Alignment Healthcare (ALHC) Risk Factors

Our success depends largely upon the continued services of our senior management team and other key employees. We rely on our leadership team's deep expertise and industry experience in the areas of operations, product development, provision of medical services, information technology and security, marketing, and general and administrative functions. From time to time, there may be changes in our executive management team resulting from the hiring or departure of executives, which could disrupt our business. Our employment agreements with our executive officers and other key personnel do not require them to continue to work for us for any specified period and, therefore, they could terminate their employment with us at any time. Furthermore, volatility in our stock price may affect our ability to attract and retain replacements should key personnel depart. The loss of one or more of the members of our senior management team, or other key employees, could cause disruptions in or harm to our business, and replacing any such employees would entail significant time and cost. In particular, the loss of the services of our founder and Chief Executive Officer, John Kao, could significantly delay or prevent the achievement of our strategic objectives. We currently do not have "key person" insurance on any of our employees. Competition for highly qualified personnel is intense, especially for technology specialists and for physicians, nurses and other medical professionals who are experienced in providing care services to older adults. We have, from time to time, experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications. Many of the other Medicare Advantage plans and healthcare organizations with which we compete for experienced personnel have greater resources than we have. If we hire employees from competitors or other companies or healthcare providers, their former employees may attempt to assert that these employees or we have breached certain legal obligations, resulting in a diversion of our time and resources. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business and future growth prospects could be harmed.

As described above, because of laws prohibiting the corporate practice of medicine, we enter into contractual arrangements to manage certain of our affiliated physician practices. If we were to hold the equity of such physician practices directly, we would be able to exercise our rights as an equity holder directly to effect changes in the boards of directors of those entities, which could effect changes at the management and operational level. In contrast, under our current contractual arrangements with our associated physician groups, we may not be able to directly change the members of the boards of directors of these entities and would have to rely on the entities and the entities' equity holders to perform their obligations in order to exercise our control over the entities. If any of these affiliated entities or their equity holders fail to perform their respective obligations under the contractual arrangements, we may have to incur substantial costs and expend additional resources to enforce such arrangements.

Member care costs include estimates of future medical claims that have been incurred by the members but for which the provider has not yet billed. These claim estimates are made utilizing actuarial methods and are continually evaluated and adjusted by management, based upon our historical claims experience and other factors, including an independent assessment by a nationally recognized actuarial firm. Adjustments, if necessary, are made to medical claims expense and capitated revenues when the assumptions used to determine our claims liability change and when actual claim costs are ultimately determined. Due to the inherent uncertainties associated with the factors used in these estimates and changes in the patterns and rates of medical utilization, materially different amounts could be reported in our financial statements for a particular period under different conditions or using different, but still reasonable, assumptions. It is possible that our estimates of this type of claim may be inadequate in the future. In such event, our results of operations could be adversely impacted. Further, the inability to estimate these claims accurately may also affect our ability to take timely corrective actions, further exacerbating the extent of any adverse effect on our results of operations.

Our success depends on providing innovative, high-quality, customizable products and services that elevate our members' healthcare experience and outcomes. If we cannot adapt to rapidly evolving industry standards, technology and increasingly sophisticated and varied members' needs, our existing product and service offerings could become undesirable, obsolete or harm our reputation. In order to remain competitive, we must continue to invest significant resources in our personnel and technology in a timely and cost-effective manner in order to enhance our existing products and services and introduce new high-quality products and services that existing members and potential members will want. We are continually involved in a number of projects to develop new products and services, including the further refinement of our proprietary AVA platform. If our innovations are not responsive to the needs of our existing members or potential new members, are not appropriately timed with market opportunity, are not effectively brought to market or significantly increase our operating costs, we may lose existing members or be unable to enroll new members and our results of operations may suffer.

