipate that our employee strength will increase because of these investments.

Adoption of our solutions by new and existing customers

We believe that our ability to increase our customer base will enable us to drive growth. Most of our customers initially deploy our solutions within a division or geography and may only initially deploy a limited set of our available solutions. Our future growth is dependent upon our existing customers’ continued success and renewals of our solutions agreements, deployment of our solutions to additional divisions or geographies and the purchase of subscriptions to additional solutions. Our growth is also dependent on the adoption of our solutions by new customers. Our customers are large organizations who typically have long procurement cycles which may lead to declines in the pace of our new customer additions.

Subscription services adoption

The key factor to our success in generating substantial recurring subscription revenues in future will be our ability to successfully market and persuade new customers to adopt our SaaS offerings. We are in the early stages of marketing our SaaS offerings such as DataEz, CloudEz and Readabl.AI, and do not yet have enough information about our competition or customer acceptance to determine whether or not recurring subscription revenue from these offerings will have a material impact on our revenue growth.

Mix of solutions and software services revenues.

Another factor to our success is the ability to sell our solutions to the existing software services customers. During the initial period of deployment by a customer, we generally provide a greater number of services including advisory, implementation and training. At the same time, many of our customers have historically purchased our solutions after the deployment. Hence, the proportion of total revenues for a customer associated with software services is relatively high during the initial deployment period. While our software services help our customers achieve measurable improvements and make them stickier, they have lower gross margins than solution-based revenue. Over time, we expect the revenues to shift towards recurring and subscription-based revenues.

Components of Results of Operations

Revenues

We provide our services and manage our business under these operating segments:

Software Services

The Company earns revenue primarily through the sale of software services that is generated from providing strategic advisory, implementation, and development services. The Company enters into Statement of Work (SOW) which provides for service obligations that need to be fulfilled as agreed with the customer. The majority of our software services arrangements are billed on a time and materials basis and revenues are recognized over time based on time incurred and contractually agreed upon rates. Certain software services revenues are billed on a fixed fee basis and revenues are typically recognized over time as the services are delivered based on time incurred and customer acceptance. We recognize revenue when we have the right to invoice the customer using the allowable practical expedient under ASC 606-10-55-18 since the right to invoice the customer corresponds with the performance obligations completed.

Managed Services and Support

Managed Services and Support include post implementation support and cloud hosting. Managed Services and Support are a distinct performance obligation. Revenue for Managed Services and Support is recognized rateably over the life of the contract.

Platform Services

Platform Services from CloudEz, DataEz and Readabl.AI are offered as a solution delivery model till 2021. We have launched our platforms as Software as a Service (SaaS) on a subscription model.

The revenue from solutions delivery model contains a series of separately identifiable and distinct services that represent performance obligations that are satisfied over time. During the periods presented the company generated Platform revenue on solution delivery model only, which is non-recurring revenue.

Our SaaS agreements will be generally non-cancellable during the term, although customers typically will have the right to terminate their agreements for cause in the event of material breach.

SaaS revenues will be recognized rateably over the respective non-cancellable subscription term because of the continuous transfer of control to the customer. Our subscription arrangements will be considered service contracts, and the customer will not have the right to take possession of the software Segment wise revenue breakup.

Cost of revenue

Cost of revenue consists primarily of employee-related costs associated with the rendering of our services, including salaries, benefits and stock-based compensation expense, the cost of subcontractors, travel costs, cloud hosting charges and allocated overhead the cost of providing professional services is significantly higher as a percentage of the related revenues than for our subscription services due to the direct labor costs and costs of subcontractors. Our business and operational models are designed to be highly scalable and leverage variable costs to support revenue-generating activities.

While we may grow our headcount overtime to capitalize on our market opportunities, we believe our increased investment in automation, electronic health record integration capabilities, and economies of scale in our operating model, will position us to grow our platform solutions revenue at a greater rate than our cost of revenue.

Operating Expenses

Research and development

Research and development expense (majorly our investment in innovation) consists primarily of employee-related expenses, including salaries, benefits, incentives, employment taxes, severance, and equity compensation costs for our software developers, engineers, analysts, project managers, and other employees engaged in the development and enhancement of our cloud-based platform applications. Research and development expenses also include certain third-party consulting fees. Our research and development expense excludes any depreciation and amortization.

We expect to continue our focus on developing new product offerings and enhancing our existing product offerings. As a result, we expect our research and development expense to increase in absolute dollars, although it may vary from period to period as a percentage of revenue.

Sales and marketing

Sales and marketing expense consists primarily of employee-related expenses, including salaries, benefits, commissions, travel, discretionary incentive compensation, employment taxes, severance, and equity compensation costs for our employees engaged in sales, sales support, business development, and marketing. Sales and marketing expense also includes operating expenses for marketing programs, research, trade shows, and brand messages, and public relations costs.

