AMN 2017 Annual Report

11 health information in the ordinary course of our business. The secure processing, maintenance and transmission of this information is critical to our operations. Despite our security measures and business controls, our information technology and infrastructure, including the third party SaaS-based technology in which we store personally identifiable information and other sensitive information of our healthcare professionals and employees, may be vulnerable to attacks by hackers, breached due to employee error, malfeasance or other disruptions or subject to the inadvertent or intentional unauthorized release of information. Any such occurrence could compromise our networks and the information stored thereon could be accessed, publicly disclosed, lost or stolen. Any such access, disclosure or other loss of information could (1) result in legal claims or proceedings, liability under laws that protect the privacy of personal information and regulatory penalties, (2) disrupt our operations and the services we provide to our clients and (3) damage our reputation, any of which could adversely affect our profitability, revenue and competitive position. Additionally, the possession and use of personal information and data in conducting our business subjects us to legislative and regulatory burdens in the United States and other countries. We may be required to incur significant costs to comply with mandatory privacy and security standards and protocols imposed by law, regulation, industry standards or contractual obligations with our clients. Risk Factors Related to Our Operations, Personnel and Information Systems Our inability to implement new infrastructure and technology systems and technology disruptions may adversely affect our operating results and ability to manage our business effectively. We have technology, operations and human capital infrastructures to support our existing business. Our ability to deliver services to our clients and to manage our commercial technologies, internal systems and data depends largely upon our access to and the performance of our management information and communications systems, including our VMS, client relationship management systems and client/healthcare professional-facing self-service websites. These technology systems also maintain accounting and financial information upon which we depend to fulfill our financial reporting obligations. We must continue to invest in this infrastructure and we have embarked on a multi-year plan to upgrade and convert our infrastructure, back office and front office network platforms to support our growth, enhance our management and utilization of data and improve our efficiency. Implementing new systems is costly and involves risks inherent in the conversion to a new technology platform, including loss of information, disruption to our normal operations, changes in accounting procedures and internal control over financial reporting, as well as problems achieving accuracy in the conversion of electronic data. Failure to properly or adequately address these issues could result in increased costs, the diversion of management’s and employees’ attention and resources and could materially adversely affect our operating results, internal controls over financial reporting and ability to manage our business effectively. Furthermore, if we are unable to continue to improve our technology and operations processes to gain efficiency and support our growth, our financial results will be adversely affected. Although we have risk mitigation measures, these systems, and our access to these systems, are not impervious to floods, fire, storms, or other natural disasters, or service interruptions. There also is a potential for intentional and deliberate attacks to our systems, which may lead to service interruptions, data corruption or data theft. Additionally, these systems are subject to other non-environmental risks, including technological obsolescence and lack of strategic alignment with our evolving business. If our current or planned systems do not adequately support our operations, are damaged or disrupted or if we are unable to replace, repair, maintain or expand them, it may adversely affect our business operations and our profitability. Disruption to or failures of our SaaS-based technology or our inability to adequately protect our intellectual property rights with respect to such technology could reduce client satisfaction, harm our reputation and negatively affect our business. The performance, reliability and security of the SaaS-based technologies, such as ShiftWise, Medefis and Avantas Smart Square, are critical to such offerings’ operations, reputation and ability to attract new clients. Some of our clients rely on our SaaS-based technology to perform certain of their operational functions. Accordingly, any degradation, errors, defects, disruptions or other performance problems with our SaaS-based technology could damage our or our clients’ operations and reputations and negatively affect our business. We are converting to new instances of our vendor management system technologies with the platform conversion heightening our risk of business disruption. If any of these problems occur, our clients may, among other things, terminate their agreements with us or make indemnification or other claims against us, which may also negatively affect us. Additionally, if we fail to protect our intellectual property rights adequately with respect to our SaaS-based technology, our competitors might gain access to it, and our business might be harmed. Moreover, any of our intellectual property rights protecting our SaaS-based technology, including our newly developed vendor management platforms, may be challenged by others or invalidated through litigation, and defending our intellectual property rights might also entail significant expense.