Myriad Genetics (MYGN) Risk Analysis

Historically, the FDA had exercised enforcement discretion with respect to most LDTs and generally not required laboratories that furnish LDTs to comply with the agency's requirements for medical devices (e.g., establishment registration, device listing, quality systems regulations, premarket clearance or premarket approval, and post-market controls). However, in May 2024, the FDA issued a final rule to regulate LDTs under the current medical device framework and phasing out its existing enforcement discretion policy for this category of diagnostic tests over several years. The effective date of the agency's final rule was July 5, 2024. The agency's final rule provides that the LDT enforcement policy phase-out process will occur in gradual stages over a total period of four years, with premarket approval applications for high-risk tests to be submitted by the 3.5-year mark. Moderate-risk and low-risks tests are expected to be in compliance at the 4-year mark, although FDA has stated that if premarket submissions are pending review it will continue to exercise enforcement discretion with respect to those tests. As of December 31, 2024, none of our products other than MyChoice CDx and BRACAnalysis CDx are marketed by us under the FDA's requirements for medical devices. The FDA's final rule is complex and, concurrently, the agency announced several exceptions from the requirement to comply with full medical device regulatory controls, depending upon the specific nature of the LDT and the clinical laboratory that is offering such LDT for use by health care providers. Of potential relevance is the agency's position on LDTs that were marketed prior to the official publication date of the final rule. Such "currently marketed" tests are subject to many of the device regulatory controls but are exempted from the premarket review and FDA authorization requirements (unless or until significant modifications are made to such "currently marketed" tests). Similarly, the FDA has created a partial enforcement discretion policy for tests approved by New York's Clinical Laboratory Evaluation Program whereby such tests also do not need to undergo FDA premarket review but must come into compliance with all other device general controls in a stagged fashion between 2025 and 2027. We have begun the process of evaluating the final rule's potential impact on our tests, our operations, and our business more generally. On May 29, 2024, the ACLA and one of its members filed a complaint against the FDA in the Eastern District of Texas, alleging that the agency does not have authority to promulgate the LDT final rule and seeking to vacate the FDA's action. A second lawsuit was also filed against FDA by the AMP on August 19, 2024 in the Southern District of Texas, and subsequently the two cases were consolidated into a single action pending in the Eastern District of Texas. Briefing is ongoing in the consolidated case, and the outcome of such litigation is uncertain. The litigation could potentially affect FDA's plans to implement these new LDT requirements, making the potential implementation timeline somewhat uncertain, although no preliminary injunction has been issued to date. Accordingly, the agency has continued its implementation efforts by actively providing guidance and training to clinical laboratories on how to comply with medical device general controls. Affected stakeholders also continue to press for a comprehensive legislative solution to create a harmonized paradigm for oversight of LDTs by both the FDA and CMS, instead of implementation of the FDA's final rule, which may be disruptive to the industry and to patient access to certain diagnostic tests. However, this FDA rulemaking was initiated after years of failed congressional attempts to harmonize the regulatory paradigms applicable to LDTs and other IVDs, making it unclear whether any legislative efforts would be successful going forward. If FDA prevails in the Texas litigation and is able to fully implement the multi-year phase-in plan for the LDT final rule or Congress enacts comprehensive legislation to regulate in vitro diagnostics that moots the need for the LDT final rule, it could have a materially adverse impact on our results of operations. Failure to comply with any applicable FDA requirements could trigger a range of enforcement actions by the FDA, including warning letters, civil monetary penalties, injunctions, criminal prosecution, recall or seizure, operating restrictions, partial suspension or total shutdown of operations and denial of or challenges to applications for clearance or approval, as well as significant adverse publicity.