Our business depends on internally developed technology and content, including software, databases, confidential information and know-how, such as the AVA platform, the protection of which is crucial to the success of our business. We rely on a combination of trademark, trade secret and copyright laws and confidentiality procedures and contractual provisions to protect our intellectual property rights in our internally developed technology and content. We may, over time, increase our investment in protecting our intellectual property through additional trademark, patent and other intellectual property filings that could be expensive and time-consuming. Effective trademark, trade secret, copyright and other intellectual property protection is expensive to develop and maintain, both in terms of initial and ongoing registration requirements and the costs of defending our rights. These measures, however, may not be sufficient to offer us meaningful protection. Additionally, we do not currently hold a patent or other registered or applied for intellectual property protection for AVA. If we are unable to protect our intellectual property and other proprietary rights, particularly with respect to AVA, our competitive position and our business could be harmed, as third parties may be able to commercialize and use technologies and software products that are substantially the same as ours without incurring the development and licensing costs that we have incurred. Any of our owned or licensed intellectual property rights could be challenged, invalidated, circumvented, infringed, misappropriated or otherwise violated, our trade secrets and other confidential information could be disclosed in an unauthorized manner to third parties, or our intellectual property rights may not be sufficient to permit us to take advantage of current market trends or otherwise to provide us with competitive advantages, which could result in costly redesign efforts, discontinuance of certain offerings or other competitive harm. Monitoring unauthorized use of our intellectual property is difficult and costly. From time to time, we seek to analyze our competitors' services, and may in the future seek to enforce our rights against potential infringement, misappropriation or other violation. However, the steps we have taken to protect our intellectual property rights may not be adequate to prevent infringement, misappropriation or other violation of our intellectual property. We may not be able to detect unauthorized use of, or take appropriate steps to enforce, our intellectual property rights. Any inability to meaningfully protect our intellectual property rights could result in harm to our ability to compete and reduce demand for our technology. Moreover, our failure to develop and properly manage new intellectual property could adversely affect our market positions and business opportunities. Also, some of our services rely on technologies and software developed by or licensed from third parties, and we may not be able to maintain our relationships with such third parties or enter into similar relationships in the future on reasonable terms or at all. Uncertainty may result from changes to intellectual property legislation and from interpretations of intellectual property laws by applicable courts and agencies. Accordingly, despite our efforts, we may be unable to obtain, maintain, protect and enforce the intellectual property rights necessary to provide us with a competitive advantage. Our failure to obtain, maintain, protect and enforce our intellectual property rights could therefore have a material adverse effect on our business, financial condition and results of operations.

We may use open-source software in connection with our services. Companies that incorporate open-source software into their technologies have, from time to time, faced claims challenging the use of open-source software and/or compliance with open-source license terms. As a result, we could be subject to suits by parties claiming ownership of what we believe to be open-source software or claiming noncompliance with open-source licensing terms. Some open-source software licenses require users who distribute software containing open-source software to publicly disclose all or part of the source code to such software and/or make available any derivative works of the open-source code, which could include valuable proprietary code of the user, on unfavorable terms or at no cost. While we monitor the use of open-source software and try to ensure that none is used in a manner that would require us to disclose our internally developed source code, including that of our AVA platform, or that would otherwise breach the terms of an open-source agreement, such use could inadvertently occur, in part because open-source license terms are often ambiguous. In addition to risks related to license requirements, use of certain open-source software can lead to greater risks than use of third-party commercial software, as open-source licensors generally do not provide warranties or controls on the origin of software which, thus, may contain security vulnerabilities, such as the recent Log4j vulnerability, or infringing or broken code. Any requirement to publicly disclose our internally developed source code or pay damages for breach of contract could have a material adverse effect on our business, financial condition and results of operations and could help our competitors develop services that are similar to or better than ours.

In the past, healthcare utilization generally has trended upward over time, regardless of minor fluctuations in the U.S. economy. We believe this trend may change, however, as consumers have been given more decision-making and spending responsibility. In turn, we believe members are making healthcare purchases on a more discretionary basis, especially for elective procedures. This could result in a more cyclical trend in healthcare utilization over the coming years and may cause short-term volatility in our operating results.