We expect our sales and marketing expenses to continue to increase in absolute dollar terms as we strategically invest to expand our business, although it may vary from period to period as a percentage of total revenues.

General and administrative

Our general and administrative expenses consist primarily of employee-related expenses including salaries, benefits, discretionary incentive compensation, employment taxes, severance, and stock-based compensation expenses, for employees who are responsible for management information systems, administration, human resources, finance, legal, and executive management. The general and administrative expenses also include occupancy expenses (including rent, utilities, and facilities maintenance), professional fees, consulting fees, insurance, travel, contingent consideration, transaction costs, integration costs, and other expenses. Our general and administrative expenses exclude depreciation and amortization.

In the nearest future, we expect our general and administrative expenses to continue to increase to support business growth. Over the long term, we expect general and administrative expenses to decrease as a percentage of revenue.

Depreciation and amortization expenses

Our depreciation and amortization expense consists primarily of depreciation of fixed assets, amortization of Customer relationship and capitalized software development costs, and amortization of intangible assets. We expect our depreciation and amortization expense to increase as we expand our business organically and through acquisitions.

Other income (expense), Net

Other income (expense), net consists of finance cost and gains or losses on foreign currency.

Deferred revenues

Advanced billings to clients in excess of revenue earned are recorded as deferred revenue until the revenue recognition criteria are met.

Unbilled accounts receivable

Unbilled accounts receivable is a contract asset related to the delivery of our professional services for which the related billings will occur in a future period. Unbilled receivables are classified as accounts receivable on the consolidated balance sheet.

Although we believe that our approach to estimates and judgments regarding revenue recognition is reasonable, actual results could differ and we may be exposed to increases or decreases in revenue that could be material.

Provision for income taxes

Provision for income taxes consists of federal and state income taxes in the United States, including deferred income taxes reflecting the net tax effects of temporary differences between the carrying amounts of assets and liabilities for financial reporting purposes.

Pay check protection program

On February 9, 2021, we received a PPP loan pursuant to the Coronavirus Aid, Relief, and Economic Security Act (the “CARES Act”) amounting to $1.06 million. The PPP, established as part of the Coronavirus Aid, Relief and Economic Security Act (“CARES Act”), provides for loans to qualifying businesses for amounts up to 2.5 times of the average monthly payroll expenses of the qualifying business. The loans and accrued interest are forgivable after eight weeks as long as the borrower uses the loan proceeds for eligible purposes, including payroll, benefits, rent and utilities, and maintains its payroll levels. The amount of loan forgiveness will be reduced if the borrower terminates employees or reduces salaries during the eight-week period. The unforgiven portion of the PPP loan is payable over five years at an interest rate of 1%, with a deferral of payments for the first six months. The Company has utilized the proceeds for purposes in line with the terms of the PPP.

Results of Operations

The following tables set forth selected consolidated statements of operations data and such data as a percentage of total revenues for each of the periods indicated:

Twelve Months Ended December 31, 2023, and 2022

Revenue from operations

Revenue decreased by $12.7 million, or 28% to $33.2 million for the twelve months ended December 31, 2023, as compared to $45.9 million for the twelve months ended December 31, 2022. Revenue from Software Services, Managed Services and Support and Platform Services revenue have decreased in the current year.

Our top 5 customers accounted for 77% of revenue during the twelve months ended December 31, 2023 and 72% during the twelve months ended December 31, 2022, respectively.

The following table has the breakdown of our revenues for the twelve months ended December 31, 2023 and 2022 for each of our top 5 customers.

Top Five Customers’ Revenue for Twelve months ended December 31, 2023

Top Five Customers’ Revenue for Twelve months ended December 31, 2022

The following table provides details of Customer 1 revenue by operating segments:

Revenue from Customer 1 decreased by $0.5 million, or 3% to $17.3 million for the twelve months ended December 31, 2023, as compared to $17.8 million for the twelve months ended December 31, 2022. Software Services revenue increased by $1 million or 8% to $15.6 million for the twelve months ended December 31, 2023, as compared to $14.5 million for the twelve months ended December 31, 2022. Managed Services and Support revenue decreased by $1.5 million, or 47% to $1.7 million for the twelve months ended December 31, 2023, as compared to $3.3 million for the twelve months ended December 31, 2022.

Cost of revenue (exclusive of depreciation /amortization)

Cost of revenue, excluding depreciation and amortization decreased by $8.2 million, or 24%, to $26.4 million for the twelve months ended December 31, 2023, as compared to $34.6 million for the twelve months ended December 31, 2022.

Research and development

Research and development expenses decreased by $5.2 million, or 87% to $0.8 million for the twelve months ended December 31, 2023, as compared to $5.9. million for the twelve months ended December 31, 2022.