We may from time to time be subject to government investigations, which may divert management resources and attention, cause us to incur substantial costs, and/or result in negative publicity, and any unfavorable outcome arising from such investigation may have a material adverse effect on our financial condition, results of operations and cash flows. For example, in June 2016, our wholly-owned subsidiary, Crescendo Bioscience, LLC (formerly known as Crescendo Bioscience, Inc.) (CBI), received a subpoena from the OIG requesting that CBI produce documents relating to entities that received payment from CBI for the collection and processing of blood specimens for testing, including a named unrelated company, healthcare providers and other third-party entities. On January 30, 2020, the U.S. District Court for the Northern District of California unsealed a qui tam complaint, filed on April 16, 2016 against CBI, alleging violations of the federal and California False Claims Acts and the California Insurance Fraud Prevention Act (CIFPA). On January 22, 2020, after a multi-year investigation into CBI's and our alleged conduct, the United States declined to intervene. On January 27, 2020, the State of California likewise filed its notice of declination. On April 1, 2022, we settled the qui tam lawsuit pursuant to which we paid a total of $45.25 million to the United States and the State of California and $2.75 million to relator's counsel. The qui tam lawsuit was formally dismissed by the U.S. District Court for the Northern District of California on May 4, 2022. We may be subject to future claims or investigations under the Federal False Claims Act or a similar state law, and any unfavorable outcome arising from such claims or investigation could have a material adverse effect on our financial condition, results of operations and cash flows.

We are, and may become, subject to numerous domestic and international data protection laws and regulations that address privacy and data security and may affect our collection, use, storage, and transfer of personal information. The legislative and regulatory landscape for data protection continues to rapidly evolve, and in recent years there has been an increasing focus on privacy and data security issues with the potential to affect our business. In the United States, numerous federal and state laws and regulations, including state data breach notification laws, state genetic testing laws, state health information privacy laws and federal and state consumer protection laws govern the collection, use, disclosure and protection of health-related and other personal and protected health information. Implementation standards and enforcement practices are likely to remain uncertain for the foreseeable future, which may create uncertainty in our business, affect our or our service providers' ability to operate in certain jurisdictions or to collect, store, transfer, use and share personal data, result in liability, or impose additional compliance or other costs on us. Failure, or perceived failure, to comply with these laws and regulations, where applicable, could result in government enforcement actions, which could include civil or criminal penalties, private litigation and/or adverse publicity, diversion of management time and effort, and could negatively affect our operating results and business. Various U.S. states now regulate the processing of personal information. For example, California was the first of an increasing number of states to enact comprehensive state privacy legislation with the California Consumer Privacy Act (CCPA), which went into effect in January of 2020. The CCPA established a privacy framework for covered businesses by creating an expanded definition of personal information, establishing data privacy rights for California residents, requiring covered businesses to provide disclosures to California residents, and creating a statutory damages framework with the potential for severe damages for violations of the CCPA and for businesses that fail to implement reasonable security procedures and practices to prevent data breaches, as well as a private right of action for certain data breaches. Additionally in 2020, California voters passed the California Privacy Rights Act (CPRA), which went into effect on January 1, 2023. The CPRA significantly amended the CCPA, potentially resulting in further uncertainty, additional costs and expenses in an effort to comply and additional potential for harm and liability for failure to comply. Among other things, the CPRA established a new regulatory authority, the California Privacy Protection Agency, which enacts new regulations under the CPRA and has expanded enforcement authority. More U.S. states are enacting similar legislation, increasing compliance complexity and increasing risks of failures to comply. In 2023, comprehensive privacy laws in Virginia, Colorado, Connecticut, and Utah all took effect, and laws in Montana, Oregon, and Texas took effect in 2024. Laws in a number of other U.S. states took effect, or are set to take effect, in 2025, 2026, and beyond. Additional U.S. states have proposals under consideration, all of which are likely to increase our regulatory compliance costs and risks, exposure to regulatory enforcement action, and other liabilities. Likewise, the Federal Trade Commission and state attorneys general have been actively enforcing laws that protect consumers from unfair and deceptive acts or practices, including with respect to privacy and security. If our public statements regarding collection, use, storage or disclosure of personal information are or are perceived to be inconsistent with our actual practices, we may face claims under Section 5 of the Federal Trade Commission Act or state law equivalents. Numerous other countries have, or are developing, laws governing the collection, use and transmission of personal data as well. For example, the EU's GDPR became effective in 2018 and imposed a broad data protection framework that expanded the scope of EU data protection law, including to non-EU entities meeting the jurisdictional requirements that