Elevance Health Inc.: 10-K Risk Factor Changes

We provide pharmacy services and are responsible to regulators, our members and customers for the delivery of those pharmacy services that we contract to provide. Our pharmacy services business is subject to the risks inherent in the dispensing, packaging, fulfillment and distribution of pharmaceuticals and other healthcare products, including exposure to liabilities and reputational harm related to clinical quality, patient safety, infusion center operations, and other risks inherent in the dispensing, packaging and distribution of drugs, and other operational errors by us or our pharmacy services suppliers. Any failure by us or one of our pharmacy services suppliers to adhere to the laws and regulations applicable to the dispensing of pharmaceuticals could subject our pharmacy services business to civil and criminal penalties. Our pharmacy services business is subject to federal and state laws and regulations that govern its relationships with pharmaceutical manufacturers, physicians, pharmacies and customers, including without limitation, federal and state anti-kickback laws, beneficiary inducement laws, consumer protection laws, ERISA, HIPAA and laws related to the operation of mail-service pharmacies, as well as an increasing number of licensure, registration and other laws and accreditation standards that impact the business practices of a pharmacy services business. In addition, the pharmacy services business, which conducts business through home delivery, infusion and specialty pharmacies, is subject to federal and state laws and regulations, including those of state boards of pharmacy, individual state-controlled substance authorities, the U.S. Drug Enforcement Agency and the U.S. Food and Drug Administration. Growth of our home delivery, specialty pharmacy and infusion services businesses subjects us to an increase in licensure requirements, and to regulatory and operational risks as our pharmacy services business becomes more vertically integrated. Also, we and our third-party vendors may be subject to certain registration requirements and state and federal laws related to the practice of pharmacy. Noncompliance with applicable laws and regulations by us or our third-party vendors could have material adverse effects on our business, results of operations, financial condition, liquidity and reputation. Federal and state legislatures and regulators also regularly consider new laws and regulations and changes to existing regulations and policies for the industry that could materially affect current industry practices and our business. These new and changing laws and regulations include the regulation that was issued by HHS in November 2020 (but delayed to 2032 by the Inflation Reduction Act) related to drug manufacturer rebates, Medicaid spread pricing contract arrangements, the pricing of pharmaceuticals, the 2021 Appropriations Act provisions on drug price reporting and potential new regulations or legislation regarding commercial spread pricing, rebates, fees from pharmaceutical companies, the development and use of formularies and other utilization management tools, pharmacy benefit manager compensation, the use of average wholesale prices or other pricing benchmarks, pricing for specialty pharmaceuticals, limited access to networks, prohibitions on pharmacy steering and pharmacy network reimbursement methodologies, and reporting requirements, as well as greater state regulation of pharmacy benefit managers and state involvement in the self-insured and Medicare Part D markets, which are typically preempted by federal law. Further, various government agencies have conducted and continue to conduct investigations and studies into certain pharmacy services practices, which have resulted and may in the future result in pharmacy benefit managers agreeing to civil penalties, including the payment of money and entry into corporate integrity agreements, or could materially and adversely impact the pharmacy services business model. These changes in legislation within the prescription drug industry and pharmacy benefit management practices have both short-term and long-term impacts that could have a material adverse effect on our business and results of operations.

We provide pharmacy services and are responsible to regulators and our customers for the delivery of those pharmacy services that we contract to provide. Our pharmacy services business is subject to the risks inherent in the dispensing, packaging, fulfillment and distribution of pharmaceuticals and other healthcare products, including exposure to liabilities and reputational harm related to purported dispensing and other operational errors by us or our pharmacy services suppliers. Any failure by us or one of our pharmacy services suppliers to adhere to the laws and regulations applicable to the dispensing of pharmaceuticals could subject our pharmacy services business to civil and criminal penalties. Our pharmacy services business is subject to federal and state laws and regulations that govern its relationships with pharmaceutical manufacturers, physicians, pharmacies and customers, including without limitation, federal and state anti-kickback laws, beneficiary inducement laws, consumer protection laws, ERISA, HIPAA and laws related to the operation of mail-service pharmacies, as well as an increasing number of licensure, registration and other laws and accreditation standards that impact the business practices of a pharmacy services business. In addition, the pharmacy services business, which conducts business through home delivery and specialty pharmacies, is subject to federal and state laws and regulations, including those of state boards of pharmacy, individual state-controlled substance authorities, the U.S. Drug Enforcement Agency and the U.S. Food and Drug Administration. Growth of our home delivery and specialty pharmacy business subjects us to an increase in licensure requirements, and regulatory and operational risks as our pharmacy services business becomes more vertically integrated. Also, we and our third-party vendors may be subject to certain registration requirements and state and federal laws related to the practice of pharmacy. Noncompliance with applicable laws and regulations by us or our third-party vendors could have material adverse effects on our business, results of operations, financial condition, liquidity and reputation. Federal and state legislatures and regulators also regularly consider new laws and regulations and changes to existing regulations and policies for the industry that could materially affect current industry practices and our business, including the regulation implemented by HHS in November 2020 related to drug manufacturer rebates, spread pricing contract arrangements, the pricing of pharmaceuticals, the 2021 Appropriations Act and potential new regulations regarding rebates, fees from pharmaceutical companies, the development and use of formularies and other utilization management tools, the use -32- -32- -32- of average wholesale prices or other pricing benchmarks, pricing for specialty pharmaceuticals, limited access to networks and pharmacy network reimbursement methodologies and reporting requirements. Recent case law, such as the 2020 U.S. Supreme Court reinstatement of an Arkansas law regulating PBMs, as well as industry publications like the 2021 NAIC white paper on the topic, may increase and impact greater state regulation of PBMs. Further, various government agencies have conducted and continue to conduct investigations and studies into certain pharmacy services practices, which have resulted and may in the future result in PBMs agreeing to civil penalties, including the payment of money and entry into corporate integrity agreements, or could materially and adversely impact the pharmacy services business model.

