U.S. federal, state and local laws and foreign legislation govern the confidentiality of personal information, how that information may be used, and the circumstances under which such information may be released. These regulations govern both the disclosure and use of confidential personal and patient medical record information and require the users of such information to implement specified security and privacy measures. U.S. regulations currently in place governing electronic health data transmissions continue to evolve and are often unclear and difficult to apply. Laws in non-U.S. jurisdictions are also evolving and may have similar or even stricter requirements related to the treatment of personal or patient information. Data protection regulations impact how businesses, including both us and our clients, can collect and process the personal data of individuals. The costs of compliance with, and other burdens imposed by, such laws, regulations and policies, or modifications thereto, that are applicable to us may limit the use and adoption of our technology solutions and could have a material adverse impact on our business, results of operations and financial condition. Furthermore, we incur development, resource, and capital costs in delivering, updating, and supporting solutions to enable our clients to comply with these varying and evolving standards. If we fail to comply with any applicable laws or regulations or fail to deliver compliant products and solutions, we could be subject to civil penalties, sanctions and contract liability. Enforcement investigations, even if meritless, could have a negative impact on our reputation, cause us to lose existing clients or limit our ability to attract new clients. Furthermore, our failure to maintain confidentiality of sensitive personal information in accordance with the applicable regulatory requirements could damage our reputation and expose us to claims, fines and penalties. Our commercial and government clients continue to be subject to requirements to adopt interoperable health information technology which requires that our products and solutions to be interoperable with other third-party health information technology providers. Market forces and governmental or regulatory authorities create software interoperability standards that may apply to our products and solutions. For applicable products, these interoperability standards are the basis of certification requirements that our products must meet, and, in turn, many of our clients must meet prerequisite or participation requirements for many federal health insurance programs, including Medicare and Medicaid Fee for Service programs, for alternative payment models under the Innovation Center of CMS and for other federal or state health insurance or reimbursement programs. These expectations for interoperability are supported by the information blocking prohibitions of the Cures Act. If our products are not consistent with those requirements, we could be forced to incur substantial additional development costs to conform. The Office of the National Coordinator for Health Information Technology (“ONC”) is also charged under the Cures Act with developing a Trusted Exchange Framework that establishes governance requirements for trusted health information exchange in the United States. ONC has developed the U.S. Common Data Set for Interoperability which may lay the groundwork for iterative expansion of future data exchange requirements for trusted exchange. ONC continues to modify and refine these standards. We may incur increased software development and administrative expenses and delays in delivering such products if we need to update our products to conform to these varying and evolving requirements. In addition, delays in interpreting these standards may result in postponement or cancellation of our clients' decisions to purchase our products. If our products are not compliant with these evolving standards, our market position and sales could be impaired, and we may have to invest significantly in changes to our products. Various U.S. federal, state and non-government agencies continue to generate requirements for the use of certified health information technology, or certified electronic health record technology (“CEHRT”). In many cases, these requirements have become conditions for receiving payment for health care services to beneficiaries of federal health insurance programs. The Cures Act has tied CEHRT to its policy goals of reducing barriers to the exchange of health information data blocking, encouraging nationwide interoperability, consumer access to health information and improving health information availability between consumers and their care teams. The regulations establishing the certification standards for CEHRT will continue to be updated to support these government policy goals with greater emphasis on interoperability, consumer engagement, patient safety and health information privacy and security. The ONC has finalized additional regulations under the Cures Act to enforce the Act's policy directives relating to data blocking and interoperability. Along with recent CMS actions taken for Medicare and Medicaid, these regulations will also mandate adoption of updated and expanded certified capabilities of CEHRT that some of our clients must adopt to remain able to participate in the federal programs. In addition, the ONC has increased its surveillance activities concerning vendor compliance with respect to CEHRT requirements, which could expose us to greater liability and increased cost of compliance. - 54 -
RkJQdWJsaXNoZXIy NTIzOTM0