|INTUITIVE SURGICAL INC filed this Form 10-K on 02/02/2018|
|<< Previous Page | Next Page >>|
and adversely affect our financial condition, results of operations, cash flows, and the timeliness with which we report our internal and external operating results.
Our business requires us to use and store customer, employee, and business partner personally identifiable information (“PII”). This may include names, addresses, phone numbers, email addresses, contact preferences, tax identification numbers, and payment account information. We require user names and passwords in order to access our information technology systems. We also use encryption and authentication technologies to secure the transmission and storage of data. These security measures may be compromised as a result of security breaches by unauthorized persons, employee error, malfeasance, faulty password management, or other irregularity, and result in persons obtaining unauthorized access to our data or accounts. Third parties may attempt to fraudulently induce employees or customers into disclosing user names, passwords, or other sensitive information, which may in turn be used to access our information technology systems. For example, our employees have received “phishing” emails and phone calls attempting to induce them to divulge passwords and other sensitive information.
In addition, unauthorized persons may attempt to hack into our products or systems to obtain personal data relating to patients or employees, our confidential or proprietary information or confidential information we hold on behalf of third parties. If the unauthorized persons successfully hack into or interfere with our connected products or services, they may create issues with product functionality that could pose a risk of loss of data, a risk to patient safety, and a risk of product recall or field activity. We have programs in place to detect, contain, and respond to data security incidents, and we make ongoing improvements to our information-sharing products in order to minimize vulnerabilities, in accordance with industry and regulatory standards. However, because the techniques used to obtain unauthorized access to or sabotage systems change frequently and may be difficult to detect, we may not be able to anticipate and prevent these intrusions or mitigate them when and if they occur.
We also rely on external vendors to supply and/or support certain aspects of our information technology systems. The systems of these external vendors may contain defects in design or manufacture or other problems that could unexpectedly compromise information security of our own systems, and we are dependent on these third parties to deploy appropriate security programs to protect their systems.
While we devote significant resources to network security, data encryption, and other security measures to protect our systems and data, these security measures cannot provide absolute security. We may experience a breach of our systems and may be unable to protect sensitive data. The costs to us to eliminate or alleviate network security problems, bugs, viruses, worms, malicious software programs, and security vulnerabilities could be significant. Our efforts to address these problems may not be successful and could result in unexpected interruptions, delays, cessation of service, and harm to our business operations. Moreover, if a computer security breach affects our systems or results in the unauthorized release of PII, our reputation and brand could be materially damaged and use of our products and services could decrease. We would also be exposed to a risk of loss or litigation and potential liability, which could have a material adverse impact on our business, financial condition, results of operations, or cash flows.
RISKS RELATING TO OUR REGULATORY ENVIRONMENT
CHANGES IN HEALTHCARE LEGISLATION AND POLICY MAY HAVE A MATERIAL ADVERSE EFFECT ON OUR FINANCIAL CONDITION AND RESULTS OF OPERATIONS.
In the U.S., there have been and continue to be a number of legislative initiatives to contain healthcare costs. In March 2010, the PPACA was enacted, which made changes that have impacted and are expected to significantly impact the pharmaceutical and medical device industries.
The PPACA contained a number of provisions designed to generate the revenues necessary to fund health insurance coverage expansions among other things. This includes fees or taxes on certain health-related industries, including medical device manufacturers. For sales between January 1, 2013, and December 31, 2015, medical device manufacturers were required to pay an excise tax (or sales tax) of 2.3% of certain U.S. medical device revenues. Though there were some exceptions to the excise tax, this excise tax did apply to all or most of our products sold within the U.S. In December 2015, the former U.S. President signed into law the Appropriations Act. The Appropriations Act included a two-year moratorium on the medical device excise tax such that medical device revenues in 2016 and 2017 were exempt from the excise tax. New legislation was passed in January 2018 such that MDET will be delayed until January 1, 2020.
The PPACA also implemented a number of Medicare payment system reforms including a national pilot program on payment bundling to encourage hospitals, physicians, and other providers to improve the coordination, quality, and efficiency of certain healthcare services through bundled payment models, and appropriated funding for comparative effectiveness research.
The taxes imposed by the PPACA and the expansion in the government’s role in the U.S. healthcare industry may result in decreased profits to us, lower reimbursement by payors for our products, and/or reduced medical procedure volumes, all of which may have a material adverse impact on our business, financial condition, results of operations, or cash flows.
|<< Previous Page | Next Page >>|