Sales and marketing

Sales and marketing expenses decreased by $2.1 million, or 31% to $4.7 million for the twelve months ended December 31, 2023, as compared to $6.8 million for the twelve months ended December 31, 2022.

General and administrative

General and administrative expenses decreased by $0.2 million, or 3 % to $5.4 million for the twelve months ended December 31, 2023, as compared to $5.6 million for the twelve months ended December 31, 2022.

Depreciation and amortization

Depreciation and amortization expenses increased by $3.9 million, or 114% to $7.2 million for the twelve months ended December 31, 2023, as compared to $3.4 million for the twelve months ended December 31, 2022.

Interest expense

Interest expenses increased by $0.8 million, or 357% to $1.0 million for the twelve months ended December 31, 2023, as compared to $0.2 million for the twelve months ended December 31, 2022, this is primarily due to short term funding.

Provision for income taxes

Income tax decreased by $0.03 million, or 44% to $0.04 million for the twelve months ended December 31, 2023, as compared to $0.06 million for the twelve months ended December 31, 2022, this represents state taxes.

Revenue, Cost of Revenue and Operating Profit by Operating Segment

We currently provide our services and manage our business under three operating segments which are Software Services, Managed Services and Support and Platform Services.

Revenue from Software Services decreased by $4.8 million, or 18% to $21.1 million for the twelve months ended December 31, 2023, as compared to $25.9 million for the twelve months ended December 31, 2022. Revenue from Managed Services and Support decreased by $4.7 million, or 31% to $10.5 million for the twelve months ended December 31, 2023, as compared to $15.2 million for the twelve months ended December 31, 2022. Revenue from Platform Services decreased by $3.2 million, or 66% to $1.6 million for the twelve months ended December 31, 2023, as compared to $4.8 million for the twelve months ended December 31, 2022.

Factors affecting revenues of Software Services, Managed Services and Support and Platform Services

Our strategy is to achieve meaningful long-term revenue growth through sales of Managed Services and Support and Platform Services to existing and new clients within our target market. In order to increase our cross-selling opportunity between our operating segments and realize long time revenue growth, our focus has shifted more towards Managed Services and Support and Platform Services which is of recurring nature when compared to Software Services segment which is of non-recurring nature. This also helps in retaining existing customers by leveraging our Managed Services and Support and Platform Services as a growth agent. This renewed focus on driving demand for subscription and platform-based model will help us in expanding our customer base and enhance customer retention which is a challenge for our existing Software Services segment. Software Services contracts are driven by Time and Material and on site employees delivering services at customers location.

Our CloudEz, DataEz and Readabl.ai platforms are getting more traction, and this will lead to increase in revenue from platform services. We have made additional investments in Sales & Marketing and Research & Development to grow Managed Services & Support and Platform Services revenue. We expect this trend to continue and have a net positive impact on overall results of operations.

Cost of Revenue

Cost of Revenue from Software Services decreased by $3.3 million, or 16% to $17.3 million for the twelve months ended December 31, 2023, as compared to $20.5 million for the twelve months ended December 31, 2022. Cost of Revenue from Managed Services and Support decreased by $3.0 million, or 28% to $7.7 million for the twelve months ended December 31, 2023, as compared to $10.7 million for the twelve months ended December 31, 2022. Cost of Revenue from Platform Services decreased by $1.9 million, or 56% to $1.5 million for the twelve months ended December 31, 2023, as compared to $3.4 million for the twelve months ended December 31, 2022.

Segment operating profits by reportable segment were as follows:

Operating loss from Software Services increased by $1.1 million, or 82% to $2.5 million for the twelve months ended December 31, 2023, as compared to $1.4 million for the twelve months ended December 31, 2022. Operating profit from Managed Services and Support decreased by $1.7 million, or 39% to $2.8 million for the twelve months ended December 31, 2023, as compared to $4.5 million for the twelve months ended December 31, 2022. Operating loss from Platform Services decreased by $3.8 million, or 86 % to $0.7 million for the twelve months ended December 31, 2023, as compared to $4.5 million for the twelve months ended December 31, 2022

Liquidity and Capital Resources

As of December 31, 2023, our principal sources of liquidity for working capital purposes were cash, cash equivalents and short-term investments totaling $1.2 million.

We have financed our operations primarily through financing activity and operating cash flows. We believe our existing cash, cash equivalents and short-term investments generated from operations will be sufficient to meet our working capital over the next 12 months. Our future capital requirements will depend on many factors including our growth rate, subscription renewal activity, the expansion of sales and marketing activities and the ongoing investments in platform development.

Liquidity

The current ratio measures a company’s ability to pay off its current liabilities (payable within one year) with its total current assets such as cash, accounts receivable, and inventories. The higher the ratio, the better the company’s liquidity position. A good current ratio is between 1.2 to 2, which means that a business has 2 times more current assets than liabilities to covers its debts. The Company’s current ratio, as of December 31, 2023 is 0.7 compared to 1.3 as of December 31, 2022.