We currently derive substantially all of our revenue from CMS contracts related to our Medicare Advantage health plans. To increase our revenue, we must grow by expanding the number of members under our plans in the markets in which we currently operate and in the new markets that we intend to enter. In order to support such growth, we must continue to enroll and retain a sufficient number of new members. We have experienced significant member growth since we commenced operations; however, we may not be able to maintain this growth, and our member base could decrease rapidly or shrink over time. Even if we are successful in achieving and maintaining growth, doing so may be more costly than we anticipate, and if we are not able to manage our costs, our results could be materially adversely affected. We are focused on the Medicare-eligible population and face competition from other plans in the enrollment of Medicare-eligible potential members. If we are unable to obtain CMS contracts in new markets and convince the Medicare-eligible population of the benefits of our plans, or if potential or existing members prefer a plan offered by one of our competitors, we may not be able to effectively implement our growth strategy. Our ability to attract new members will depend on a variety of factors, including the following: - our ability to create new plans and/or ancillary benefits;- our ability to achieve and maintain high Star ratings for each of our plans;- our ability to effectively promote our plans in our existing markets and the new markets we intend to enter;- our allocation of management and financial resources toward efforts to grow our membership in certain markets;- the extent to which eligible beneficiaries shop for MA plans in the markets we enter;- our ability to establish relationships with provider groups and other key market constituencies;- our competitor's products and pricing strategies;- our ability to establish and grow our reputation and brand in new and existing markets;- the extent to which the overall pool of MA-eligible beneficiaries continues to grow and the extent to which the historical trend of increased MA market penetration continues;- if our strategic partners terminate or fail to renew our current contracts or we fail to enter into contracts with new strategic partners; and - regulatory changes affecting the overall pool of MA-eligible beneficiaries and our ability to navigate the applicable regulatory requirements. In addition, our growth strategy is partially dependent on beneficiaries electing to move from fee-for-service to one of our Medicare Advantage plans, or electing to move from their current Medicare Advantage plan and selecting us as their Medicare Advantage plan. In certain instances, original Medicare or other insurers' MA plans may be more attractive to a consumer than our MA plans. For example, though our PPO members are enrolled in plans that enable them to visit any doctor participating in Medicare who will see them, our HMO plans have restrictions on the network of doctors that HMO members can see, and in some markets other providers participating in Medicare may choose to see no MA members or only MA members participating in specific plans. It is also possible that original Medicare or other insurers' MA plans may offer broader physician networks in particular markets or highly competitive benefits, in which case those plans may be more attractive to some consumers than our MA plans. When the time to choose an MA plan comes, newly Medicare-eligible consumers may also choose to continue with their current insurer which was offered by their employer instead of transitioning to one of our plans. For a majority of individuals, plan enrollment selections for Medicare Advantage are made during an annual enrollment period from October into December of each year; therefore, our ability to grow our member population is dependent in substantial part on our ability to successfully enroll members during the annual enrollment period and to convince such individuals not to subsequently change that election. If our ability to market and sell our MA plans is constrained during an enrollment period for any reason, such as technology failures, reduced allocation of resources, any inability to timely employ, license, train, certify and retain employees and contractors and agents to sell plans, interruptions in the operation of our website or systems, or disruptions caused by other external factors, such as natural disasters or civic disorder, we could acquire fewer new members than expected or suffer a reduction in the number of our existing members. Our inability to enroll new members and retain existing members would harm our ability to execute our growth strategy and may have a material adverse effect on our business operations and financial position.

Negative publicity regarding the managed healthcare industry generally, or the Medicare Advantage program in particular, may result in increased regulation and legislative review of industry practices that further increase our costs of doing business and adversely affect our results of operations or business by: - requiring us to change our products and services;- increasing the regulatory, including compliance, burdens under which we operate which, in turn, may negatively impact the manner in which we provide products and services and increase our costs of providing products and services;- adversely affecting our ability to market our products or services through the imposition of further regulatory restrictions regarding the manner in which plans and providers market to Medicare Advantage enrollees; or - adversely affecting our ability to attract and retain members.