process, or control the processing of, personal data relating to individuals located in the EU, including clinical trial data. GDPR sets out a number of requirements for controllers and/or processors, as applicable, that must be complied with when handling the personal data of EU based data subjects, including: providing expanded disclosures about how their personal data will be used; higher standards for organizations to demonstrate that they have a legal basis to justify their data processing activities; the obligation to appoint data protection officers in certain circumstances; new rights for individuals to be "forgotten" and rights to data portability, as well as enhanced current rights (e.g., access requests); the principal of accountability and demonstrating compliance through policies, procedures, training and audit; and a new mandatory data breach regime. In particular, medical or health data, genetic data and biometric data are all classified as "special category" data under GDPR and afford greater protection and require additional compliance obligations. Further, EU member states have a broad right to impose additional conditions-including restrictions-on these data categories. This is because GDPR allows EU member states to derogate from the requirements of GDPR mainly in regard to specific processing situations (including special category data and processing for scientific or statistical purposes). GDPR is applicable to part of our business and has increased our responsibility and liability in relation to personal data that we process, and we may be required to put in place additional procedures to comply. GDPR is complex and regulatory guidance continues to evolve. Furthermore, national GDPR variations, including the fields of clinical study and other health-related information may raise our costs of compliance and result in greater legal risks. Relatedly, following Brexit and the expiry of the Brexit transition period, which ended on December 31, 2020, the EU GDPR has been implemented in the United Kingdom (as the UK GDPR). The UK GDPR sits alongside the United Kingdom Data Protection Act 2018 which implements certain derogation in the GDPR into UK law. Under the UK GDPR, companies not established in the United Kingdom but who process personal data in relation to the offering of goods or services to individuals in the United Kingdom, or to monitor their behavior will be subject to the UK GDPR – the requirements of which are (at this time) largely aligned with those under the GDPR and as such, may lead to similar compliance and operational costs with potential fines of up to £17.5 million or 4% of global turnover. We are also subject to evolving GDPR requirements on data export, because we transfer data to third countries outside of the EU that are not deemed "adequate." GDPR only permits exports of personal data outside of the EU to "non-adequate" countries where there is a suitable data transfer mechanism in place to safeguard personal data (e.g., the EU Commission approved Standard Contractual Clauses or certification under the newly-adopted Data Privacy Framework). On July 16, 2020, the Court of Justice of the EU (CJEU) issued a landmark opinion in the case Maximilian Schrems vs. Facebook (Case C-311/18) (Schrems II). This decision calls into question certain data transfer mechanisms as between the EU member states and the United States. The CJEU is the highest court in Europe and the Schrems II decision heightened the burden to assess United States national security laws on their business, and future actions of EU data protection authorities are difficult to predict at this time. While the newly-adopted Data Privacy Framework was meant to address the concerns raised by the CJEU in Schrems II, it will likely be subject to future legal challenges. Consequently, there is some risk of any data transfers from the EU being halted. If we have to rely on third parties to carry out services for us, including processing personal data on our behalf, we are required under GDPR to enter into contractual arrangements to flow down or help ensure that these third parties only process such data according to our instructions and have sufficient security measures in place. Any security breach or non-compliance with our contractual terms or breach of applicable law by such third parties could result in enforcement actions, litigation, fines and penalties or adverse publicity and could cause customers to lose trust in us, which would have an adverse impact on our reputation and business. Any contractual arrangements requiring the processing of personal data from the EU to us in the U.S. will require greater scrutiny and assessments as required under Schrems II and may have an adverse impact on cross-border transfers of personal data or increase costs of compliance. GDPR provides an enforcement authority to impose large penalties for noncompliance, including the potential for fines of up to €20 million or 4% of the annual global revenues of the noncompliant company, whichever is greater. Applicable data privacy and data protection laws may conflict with each other, and by complying with the laws or regulations of one jurisdiction, we may find that we are violating the laws or regulations of another jurisdiction. Despite our efforts, we may not have fully complied with all applicable data privacy and data protection laws in the past and we may not do so in the future. Compliance with such laws and regulations could require us to incur significant expenses or modify our practices, each of which could adversely affect our business. Failure to comply with data protection laws may expose us to risk of enforcement actions taken by data protection authorities or other regulatory agencies, private rights of action in some jurisdictions, and potential significant penalties if we are found to be non-compliant. Furthermore, the number of government investigations related to data security incidents and privacy violations continue to increase and government investigations typically require significant resources and generate negative publicity, which could harm our business and reputation.

