management’s attention from the operation of our business and result in adverse publicity, or otherwise experience a material adverse impact on our business, results of operations, financial condition, cash flows, reputation as a result.
If any of our managed clinics or TOI PCs lose their regulatory licenses, permits and/or accreditation status, or become ineligible to receive reimbursement under Medicare or Medicaid or other third-party Payors, there may be a material adverse effect on our business, financial condition, cash flows, or results of operations.
The operations of our managed clinics through the TOI PCs are subject to extensive federal, state and local regulation relating to, among other things, the adequacy of medical care, equipment, personnel, operating policies and procedures, dispensing of prescription drugs, fire prevention, rate-setting and compliance with building codes and environmental protection. Our managed clinics and TOI PCs are also subject to extensive laws and regulation relating to facility and professional licensure, conduct of operations, including financial relationships among healthcare providers, Medicare and Medicaid fraud and abuse and physician self-referrals, and maintaining updates to the TOI PCs’ enrollment in the Medicare and Medicaid programs, including addition of new clinic locations, providers and other enrollment information. Our managed clinics and TOI PCs are subject to periodic inspection by licensing authorities and accreditation organizations to assure their continued compliance with these various standards. There can be no assurance that these regulatory authorities will determine that all applicable requirements are fully met at any given time. Should any of our managed clinics or TOI PCs be found to be noncompliant with these requirements, we could be assessed fines and penalties, could be required to refund reimbursement amounts or could lose our licensure or Medicare and/or Medicaid certification or accreditation so that we or the TOI PCs are unable to receive reimbursement from such programs and possibly from other third-party payors, any of which could materially adversely affect our business, financial condition, cash flows or results of operations.
If we or the TOI PCs fail to comply with applicable data interoperability and information blocking rules, our consolidated results of operations could be adversely affected.
The 21st Century Cures Act (the “Cures Act”), which was passed and signed into law in December 2016, includes provisions related to data interoperability, information blocking and patient access. In March 2020, the HHS Office of the National Coordinator for Health Information Technology, or ONC, and CMS finalized and issued complementary rules that are intended to clarify provisions of the Cures Act regarding interoperability and information blocking, and include, among other things, requirements surrounding information blocking, changes to ONC’s health IT certification program and requirements that CMS-regulated payors make relevant claims/care data and provider directory information available through standardized patient access and provider directory application programming interfaces, or APIs, that connect to provider electronic health record systems, or EHRs. The companion rules will transform the way in which healthcare providers, health IT developers, health information exchanges/health information networks, or HIEs/HINs, and health plans share patient information, and create significant new requirements for healthcare industry participants. For example, the ONC rule, which went into effect on April 5, 2021, prohibits healthcare providers, health IT developers of certified health IT, and HIEs/HINs from engaging in practices that are likely to interfere with, prevent, materially discourage, or otherwise inhibit the access, exchange or use of electronic health information, or EHI, also known as “information blocking.” To further support access and exchange of EHI, the ONC rule identifies eight “reasonable and necessary activities” as exceptions to information blocking activities, as long as specific conditions are met. Any failure to comply with these rules could have a material adverse effect on our business, results of operations and financial condition.
Actual or perceived failures to comply with applicable data protection, privacy and security, advertising and consumer protection laws, regulations, standards and other requirements could adversely affect our business, financial condition and results of operations.
We and the TOI PCs collect, receive, generate, use, process, and store significant and increasing volumes of sensitive information, such as employee, individually identifiable health information and other personally identifiable information. We and the TOI PCs are subject to a variety of federal and state laws and regulations, as well as contractual obligations, relating to the collection, use, storage, retention, security, disclosure, transfer, return, destruction and other processing of personal information, including health-related information. Enforcement actions and consequences for noncompliance with such laws, directives and regulations are rising, and the regulatory framework for privacy, data protection and data transfers is complex and rapidly evolving and is likely to remain uncertain for the foreseeable future.
In the United States, numerous such federal and state laws and regulations, including data breach notification laws, health information privacy laws, and consumer protection laws and regulations, including those that govern the collection, use, disclosure, and protection of health-related and other personal information, could apply to our operations or the operations of the TOI PCs. For