The Health Care Reform Law and Other Current or Future Legislative, Judicial or Regulatory Changes The Patient Protection and Affordable Care Act and The Health Care and Education Reconciliation Act of 2010 (which we collectively refer to as the "Health Care Reform Law") enacted significant reforms to various aspects of the U.S. health insurance industry. Certain significant provisions of the Health Care Reform Law include, among others, mandated coverage requirements, mandated benefits and guarantee issuance associated with commercial medical insurance, rebates to policyholders based on minimum benefit ratios, adjustments to Medicare Advantage premiums, the establishment of federally facilitated or state-based exchanges coupled with programs designed to spread risk among insurers, and the introduction of plan designs based on set actuarial values. Some of these changes impact us and other entities that offer Medicate Advantage plans. It is reasonably possible that the Health Care Reform Law and related regulations, as well as other current or future legislative, judicial or regulatory changes, including restrictions on our ability to manage our provider network or otherwise operate our business, or restrictions on profitability, including reviews by regulatory bodies that may compare the profitability of various products within our Medicare Advantage business and require that they remain within certain ranges of each other, increases in member benefits or changes to member eligibility criteria without corresponding increases in premium payments to us, may have a material adverse effect on our results of operations (including restricting revenue, enrollment and premium growth in certain products and market segments, restricting our ability to expand into new markets, increasing our medical and operating costs, further lowering our payment rates and increasing our expenses associated with assessments), our financial position and our cash flows. Additionally, potential legislative changes or judicial determinations, including activities to repeal or replace the Health Care Reform Law or declare all or certain portions of the Health Care Reform Law unconstitutional, creates uncertainty for our business, and we cannot predict when, or in what form, such legislative changes or judicial determinations may occur. Health Insurance Portability and Accountability Act, the Health Information Technology for Economic and Clinical Health Act and Other Laws, Rules and Regulations Related to Data Privacy We are subject to data privacy and protection laws and regulations that apply to the collection, transmission, storage and use of PHI and other PII, which among other things, impose certain requirements relating to the privacy, security and transmission of PII. The legislative and regulatory landscape for privacy and data protection continues to evolve, and there has been an increasing focus on privacy and data protection issues with the potential to affect our business. Failure to comply with any of these laws and regulations could result in enforcement action against us, including fines, public censure, claims for damages by affected individuals, damage to our reputation and loss of goodwill, any of which could have a material adverse effect on our business, financial condition, results of operations or prospects. Ongoing efforts to comply with evolving laws and regulations may be costly and require ongoing modifications to our policies, procedures and systems. The use of individually identifiable health data by our business is regulated at federal and state levels. These laws and rules are changed frequently by legislation or administrative interpretation. Various state laws address the use and maintenance of PII. We operate in two states that have established general privacy laws, California and Nevada, and other states we operate in are considering privacy-related legislation. We may need to change the way we create, receive, maintain or transmit PII to comply with these state laws. HIPAA includes administrative provisions directed at simplifying electronic data interchange through standardizing transactions, establishing uniform healthcare provider, payer, and employer identifiers, and establishing regulations aimed at protecting confidentiality and security of patient and member data. The rules preempt all inconsistent state laws unless the state law is more privacy-protective. These regulations, in addition to other state laws, set standards for the security of electronic health information, including requirements that insurers provide customers with notice regarding how their PHI is used. Compliance with HIPAA regulations requires us to regularly monitor security risk, implement and regularly review administrative, technical and physical safeguards to protect electronic health information, and provide workforce training, among other administrative efforts. HIPAA can also expose us to additional liability for violations by our business associates (e.g., entities that provide services to health plans and providers). HIPAA imposes mandatory penalties for certain violations. In 2022, penalties for violations of HIPAA and its implementing regulations started at $137 per violation and could not exceed approximately $69,000 per violation, subject to a cap of approximately $2.0 million for violations of the same standard in a single calendar year. However, a single breach incident can result in violations of multiple standards. Additionally, the penalty amounts listed above are also due for inflation adjustments in 2024. HIPAA also authorizes state attorneys general to file suit on behalf of their residents for statutory damages of up to $25,000. While HIPAA does not create a private right of action allowing individuals to sue in civil court for violations of HIPAA, its standards have been used as the basis for duty of care in state civil suits such as those for negligence or recklessness in the misuse or breach of PHI. HIPAA further requires that members be notified of any unauthorized acquisition, access, use or disclosure of their unsecured PHI that compromises the privacy or security of such information, with certain exceptions related to unintentional or inadvertent use or disclosure by employees or authorized individuals. HIPAA specifies that such notifications must be made without unreasonable delay and in no case later than 60 