Our profitability depends on accurately predicting and pricing for healthcare costs. Profitability is also dependent on our ability to manage future healthcare costs through medical management, product design, negotiation of favorable provider contracts and underwriting criteria. Total healthcare costs are affected by the type, number and unit cost of individual services rendered. Numerous factors affecting healthcare costs may adversely affect our ability to predict and manage such costs, and may impact our business, cash flows, financial condition and results of operations. These factors include, among others: changes in healthcare practices; healthcare utilization patterns; demographic characteristics including the aging population; previously uninsured members entering the healthcare system; short and long-term risks associated with our members' lifestyle decisions; medical cost inflation; increased labor costs; provider and member fraud; evolution of new technologies, drugs and treatments; increased cost of individual services; increased number and cost of prescription drugs; direct-to-consumer marketing by drug manufacturers; clusters of high cost cases; increased use of services, including resulting from pandemics, large-scale medical emergencies, increasing natural -23- -23- -23- disasters in connection with climate change, geopolitical instability and other public health crises; and new mandated benefits and treatment guidelines and changes to other regulations impacting our business. Our estimates of future benefit cost projections involve extensive judgment and are subject to considerable inherent variability. Slight differences between our predicted and actual medical costs or utilization rates as a percentage of premium revenues can result in significant changes in our results of operations. Generally, our premiums on commercial policies and Medicaid contracts are fixed for a 12-month period and are determined based on data from several months prior to the commencement of the premium period. Our revenue from Medicare policies is based on bids submitted to CMS six months prior to the start of the contract year. CMS has explicit gain and loss margin requirements within the bids, as well as contract-specific federal MLR annual requirements. Accordingly, the costs we incur in excess of our benefit cost projections cannot be recovered in the contract year through higher premiums. Existing Medicaid contract rates are often established by the applicable state, and our actual costs may exceed those rates. Many factors, including those discussed above, have caused, and may in the future cause, actual costs to exceed those estimated and reflected in our commercial premiums and Medicare and Medicaid bids. We participate in the Public Exchange in many of the states where we offer Medicaid health plans. The Public Exchange markets in general are highly volatile and unpredictable from year to year. We develop each state's Public Exchange market premium rates during the spring of each year for policies effective in the following calendar year. Legislation, regulation enforcement activity and judicial decisions that cause the Public Exchange to operate in a manner different than we projected in setting premium rates, including the potential expiration of enhanced PTCs at the end of 2025, could affect our results. In addition, any variation from our cost expectations regarding acuity, enrollment levels, adverse selection, or other assumptions utilized in setting premium rates, could have a material adverse effect on our results of operations, financial position, and cash flows. Although federal and state premium and risk adjustment mechanisms could help offset health benefit costs above our projections if the assumptions we use to set our premium rates are significantly different than actual results, our results of operations and financial condition could still be adversely affected. The reserves that we establish for health insurance policy benefits and other contractual rights and benefits are based on assumptions concerning a number of factors, including trends in healthcare costs, expenses, general economic conditions and other factors. To the extent the actual claims experience is unfavorable compared to our underlying assumptions, our incurred losses would increase, and future earnings could be adversely affected. Further, if we are unable to provide higher quality outcomes and better experiences through the development and expansion of our value-based care products at lower costs or to integrate our care delivery model, our results of operations, financial position and cash flows may be adversely impacted. Pharmaceutical products and services are a significant component of our healthcare costs. Evolving regulations and state and federal mandates regarding coverage may impact the ability of our health plans to continue to receive existing price discounts on pharmaceutical products for our members. Other factors affecting our pharmaceutical costs include, but are not limited to, existing prices, geographical variation in utilization of new FDA-approved pharmaceuticals and new FDA-approved indications for existing pharmaceuticals, and changes in discounts. In addition to the challenge of managing healthcare costs, we face pressure to contain premium rates. Our customers may renegotiate their contracts to seek to contain their costs or may move to a competitor to obtain more favorable premiums. Public Exchange plan selection by our customers is also highly price sensitive. Further, federal and state regulatory agencies may restrict or prevent entirely our ability to implement changes in premium rates. A limitation on our ability to increase or maintain our premium or reimbursement levels or a significant loss of membership resulting from our need to increase or maintain premium or reimbursement levels could adversely affect our business, cash flows, financial condition and results of operations.

