Technology for Economic and Clinical Health Act (collectively, HIPAA), the General Data Protection Regulation (GDPR), or the California Consumer Privacy Act of 2018 (CCPA)) or under authority of privacy enforcing governmental entities (such as the Federal Trade Commission (FTC), or the U.S. Department of Health and Human Services (HHS)) or as a result of private actions, such as class actions based on data breaches or based on private rights of action (such as that contained in the CCPA). Certain litigation or the resolution of certain litigation may affect the availability or cost of some of our insurance coverage, which could adversely impact our results of operations and cash flows, expose us to increased risks that would be uninsured and adversely impact our ability to attract directors and officers. In addition, such litigation could result in increased scrutiny by government authorities having authority over our business, such as the FTC, the HHS, Office for Civil Rights (OCR), and state attorneys general.
Security breaches, loss of data, and other disruptions could compromise sensitive information related to our business, customers, members, or partners, or prevent us from accessing critical information and expose us to liability, which could adversely affect our business and our reputation.
In the ordinary course of our business, we collect, store, use, and disclose sensitive data, including protected health information (PHI), and other types of personal data or personally identifiable information (PII). We also process and store, and use additional third parties to process and store, sensitive information including intellectual property and other proprietary business information, including that of our customers and members. We manage and maintain our technology platform and data utilizing a combination of on-site systems, mobile applications, managed data center systems, and cloud-based computing center systems. We are highly dependent on information technology networks, mobile applications, and systems, including the Internet, to securely process, transmit, and store this critical information. This is particularly true as our workforce is currently working remotely due to the COVID-19 pandemic. Security breaches of this infrastructure, including physical or electronic break-ins, computer viruses, attacks by hackers, and similar breaches, and employee or contractor error, negligence, or malfeasance, can create system disruptions, shutdowns, or unauthorized disclosure or modifications of confidential information, causing member health information to be accessed or acquired without authorization or to become publicly available. We utilize third-party service providers for important aspects of the collection, storage, and transmission of customer and member information, and other confidential and sensitive information, and therefore rely on third parties to manage functions that have material cybersecurity risks. Our technology platform also utilizes artificial intelligence and machine learning technology to provide services, and this technology is susceptible to cybersecurity threats, as PHI, PII, and other confidential and sensitive information may be integrated into the platform. Because of the sensitivity of the PHI, other PII, and other confidential information we and our service providers collect, store, transmit, and otherwise process, the security of our technology platform and other aspects of our solutions, including those provided or facilitated by our third-party service providers, are important to our operations and business strategy.
We take certain administrative, physical, and technological safeguards to address these risks, such as by requiring outsourcing subcontractors and partners, including trusted suppliers, who handle customer and member information for us to enter into agreements that contractually obligate those subcontractors and partners to comply with applicable privacy laws, such as HIPAA, and otherwise use reasonable efforts to safeguard PHI, other PII, and other sensitive information. For those subcontractors and partners who handle PHI on our behalf, we enter into business associate agreements as required by HIPAA. Measures taken to protect our systems, those of our subcontractors and partners, or the PHI, other PII, or other sensitive data we, our subcontractors, or our partners process or maintain, may not adequately protect us from the risks associated with the collection, storage, and transmission of such information.
Although we take steps to help protect confidential and other sensitive information (including PHI and PII) from unauthorized access or disclosure, our information technology and infrastructure has been in the past and may be vulnerable in the future to attacks by hackers or viruses, failures, or breaches due to third-party action, employee negligence or error, malfeasance, or other incidents or disruptions. A security incident or privacy violation that we experience (or that occurs at a subcontractor, trusted supplier or customer) that leads to disclosure or unauthorized use or modification of, or that prevents access to or otherwise impacts the confidentiality, security, or integrity of, member information, including PHI or other PII, or other sensitive information we, our subcontractors, or our partners maintain or otherwise process, could harm our reputation, compel us to comply with breach notification laws, cause us to incur significant costs for remediation, fines, penalties, notification to customers, affected individuals, including regulatory authorities and the media, and for measures intended to repair or replace systems or technology and to prevent future occurrences, potential