calendar days after discovery of the breach. If a breach affects 500 patients or more, it must be reported to HHS without unreasonable delay, and HHS will post the name of the breaching entity on its public website. Breaches affecting more than 500 patients in the same state or jurisdiction must also be reported to the local media. If a breach involves fewer than 500 people, the covered entity must record it in a log and notify HHS at least annually. We also publish statements to our members and partners that describe how we handle and protect PHI. If federal or state regulatory authorities or private litigants consider any portion of these statements to be untrue, we may be subject to claims of deceptive practices, which could lead to significant liabilities and consequences, including, without limitation, costs of responding to investigations, defending against litigation, settling claims, and complying with regulatory or court orders. Any of the foregoing consequences could have a material adverse impact on our business and our financial results. Data privacy and security at the state level remains an evolving landscape. For example, CCPA, which came into effect on January 1, 2020, requires companies that process information on California residents to make new disclosures to consumers about their data collection, use and sharing practices, allow consumers to opt out of certain data sharing with third parties and provides a new cause of action for data breaches. In addition, on November 3, 2020, California voters approved a new privacy law, the CPRA, which significantly modifies the CCPA, including by expanding consumers' rights with respect to certain personal information and creating a new state agency, the California Privacy Protection Agency ("CPPA"), to oversee implementation and enforcement efforts. The CPPA is able to finance operations through penalties issued and with the CPRA's removal of the mandatory cure period from CCPA, we will have less warning before compliance risk results in legal action. Regulations implementing many aspects of the CPRA become effective in March of 2024 and new draft regulations will require more detailed security and processing assessments for information protected by the CPRA. The CPRA's provisions became effective on January 1, 2023. The CCPA and CPRA contain exemptions for medical information governed by the California Confidentiality of Medical Information Act, and for PHI collected by a covered entity or business associate governed by the privacy, security, and breach notification rule established pursuant to HIPAA. The CCPA has prompted a number of proposals for new federal and state-level privacy legislation. Such proposed legislation, if enacted, may add additional complexity, variation in requirements, restrictions and potential legal risk, require additional investment of resources in compliance programs, impact strategies and the availability of previously useful data and could result in increased compliance costs and/or changes in business practices and policies. For example, the Virginia Consumer Data Protection Act, or the CDPA, which became effective January 1, 2023, gives Virginia residents expanded rights to access and creates additional obligations on companies covered by the legislation, and the Nevada Privacy Law, which became effective on October 1, 2019, requires businesses to give website users the option to opt-out of the sale of their data. While the CPRA/CCPA is an example of consumer privacy law, the NAIC's Model Law is a different type of law focused on securing insurance licensees' information systems. Versions of this Model Law have been passed in many states and are expected to be passed in more states in the coming years. Similar to HIPAA, the Model Law requires the implementation of technical, administrative, and procedural information security practices and procedures and includes reporting requirements for data breaches. These Model Laws are typically enforced by state insurance regulators. It is possible that applicable laws may be interpreted and applied in a manner that is inconsistent with our practices and our efforts to comply with the evolving data protection rules may be unsuccessful. We must devote significant resources to understanding and complying with this changing landscape. Failure to comply with laws regarding privacy and security of PHI and other PII could expose us to penalties under such laws. Any such failure to comply with data protection and privacy laws could result in government-imposed fines or orders requiring that we change our practices, claims for damages or other liabilities, regulatory investigations and enforcement action, litigation and significant costs for remediation, any of which could adversely affect our business. Even if we are not determined to have violated these laws, government investigations into these issues typically require the expenditure of significant resources and generate negative publicity, which could have an adverse effect on our business, financial condition and results of operations. As indicated above, there are numerous federal and state laws and regulations addressing patient and consumer privacy concerns, including notification requirements in the event of unauthorized access or theft of personal information. State statutes and regulations vary from state to state. Violations of HIPAA or applicable federal or state laws or regulations could subject us to significant criminal or civil penalties, including significant monetary penalties. We cannot yet fully determine the impact these or future laws, rules, regulations and industry standards may have on our business or operations. Any such laws, rules, regulations and industry standards may be inconsistent among different jurisdictions, subject to differing interpretations or may conflict with our current or future practices. Additionally, our customers may be subject to differing privacy laws, rules and legislation, which may mean that they require us to be bound by varying contractual requirements applicable to certain other jurisdictions. Adherence to such contractual requirements may impact our collection, use, processing, storage, sharing and disclosure of various types of information and may mean we become bound by, or voluntarily comply with, self-regulatory or other industry standards relating to these matters that may further change as