Our profitability depends on accurately predicting and pricing healthcare costs and our ability to manage future healthcare costs through medical management, product design, negotiation of favorable provider contracts and underwriting criteria. Total healthcare costs are affected by the type, number and cost of individual services rendered. Numerous factors affecting healthcare costs may adversely affect our ability to predict and manage healthcare costs, and may impact our business, cash flows, financial condition and results of operations. These factors include, among others, changes in healthcare practices, demographic characteristics including the aging population, short and long-term risks associated with our members' lifestyle decisions, medical cost inflation, increased labor costs, evolution of new technologies, drugs and treatments, increased cost of individual services, increased number and cost of prescription drugs, clusters of high cost cases, increased use of services, including resulting from pandemics, large-scale medical emergencies, increasing natural disasters in connection with climate change and other public health crises, new mandated benefits and treatment guidelines and changes to other regulations impacting our business. Slight differences between predicted and actual medical costs or utilization rates as a percentage of premium revenues can result in significant changes in our results of operations. Generally, our premiums on Commercial policies and Medicaid contracts are fixed for a 12-month period and are determined based on data from several months prior to the commencement of the premium period. Our revenue from Medicare policies is based on bids submitted to CMS six months prior to the start of the contract year. CMS has explicit gain and loss margin requirements within the bids, as well as contract-specific federal MLR annual requirements. Accordingly, the costs we incur in excess of our benefit cost projections cannot be recovered in the contract year through higher premiums. Existing Medicaid contract rates are often established by the applicable state, and our actual costs may exceed those rates. Many factors, including those discussed above, may cause actual costs to exceed those estimated and reflected in our Commercial premiums and Medicare and Medicaid bids. Although federal and state premium and risk adjustment mechanisms could help offset health benefit costs above our projections if the assumptions we use to set our premium rates are significantly different than actual results, our results of operations and financial condition could still be adversely affected. The reserves that we establish for health insurance policy benefits and other contractual rights and benefits are based on assumptions concerning a number of factors, including trends in healthcare costs, expenses, general economic conditions and other factors. To the extent the actual claims experience is unfavorable compared to our underlying assumptions, our incurred losses would increase, and future earnings could be adversely affected. In addition to the challenge of managing healthcare costs, we face pressure to contain premium rates. Our customers may renegotiate their contracts to seek to contain their costs or may move to a competitor to obtain more favorable premiums. Further, federal and state regulatory agencies may restrict or prevent entirely our ability to implement changes in premium rates. A limitation on our ability to increase or maintain our premium or reimbursement levels or a significant loss of membership resulting from our need to increase or maintain premium or reimbursement levels could adversely affect our business, cash flows, financial condition and results of operations. We expanded our participation in the Public Exchange markets for 2023 and as a result, offered Individual Public Exchange products in most of the rating regions in which we operate. We further expanded in a limited number of additional counties in 2024. Any variation from our expectations regarding acuity, enrollment levels, adverse selection, or other assumptions utilized in setting premium rates could have a material adverse effect on our results of operations, financial position, and cash flows, and may require further adjustments to our rates and participation in Public Exchanges going forward. -23- -23- -23-

Our business depends significantly on effective information systems, and we have many different information systems for our various businesses, including those that we have acquired as a result of our merger and acquisition activities. Our information systems require an ongoing investment, commitment of significant resources to maintain, integrate, upgrade, enhance and expand existing systems, and development of new systems to keep pace with continuing changes in information processing technology, emerging cybersecurity risks, changing customer preferences, evolving industry and regulatory standards and legal requirements, including as a result of the ACA, the Health Plan Transparency Rule, the 2021 Appropriations Act and federal data interoperability regulations. In addition, we may obtain significant portions of our systems-related or other services from independent third parties (and their vendors), which may make our operations vulnerable if such third parties fail to perform and oversee adequately. Further, unauthorized third parties present additional risk, including by propagating misinformation related to products, business and the health industry. Failure to adequately implement, consolidate, integrate, streamline, maintain and upgrade effective and efficient information systems, including those powered by or incorporating AI, with sufficiently advanced technological capabilities could result in investigations, audits, fines and penalties, competitive and cost disadvantages to us compared to our competitors, contractual damages, and diversion of management’s time, and could have a material adverse effect on our business, financial condition and results of operations. Failure or disruption of our performance of, or our ability to perform, key business functions, including as a result of the unavailability or cyber-attack of our information technology systems or those of third parties (including cloud service providers), could decrease response times, lower levels