We believe our future success is dependent upon our ability to successfully market our existing tests to additional patients within the United States, to expand into new product markets, to develop and commercialize new tests and to maintain or obtain reimbursement for our tests. However, we may not be able to generate sufficient revenue, from our existing tests and launching and commercializing new tests, to be profitable. For the year ended December 31, 2024, our net loss was $127.3 million and we expect to continue to incur net losses in future years. The demand for our existing tests may decrease or may not continue to increase at historical rates due to sales of new tests that may replace or cannibalize our existing product portfolio, or for other reasons such as the introduction of competing testing products by competitors. For example, because most of our tests are only utilized once per patient, we will need to sell our products to new patients or develop new tests in order to continue to generate revenue. Our average reimbursement rate per test may also decline, which may cause our revenue to decrease. Our pipeline of new test candidates, such as FirstGene, Precise Liquid, and Precise MRD, are in various stages of development, some of which may take many more years to develop and must undergo extensive clinical validation. We may be unable to discover or develop any additional tests through the utilization of our technologies or technologies we license or acquire from others. Even if we develop tests for commercial use, we may not be able to develop tests that: - meet applicable regulatory standards, in a timely manner or at all;- successfully compete with other technologies and tests;- avoid infringing the proprietary rights of others;- are adequately reimbursed by third-party payors;- can be performed at commercial levels or at reasonable cost; or - can be successfully marketed. We must generate significant revenue to achieve profitability. Even if we succeed in marketing our existing tests to physicians for use in new patients and in developing and commercializing any new tests, we may not be able to generate sufficient revenue to be profitable.

As of December 31, 2024, our patent portfolio included issued patents owned or licensed by us and numerous patent applications in the United States and other countries with claims protecting our intellectual property rights. Our commercial success will depend, in part, on our ability to obtain additional patents and licenses and protect our existing patent position, both in the United States and in other countries, for compositions, processes, methods and other inventions that we believe are patentable. Our ability to preserve our trade secrets, proprietary data bases and other intellectual property is also important to our long-term success. If our intellectual property is not adequately protected, competitors may be able to use our technologies and erode or negate any competitive advantage we may have, which could harm our business and ability to achieve profitability. Patents may also issue to third parties which could interfere with our ability to bring our tests to market. The laws of some foreign countries do not protect our proprietary rights to the same extent as U.S. laws, and we may encounter significant problems in protecting our proprietary rights in these countries. The patent positions of diagnostic companies, including our patent position, are generally highly uncertain and involve complex legal and factual questions, and, therefore, any patents issued to us may be challenged, deemed unenforceable, invalidated or circumvented. We will be able to protect our proprietary rights from unauthorized use by third parties only to the extent that our proprietary technologies and any future tests are covered by valid and enforceable patents or are effectively maintained as trade secrets. Our patent applications may never issue as patents, and the claims of any issued patents may not afford meaningful protection for our technology or tests. In addition, any patents issued to us or our licensors may be challenged, and subsequently narrowed, invalidated or circumvented. Where necessary, we may initiate litigation to enforce our patent or other intellectual property rights. Any such litigation may require us to spend a substantial amount of time and money and could distract management from our day-to-day operations. Moreover, there is no assurance that we will be successful in any such litigation. The degree of future protection for our proprietary rights is uncertain, and we cannot ensure that: - we or our licensors were the first to make the inventions covered by each of our patent applications;- we or our licensors were the first to file patent applications for these inventions;- others will not independently develop similar or alternative technologies or duplicate any of our technologies;- any of our or our licensors' patent applications will result in issued patents;- any of our or our licensors' patents will be valid or enforceable;- any patents issued to us or our licensors and collaborators will provide a basis for commercially viable tests, will provide us with any competitive advantages or will not be challenged by third parties;- we will develop additional proprietary technologies or tests that are patentable;- the patents of others will not have an adverse effect on our business; or - our patents or patents that we license from others