laws, rules and regulations evolve. Complying with these requirements and changing our policies and practices may be onerous and costly, and we may not be able to respond quickly or effectively to regulatory, legislative and other developments. These changes may in turn impair our ability to offer our existing or planned features, products and services and/or increase our cost of doing business. As we expand our customer base, these requirements may vary from customer to customer, further increasing the cost of compliance and doing business. Our business and operations may also be subject to federal, state, and local consumer protection laws governing marketing communications, including the Telephone Consumer Protection Act, "TCPA", which places restrictions on the use of automated tools and technologies to communicate with wireless telephone subscribers or communications services consumers generally and the CAN-SPAM Act, which regulates the transmission of marketing emails. Under the TCPA, entities using an automatic telephone dialing system to send communications must obtain prior express consent for non-marketing communications and prior express written consent for marketing communications. The TCPA has a private right of action, allowing individuals who have received unsolicited communications (phone calls, text messages or faxes) made using an "automatic telephone dialing system" to seek statutory damages of $500 per violation, or $1,500 if the violation was made willfully or knowingly. Despite our compliance efforts, we could nevertheless be forced to defend private class actions or government enforcement based on the communications we send to members. In addition, certain of our businesses are also subject to the PCI DSS, which is a multifaceted industry security standard that is designed to protect credit card account data as mandated by payment brands and acquiring banks. We rely on vendors to assist us with PCI matters and to ensure PCI compliance. Despite our compliance efforts, we may become subject to claims that we have violated the PCI DSS or other requirements of the payment card brands, based on past, present, or future business practices, which could have an adverse impact on our business and reputation, subject us to fines and/or have a negative impact on our ability to accept credit card payments. As described above, substantially all of our relevant member data is maintained on our technology platform, AVA, which aggregates and provides us with access to extensive member datasets, including individually identifiable PHI. As a result, any breach of our technology platform could expose us to substantial liability under HIPAA, the HITECH Act and other applicable laws, regulations or rules. See "Risk Factors-Security breaches, loss of data and other disruptions could compromise sensitive information related to our business or our members, or prevent us from accessing critical information and expose us to liability, which could adversely affect our business and our reputation." Corporate Practice of Medicine and Other Laws As a corporate entity, we are not licensed to practice medicine. Many states in which we operate through our subsidiaries limit the practice of medicine to licensed individuals or professional organizations comprised of licensed individuals, and business corporations generally may not exercise control over the medical decisions of physicians. Statutes, regulations and court decisions relating to the practice of medicine, fee-splitting between physicians and referral sources, and similar issues vary widely from state to state. While we endeavor to comply with state corporate practice of medicine laws and regulations as we interpret them, the laws and regulations in these areas are complex, changing, and often subject to varying interpretations. The interpretation and enforcement of these laws vary significantly from state to state. Under management agreements between certain of our subsidiaries and affiliated physician-owned professional groups, these groups retain sole responsibility for all medical decisions, as well as for hiring and managing physicians and other licensed healthcare providers, developing operating policies and procedures, implementing professional standards and controls, and maintaining malpractice insurance. Regulatory authorities and other parties may assert that, despite the management and administrative services agreements and other arrangements through which we operate, we are engaged in the prohibited corporate practice of medicine or that our arrangements constitute unlawful fee-splitting. Penalties for violations of the corporate practice of medicine or fee-splitting laws vary by state and may result in physicians being subject to disciplinary action, as well as to forfeiture of revenue from payors for services rendered. For business entities such as us, violations may also bring both civil and, in more extreme cases, criminal liability for engaging in medical practice without a license, our agreements could be found legally invalid and unenforceable (in whole or in part) or we could be required to restructure our contractual arrangements. We, our in-house and externally engaged physicians and the facilities in which they operate are subject to various federal, state and local licensing and certification laws and regulations and accreditation standards and other laws, relating to, among other things, the adequacy of medical care, equipment, privacy of member information, physician relationships, personnel and operating policies and procedures. Failure to comply with these licensing, certification and accreditation laws, regulations and standards could result in prior payments being subject to recoupment, requirements to make significant changes to our operations and can give rise to civil or, in extreme cases, criminal penalties. We routinely take the steps we believe are necessary to retain or obtain all requisite licensure and operating authorities. While we have made reasonable efforts to substantially comply with federal, state and local licensing and certification laws and regulations and standards as we interpret them, the agencies that administer these programs may find that we have failed to comply in some material respects. If this were to occur, we could be subject to civil and/or criminal penalties, or we could be required to close or limit our