The Company’s current debt equity ratio, as on December 31, 2023 is 9.8, compared to 0.2 as on December 31, 2022. A debt-to-equity ratio below 1 means that a company has lower exposure to debts than equity.

The Company does not have inventory and hence the quick ratio is the same as current ratio.

Sources of Liquidity

As of December 31, 2023, our principal sources of liquidity consisted of cash and cash equivalents of $1.2 million. We believe that our cash and cash equivalents as of December 31, 2023, and the future operating cash flows of the entity will provide adequate resources to fund ongoing cash requirements for the next twelve months. If sources of liquidity are not available or if we cannot generate sufficient cash flow from operations during the next twelve months, we may be required to obtain additional sources of funds through additional operational improvements, capital market transactions, asset sales or financing from third parties, a combination thereof or otherwise. We cannot provide assurance that these additional sources of funds will be available or, if available, would have reasonable terms.

Operating Activities

Net cash used in operating activities was $1.6 million for the twelve months ended December 31, 2023, and net cash used in operations was $2.6 million for the twelve months ended December 31, 2022.

Investing Activities

Net cash used in investing activities was $0.01 million for the twelve months ended December 31, 2023, and $3.3 million for the twelve months ended December 31, 2022.

Financing Activities

Cash flows from financing activities was $1.5 million for the twelve months ended December 31, 2023, and $5.5 million for the twelve months ended December 31, 2022. During the year 2023, the company raised an aggregate gross amount of $5.2 million through Senior Secured 15% Original Issue Discount Convertible Promissory Note. The first tranche of $2 million was received during the period ended December 31, 2023.

Off-Balance Sheet Arrangements

We do not have any relationships with unconsolidated organizations or financial partnerships, such as structured finance or special purpose entities that would have been established for the purpose of facilitating off-balance sheet arrangements or other contractually narrow or limited purposes as defined by Item 303(a)(4) of SEC Regulation S-K, as of December 31, 2023.

Item 8. Financial Statements and Supplementary Data

HEALTHCARE TRIANGLE, INC.

Consolidated Financial Statements

December 31, 2023 and 2022

Report of Independent Registered Public Accounting Firm

To the shareholders and the board of directors of Healthcare Triangle, Inc.

Opinion on the Financial Statements

We have audited the accompanying consolidated balance sheets of Healthcare Triangle, Inc. as of December 31, 2023 and 2022, the related statements of operations, stockholders’ equity (deficit), and cash flows for the years then ended, and the related notes (collectively referred to as the “financial statements”). In our opinion, the financial statements present fairly, in all material respects, the financial position of the Company as of December 31, 2023 and 2022, and the results of its operations and its cash flows for the years then ended, in conformity with accounting principles generally accepted in the United States.

Substantial Doubt about the Company’s Ability to Continue as a Going Concern

The accompanying financial statements have been prepared assuming that the Company will continue as a going concern. As discussed in Note 2 to the financial statements, the Company’s operating losses raise substantial doubt about its ability to continue as a going concern. The financial statements do not include any adjustments that might result from the outcome of this uncertainty.

Basis for Opinion

These financial statements are the responsibility of the Company’s management. Our responsibility is to express an opinion on the Company’s financial statements based on our audit. We are a public accounting firm registered with the Public Company Accounting Oversight Board (United States) (“PCAOB”) and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.

We conducted our audit in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether due to error or fraud. The Company is not required to have, nor were we engaged to perform, an audit of its internal control over financial reporting. As part of our audits we are required to obtain an understanding of internal control over financial reporting but not for the purpose of expressing an opinion on the effectiveness of the Company’s internal control over financial reporting. Accordingly, we express no such opinion.

Our audit included performing procedures to assess the risks of material misstatement of the financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the financial statements. Our audit also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that our audit provides a reasonable basis for our opinion.

/s/ BF Borgers CPA PC

BF Borgers CPA PC (PCAOB ID 5041)

We have served as the Company’s auditor since 2023

Lakewood, CO

March 14, 2024

HEALTHCARE TRIANGLE INC

Consolidated Balance Sheets

The accompanying notes are an integral part of these consolidated financial statements.

HEALTHCARE TRIANGLE INC

Consolidated Statements of Operations

The accompanying notes are an integral part of these consolidated financial statements.

HEALTHCARE TRIANGLE INC

Consolidated Statements of Changes in Stockholders’ Equity

The accompanying notes are an integral part of these consolidated financial statements.

HEALTHCARE TRIANGLE INC

Consolidated Statements of Cash Flows

The accompanying notes are an integral part of these consolidated financial statements.

HEALTHCARE TRIANGLE, INC.

NOTES TO CONDENSED CONSOLIDATED FINANCIAL STATEMENTS

(in thousands except share and per share data)