will survive legal challenges and remain valid and enforceable. If a third party files a patent application with claims to subject matter we have invented, the U.S. Patent and Trademark Office, or USPTO, may declare interference between competing patent applications. If an interference is declared, we may not prevail in the interference. If the other party prevails in the interference, we may be precluded from commercializing services or tests based on the invention or may be required to seek a license. A license may not be available to us on commercially acceptable terms, if at all. We also rely on trade secrets to protect our proprietary technologies and databases, especially where we do not believe patent protection is appropriate or obtainable. However, trade secrets are difficult to protect. We rely in part on confidentiality agreements with our employees, consultants, outside scientific collaborators, sponsored researchers and others to protect our trade secrets and other proprietary information. These agreements may not effectively prevent disclosure of confidential information and may not provide an adequate remedy if unauthorized disclosure of confidential information occurs. In addition, others may independently discover our trade secrets and proprietary information. Costly and time-consuming litigation could be necessary to enforce and determine the scope of our proprietary rights, and failure to obtain or maintain trade secret protection could adversely affect our competitive position.

Information technology (IT) and communication systems are an important part of our business operations. These IT and communications systems support a variety of functions, including sample processing, tracking, quality control, customer service and support, billing, research and development activities, and various general and administrative activities. The availability of our products and services and fulfillment of our customer contracts depends on the continuing operation of these systems. In addition to our internally managed IT and communication systems, we rely on third-party IT and communication systems, some of which include cloud-based services, including data center hosting facilities. Our IT and communication systems, and those of third-parties upon which we rely, may be susceptible to damage, disruptions or shutdowns due to power outages, hardware failures, computer viruses, attacks by computer hackers, telecommunication failures, user errors, natural disasters, or other unforeseen events. Our IT and communication systems, and those of third-parties upon which we rely, also may experience interruptions, delays or cessations of service or produce errors in connection with system implementation, integration, upgrades or system migration work that takes place from time to time. In addition, we may face challenges in maintaining the operational effectiveness of such IT and communication systems due to aging, accumulated technical debt, and gaps in our software release processes. If we were to experience a prolonged IT system disruption involving our interactions with customers, providers or suppliers, it could result in material adverse effects on our business. Furthermore, cybersecurity incidents impacting our IT systems, and those of third-parties upon which we rely, could result in the misappropriation or unauthorized disclosure of personal, sensitive, proprietary or other confidential information relating to us, our employees, partners, customers, suppliers, or other third-parties, which could result in our suffering significant financial or reputational damage. Additionally, any disruption, failure, or breach of our IT and communications systems, or those of third-parties upon which we rely, could significantly impact our operations. For instance, if a key third party vendor experiences a cybersecurity incident, it could compromise our data security and lead to financial losses, regulatory penalties, and reputational damage. Additionally, any operational disruptions from our third party vendors, such as delays in supply chain deliveries, could adversely affect our ability to meet customer demands and maintain business continuity.

We have relationships with research collaborators at academic and other institutions who conduct research at our request. These research collaborators are not our employees. As a result, we have limited control over their activities and, except as otherwise required by our collaboration agreements, can expect only limited amounts of their time to be dedicated to our activities. Our ability to discover genes, proteins, and biomarkers involved in human disease and validate and commercialize tests will depend in part on the continuation of these collaborations. If any of these collaborations are terminated, we may not be able to enter into other acceptable collaborations. In addition, our existing collaborations may not be successful. Our research collaborators and scientific advisors may have relationships with other commercial entities, some of which could compete with us. Our research collaborators and scientific advisors sign agreements which provide for the confidentiality of our proprietary information. We may not, however, be able to maintain the confidentiality of our technology and other confidential information related to all collaborations. The dissemination of our confidential information to third parties could have a material adverse effect on our business.