operations at relevant sites. In jurisdictions where the corporate practice of medicine is prohibited, we have historically operated by maintaining long-term management and administrative services contracts with multiple associated professional medical entities that are wholly owned or primarily owned by physicians employed by us and, in turn, employ or contract with physicians to provide those professional medical services required by our members. Under these management agreements, our primary operating subsidiary performs only non-medical administrative services, does not represent that it offers medical services and does not exercise influence or control over the practice of medicine by the physicians or the associated physician groups. In addition to the above management arrangements, we have certain contractual rights relating to the orderly transfer of equity interests in our associated physician practices through succession agreements and other arrangements with their physician equity holders. Such equity interests cannot, however, be transferred to or held by us or by any non-professional medical entity. Accordingly, neither we nor our direct subsidiaries directly own any equity interests in any of our physician practices. In the event that any of the physician owners of our associated physician practices fail to comply with the management arrangement, if any management arrangement is terminated and/or we are unable to enforce our contractual rights over the orderly transfer of equity interests in any of our associated physician practices, such events could have a material adverse effect on our business, results of operations, financial condition and cash flows. It is possible that a state regulatory agency or a court could determine that our agreements with physician equity holders of our associated physician practices and the way we carry out these arrangements as described above, either independently or coupled with the management services agreements with such associated physician practices, are in violation of prohibitions on the corporate practice of medicine. As a result, these arrangements could be deemed invalid. Such a determination could force a restructuring of our management arrangements with the affected practices, which might include revisions of the management services agreements, including a modification of the management fee and/or establishing an alternative structure that would permit us to contract with a physician network without violating prohibitions on the corporate practice of medicine. Such a restructuring may not be feasible, or it may not be possible to accomplish it within a reasonable time frame without a material adverse effect on our business, results of operations, financial condition and cash flows. Anti-Kickback, Physician Self-Referral and Other Fraud and Abuse Laws A federal law commonly referred to as the "Anti-Kickback Statute" prohibits the offer, payment, solicitation, or receipt of any form of remuneration to induce, or in return for, the referral of Medicare or other governmental health program patients or patient care opportunities, or in return for the purchase, lease or order of items or services that are covered by Medicare or other federal governmental health programs. Because the prohibitions contained in the Anti-Kickback Statute apply to the furnishing of items or services for which payment is made in "whole or in part," the Anti-Kickback Statute could be implicated if any portion of an item or service we provide is covered by any of the state or federal health benefit programs described above. Violation of these provisions constitutes a felony criminal offense and applicable sanctions could include exclusion from the Medicare and Medicaid programs. Section 1877 of the Social Security Act, commonly known as the "Stark Law," prohibits physicians, subject to certain exceptions described below, from referring Medicare or Medicaid patients to an entity providing "designated health services" in which the physician, or an immediate family member, has an ownership or investment interest or with which the physician, or an immediate family member, has entered into a compensation arrangement. These prohibitions, contained in the Omnibus Budget Reconciliation Act of 1993, commonly known as "Stark II," amended prior federal physician self-referral legislation known as "Stark I" by expanding the list of designated health services to a total of 11 categories. The professional groups with which we are contracted or affiliated provide one or more of these designated health services. Persons or entities found to be in violation of the Stark Law are subject to denial of payment for services furnished pursuant to an improper referral, civil monetary penalties, and exclusion from the Medicare and Medicaid programs. A federal law commonly referred to as the "False Claims Act" prohibits the submission of a false or fraudulent claim to the government for payment or approval. Qui tam relators and/or the government may take the position that we submit certain data or information that could form the basis of a claim for payment, thus subjecting us to allegations under the False Claims Act. In such events, we could be subject to treble damages and per-claim penalties. Many states also have enacted laws similar in scope and purpose to the Anti-Kickback Statute and, in more limited instances, the Stark Law, that are not limited to services for which Medicare or Medicaid payment is made. In addition, most states have statutes, regulations, or professional codes that restrict a physician from accepting various kinds of remuneration in exchange for making referrals. These laws vary from state to state and have seldom been interpreted by the courts or regulatory agencies. In states that have enacted these statutes, we believe that regulatory authorities and state courts interpreting these statutes may regard federal law under the Anti-Kickback Statute and the Stark Law as persuasive. In addition, these laws are subject to modification and changes in interpretation, and are enforced by authorities vested with broad discretion. We continually monitor developments in this area. If we or our third parties with which we contract fail to comply with these laws, or if these laws are interpreted in a manner contrary to our interpretation or are reinterpreted or amended, or if new legislation is enacted with