Our employees and independent contractors, including principal investigators, consultants, commercial collaborators, service providers and other vendors may engage in misconduct or other improper activities, including noncompliance with regulatory standards and requirements, which could have an adverse effect on our results of operations.
We are exposed to the risk that our employees and independent contractors, including principal investigators, consultants, any future commercial collaborators, service providers and other vendors may engage in misconduct or other illegal activity. Misconduct by these parties could include intentional, reckless and/or negligent conduct or other unauthorized activities that violate the laws and regulations of the FDA and other similar regulatory bodies, including those laws that require the reporting of true, complete and accurate information to such regulatory bodies; manufacturing standards; United States federal and state fraud and abuse laws, data privacy and security laws and other similar non-United States laws; or laws that require the true, complete and accurate reporting of financial information or data. Activities subject to these laws also involve the improper use or misrepresentation of information obtained in the course of clinical trials, the creation of fraudulent data in our preclinical studies or clinical trials, or illegal misappropriation of product, which could result in regulatory sanctions and cause serious harm to our reputation. It is not always possible to identify and deter misconduct by employees and other third-parties, and the precautions we take to detect and prevent this activity may not be effective in controlling unknown or unmanaged risks or losses or in protecting us from governmental investigations or other actions or lawsuits stemming from a failure to be in compliance with such laws or regulations. In addition, we are subject to the risk that a person or government could allege such fraud or other misconduct, even if none occurred. If any such actions are instituted against us, and we are not successful in defending ourselves or asserting our rights, those actions could have a significant impact on our business and financial results, including, without limitation, the imposition of significant civil, criminal and administrative penalties, damages, monetary fines, disgorgement, possible exclusion from participation in Medicare, Medicaid and other United States federal healthcare programs or healthcare programs in other jurisdictions, integrity oversight and reporting obligations to resolve allegations of non-compliance, imprisonment, other sanctions, contractual damages, reputational harm, diminished profits and future earnings and curtailment of our operations, any of which could adversely affect our ability to operate our business and our results of operations.
Actual or perceived failures to comply with United States and foreign privacy and data protection laws, regulations and standards may adversely affect our business, operations and financial performance.
We are subject to or affected by numerous federal, state and foreign laws and regulations, as well as regulatory guidance, governing the collection, use, disclosure, retention, and security of personal information, such as information that we collect about patients and healthcare providers in connection with clinical trials in the United States and abroad. The global data protection landscape is rapidly evolving, and implementation standards and enforcement practices are likely to remain uncertain for the foreseeable future. This evolution may create uncertainty in our business, affect our or any service providers’, contractors’ or future collaborators’ ability to operate in certain jurisdictions or to collect, store, transfer, use and share personal information, necessitate the acceptance of more onerous obligations in our contracts, result in liability or impose additional costs on us. The cost of compliance with these laws, regulations and standards is high and is likely to increase in the future. Any failure or perceived failure by us or our collaborators, service providers and contractors to comply with federal, state or foreign laws or regulations, our internal policies and procedures or our contracts governing processing of personal information could result in negative publicity, diversion of management time and effort and proceedings against us by governmental entities or others. In many jurisdictions, enforcement actions and consequences for noncompliance are rising.
As our operations and business grow, we may become subject to or affected by new or additional data protection laws and regulations and face increased scrutiny or attention from regulatory authorities. In the United States, HIPAA imposes, among other things, certain standards relating to the privacy, security, transmission and breach reporting of individually identifiable health information. Certain states have also adopted comparable privacy and security laws and regulations, some of which may be more stringent than HIPAA. Such laws and regulations will be subject to interpretation by various courts and other governmental authorities, thus creating potentially complex compliance issues for us and our future customers and strategic partners. For example, the CCPA gives California residents expanded rights to access and delete their personal information, opt out of certain personal information sharing, and receive detailed information about how their personal information is used. The CCPA provides for civil penalties for violations, as well as a private right of action