In both domestic and foreign markets, sales of our tests or any future tests will depend in large part upon the availability of reimbursement from third-party payors. Such third-party payors include state and federal health care programs such as Medicare, managed care organizations, other private health insurers and other organizations. These third-party payors are increasingly attempting to contain health care costs by demanding price discounts and limiting both coverage regarding which tests they will pay for and the amounts that they will pay for existing and new tests. We have experienced coverage limitations and price reductions for many of our products, including for our GeneSight Psychotropic Mental Health Medication Test, and we may continue to experience future coverage limitations and price reductions from CMS, managed care organizations, and other third-party payors. We do not receive reimbursement from third-party payers or payment from patients for many of the tests we perform. The fact that a test has been approved for reimbursement in the past, for any particular indication or in any particular jurisdiction, does not guarantee that such a test will be approved or remain approved for reimbursement, that the reimbursement amount approved for such test will not be reduced in the future, or that similar or additional tests will be approved for reimbursement in the future. For example, UnitedHealthcare updated its medical policy for pharmacogenetic testing to no longer provide coverage for certain multi-gene panel pharmacogenetic tests, including our GeneSight test, under its commercial and individual exchange benefit plans and certain managed Medicaid plans. The change took effect for commercial and individual exchange benefit plans on January 1, 2025, and is expected to take effect for impacted managed Medicaid plans during the first half of 2025. For the year ended December 31, 2024, we recognized approximately $45.0 million of revenue for GeneSight testing from UnitedHealthcare, consisting of approximately $40.0 million for UnitedHealthcare commercial and approximately $5.0 million for impacted UnitedHealthcare managed Medicaid plans. We anticipate that the change in UnitedHealthcare coverage will negatively impact our revenue, profitability and cash flow in 2025 and thereafter. While we intend to continue our engagement with UnitedHealthcare regarding its decision to change its GeneSight coverage policy, there is no guarantee that our efforts will be successful or that our GeneSight test will be covered by UnitedHealthcare in the future. If unchanged, UnitedHealthcare's updated medical policies will prevent us from sustaining previous GeneSight revenue or profitability levels and may materially and adversely affect our business and financial results as a whole and could lead to coverage changes in other UnitedHealthcare plans and at other payors. In addition, the lack of reimbursement for our GeneSight test may discourage providers from ordering it for their patients. Moreover, there can be no assurance that any new tests we have launched or may launch will be reimbursed at rates that are comparable to the rates that we historically obtained for our existing product portfolio. As a result, third-party payors may not cover or provide adequate payment for our current or future tests to enable us to maintain past levels of revenue or profitability with respect to such tests. Further, third-party reimbursement might not be available to enable us to maintain price levels sufficient to realize an appropriate return on investment in product development. In addition, under PAMA, Medicare reimbursement for any given test is based on the weighted-median of the payments made by private payors for such test, rendering private payor payment levels even more significant. As a result, future Medicare payments may fluctuate more often and become subject to the willingness of private payors to recognize the value of tests generally and any given test individually. Since December 2019, Congress has passed a series of laws to modify PAMA's statutory requirements related to the data reporting period and phase-in of payment reductions under the CLFS for CDLTs that are not ADLTs. Most recently, the Further Continuing Appropriations and Extensions Act, 2025 (Pub.L. 118-83, enacted on September 26, 2024) further delayed the reporting requirement as well as the application of the 15% phase-in reduction. Under these statutory provisions, the next data reporting period for CDLTs that are not ADLTs will be January 1, 2026 through March 31, 2026. The same series of laws modified the phase-in of payment reductions resulting from private payor rate implementation so that a 0.0 percent reduction limit was applied for calendar years 2021 through 2024. The Further Continuing Appropriations and Extensions Act, 2025 further applied a 0.0 percent reduction limit for calendar year 2025. Consequently, payment may not be reduced by more than 15 percent per year for calendar years 2026 through 2028 as compared to payment amount established for a test the prior year. Any declines in average selling prices of our products due to pricing pressures may have an adverse impact on our