respect to healthcare fraud and abuse, illegal remuneration, or similar issues, we may be required to restructure our affected operations to maintain compliance with applicable law and/or be subject to liability. Such restructuring may not be possible or, if possible, may have a material adverse effect on our results of operations, financial position, or cash flows. Environmental We are subject to various federal, state, and local laws and regulations relating to the protection of human health and the environment. If an environmental regulatory agency finds any of our facilities to be in violation of environmental laws, penalties and fines may be imposed for each day of violation and the affected facility could be forced to cease operations. We could also incur other significant costs, such as cleanup costs or claims by third parties, as a result of releases of hazardous substances or violations of, or other liabilities under, environmental laws. Although we believe that our environmental practices, including waste handling and disposal practices, are in material compliance with applicable laws, future claims or violations, or changes in environmental laws, could have a material adverse effect on our results of operations, financial position or cash flows. State Regulation of Insurance-Related Products Laws in each of the states in which we operate our business license and regulate entities that offer health plans to residents of that state. The products we offer are sold under licenses issued by the applicable insurance regulators. However, for entities offering Medicare Advantage plans, federal law preempts all state laws and regulations except those relating to licensing and financial solvency. With respect to state regulation of financial solvency, certain of our licensed insurance subsidiaries are subject to regulation under state insurance holding company regulations. These regulations generally require, among other things, prior approval and/or notice of certain material transactions, including dividend payments, purchases or sales of assets, intercompany agreements, and the filing of various financial and operational reports. The amount of dividends that may be paid to us by these insurance subsidiaries, without prior approval by state regulatory authorities, or ordinary dividends, is limited based on the entity's level of statutory income and statutory capital and surplus. Actual dividends paid may vary due to consideration of excess statutory capital and surplus and expected future surplus requirements. We continue to maintain our levels of aggregate excess statutory capital and surplus in our state-regulated operating subsidiaries. Dividends from our non-insurance companies are generally not restricted by departments of insurance. If any of our plans or operations are found to violate these or other applicable government laws or regulations, we could suffer severe consequences that would have a material adverse effect on our business, results of operations, financial condition, cash flows, reputation and stock price, including: - suspension or termination of one or more of our plans;- refunds of amounts received in violation of law or applicable payment program requirements dating back to the applicable statute of limitation periods;- loss of our required government certifications;- loss of our licenses required to operate our clinics and in-house care delivery programs;- criminal or civil liability, fines, damages or monetary penalties for violations of healthcare fraud and abuse laws, including the federal Anti-Kickback Statute, Stark Law and FCA, or other failures to meet regulatory requirements;- enforcement actions by governmental agencies and/or state law claims for monetary damages by members who believe their PHI has been used, disclosed or not properly safeguarded in violation of federal or state patient privacy laws, including HIPAA and the Privacy Act of 1974;- mandated changes to our practices or procedures that significantly increase operating expenses;- imposition of and compliance with corporate integrity agreements that could subject us to ongoing audits and reporting requirements as well as increased scrutiny of our billing and business practices which could lead to potential fines, among other things;- termination of various relationships and/or contracts related to our business, including joint venture arrangements, medical director agreements, real estate leases and consulting agreements with physicians; and - harm to our reputation which could negatively impact our business relationships, affect our ability to attract and retain members and physicians, affect our ability to obtain financing and decrease access to new business opportunities, our ability to develop relationships with providers, among other things.

The CARES Act, enacted on March 27, 2020, in response to the COVID-19 pandemic, amended the U.S. federal tax code, generally on a temporary basis. There can be no assurance that future tax law changes will not increase the rate of the corporate income tax significantly, impose new limitations on deductions, credits or other tax benefits, or make other changes that may adversely affect our business, cash flows or financial performance. In addition, the Internal Revenue Service (the "Service") has yet to issue guidance on a number of important issues regarding the changes made by the CARES Act. In the absence of such guidance, we will take positions with respect to a number of unsettled issues. There is no assurance that the Service or a court will agree with the positions taken by us, in which case tax penalties and interest may be imposed that could adversely affect our business, cash flows or financial performance.

The Inflation Reduction Act of 2022 ("IRA"), signed into law on August 16, 2022, reflects an ongoing effort to control prescription drug costs and reduce spending by the federal government. The IRA contains several provisions that impact the Part D program and that may influence our benefit design and profitability. For example, beginning in 2024, Part D plans are required to eliminate member cost-sharing in the catastrophic phase of the benefit, and in 2025, plans must implement a cap on member out-of-pocket spending of $2,000. These changes may significantly alter the plans that we offer and may adversely affect our business, results of operations and financial condition.