of service satisfaction and harm our reputation and brand. Our systems interface with and depend on third-party systems, hardware, infrastructure and cloud technologies, and we could experience service denials if demand for such service exceeds capacity, or these systems fail or experience interruption. From time to time, we update, transition, acquire, or expand use of our and third-party information technology systems, which may result in heightened vulnerability. Some third-party systems that are necessary for the operation of our business processes are maintained outside of our control but would impact our business operations if compromised as a result of a cyber-attack. Despite our adoption and continued enhancement of business continuity and disaster recovery strategies, there is no guarantee that such efforts will be effective, which could interrupt the functionality of our information technology systems or those of third parties. Our failure to implement adequate business continuity and disaster recovery strategies could significantly reduce our ability to provide products and services to our customers and members, which could have a material adverse effect on our business and results of operations. In addition, connectivity amongst technologies is becoming increasingly important, with recent trends bringing greater consumer engagement in healthcare; therefore, the pace at which our customers will need enhanced technologies with sophisticated applications for mobile interfaces, including tools and products that leverage AI to improve the customer experience, will quicken. We anticipate that fast-evolving AI technologies will play an increasingly significant role in our information systems and technology products. If the information systems we rely upon to run our business were found to be inaccurate or unreliable or if we fail to adequately maintain, upgrade, enhance, expand and protect our information systems, security controls and data integrity effectively, we could experience problems in determining medical cost estimates and establishing appropriate pricing and reserves, have disputes with customers and providers, lengthen the pace of integration activities or otherwise delay the launch of acquired products, face regulatory problems, including sanctions and penalties, incur increases in operating expenses or suffer other adverse consequences, including a decrease in membership.

Our business depends significantly on effective information systems, and we have many different information systems for our various businesses, including those that we have acquired as a result of our merger and acquisition activities. Our information systems require an ongoing investment, commitment of significant resources to maintain and enhance existing systems, and development of new systems to keep pace with continuing changes in information processing technology, emerging cyber-security risks, changing customer preferences, evolving industry and regulatory standards and legal requirements, including as a result of the ACA, the Health Plan Transparency Rule, the 2021 Appropriations Act and federal data interoperability regulations. In addition, we may obtain significant portions of our systems-related or other services from independent third parties (and their vendors), which may make our operations vulnerable if such third parties fail to perform and oversee adequately. Further, unauthorized third parties present additional risk, including by propagating misinformation related to products, business and the health industry. Failure to adequately implement, consolidate, integrate, streamline, maintain and upgrade effective and efficient information systems with sufficiently advanced technological capabilities could result in investigations, audits, fines and penalties, competitive and cost disadvantages to us compared to our competitors, could divert management’s time, and could have a material adverse effect on our business, financial condition and results of operations. Failure or disruption of our performance of, or our ability to perform, key business functions, including as a result of the unavailability or cyber-attack of our information technology systems or those of third parties (including cloud service providers), could decrease response times, lower levels of service satisfaction and harm our reputation. Our systems interface with and depend on third-party systems and we could experience service denials if demand for such service exceeds capacity, or these systems fail or experience interruption. Despite our adoption and continued enhancement of business continuity and disaster recovery strategies, there is no guarantee that such efforts will be effective, which could interrupt the functionality of our information technology systems or those of third parties. Our failure to implement adequate business continuity and disaster recovery strategies could significantly reduce our ability to provide products and services to our customers and clients, which could have a material adverse effect on our business and results of operations. In addition, connectivity amongst technologies is becoming increasingly important, with recent trends bringing greater consumer engagement in healthcare; therefore, the pace at which our customers will need enhanced technologies with sophisticated applications for mobile interfaces will quicken. If the information systems we rely upon to run our business were found to be inaccurate or unreliable or if we fail to adequately maintain, upgrade, enhance, expand and protect our information systems, security controls and data integrity effectively, we could experience problems in determining medical -28- -28- -28- cost estimates and establishing appropriate pricing and reserves, have disputes with customers and providers, lengthen the pace of integration activities or otherwise delay the launch of acquired products, face regulatory problems, including sanctions and penalties, incur increases in operating expenses or suffer other adverse consequences, including a decrease in membership. Further, as connectivity of technologies advances, artificial intelligence and business processes supported by large language models that are used by businesses and consumers may not operate as expected or may lead to unintentional bias, discrimination and/or data exposure.