business, results of operations and financial condition. Third-party payors may also impose prior authorization requirements, dispute our billing or coding and may decide to deny payment or recoup payment for testing that they contend to have been not medically necessary, against their coverage determinations, or for which they have otherwise overpaid, and we may be required to change our revenue estimates for previously delivered tests or refund reimbursements already received. We have also experienced delays or denials of coverage for failure to adequately comply with procedural requirements imposed by third-party payors to obtain reimbursement. When a third-party payor denies payment for testing, we often are not able to collect payment from the patient, and therefore, we do not receive any payment from our testing. We also periodically receive and respond to requests for recoupment from third-party payors in the ordinary course of business. In addition, if a third-party payor successfully proves that payment for prior testing was in breach of contract or otherwise contrary to law, they may recoup payment, which amounts could be significant and would impact our results of operations. We may also continue to negotiate and settle with third-party payers in order to resolve allegations of overpayment. As part of our revenue recognition process, we estimate the expected amount of consideration to be received from our tests using all the information (historical, current, and forecast) that is reasonably available to identify possible consideration amounts. The estimate of revenue is affected by, among other factors, changes in payor mix, payor collections, current customer contractual requirements, experience with collections from third-party payors, and changes in medical policies. We have experienced, and may continue to experience, positive and negative changes in our revenue estimates for previously delivered tests as a result of third-party payors disputing our bills or denying payment for tests that we have performed or from changes in the estimated transaction price due to contractual adjustments, obtaining updated information from payors and patients that was unknown at the time the performance obligation was met and settlements with third-party payors. While we believe our revenue recognition process is reasonable and performed in accordance with applicable accounting standards, we cannot guarantee that our revenue estimates for our tests will be accurate or equal the amount of cash actually collected or that we will not continue to recognize positive or negative changes in our revenues for tests performed in prior periods. For example, we have one third-party payor that represents 18% and 12% of our total accounts receivable balance as of December 31, 2024 and December 31, 2023. If the actual amount of cash collected from this payor differs from our current estimates, our revenue may be materially impacted. Third-party payors, such as commercial health insurers and government payors and programs, may also adopt requirements, programs or policies that may restrict or adversely affect our business. For example, in September 2022, the California Department of Public Health (CDPH) implemented regulatory amendments making the California Prenatal Screening (PNS) Program the exclusive provider of cell-free DNA (cfDNA) trisomy screening in California. These regulatory amendments set reimbursement rates significantly below prior levels and barred non-participating laboratories from offering or performing cfDNA trisomy screening in California. As we were not a participating laboratory under the PNS Program, we would have been prohibited from offering or performing our Prequel screening test in California. However, on September 16, 2022, we filed jointly with Laboratory Corporation of America Holdings (Labcorp) a writ petition in the Superior Court of the State of California, County of San Francisco, against the CDPH and its Director, seeking to block the exclusivity regulation. The Superior Court granted a preliminary injunction on November 2, 2022, and later issued a permanent injunction on April 28, 2023, preventing enforcement of the regulation. A final judgment was entered on June 1, 2023, and CDPH did not appeal. As a result of the foregoing, we expect to continue to be able to offer and perform our Prequel screening test in California. However, the possibility that we might not have been able to continue to offer our Prequel screening test in California had a chilling effect on sales of our Prequel screening test in California. U.S. and foreign governments continue to propose and pass legislation designed to reduce the cost of health care. For example, in some foreign markets, the government controls the pricing of many health care products. We expect that there will continue to be federal and state proposals to implement governmental controls or impose health care requirements. In addition, the Medicare program and increasing emphasis on managed care in the United States will continue to put pressure on product pricing. Cost control initiatives could decrease the price that we would receive for any tests in the future, which would limit our revenue and profitability.