HealthStream
Annual Report 2023

Plain-text annual report

Table of Contents UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 FORM 10-K ☒ ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 FOR THE FISCAL YEAR ENDED DECEMBER 31, 2023 OR ☐ TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 FOR THE TRANSITION PERIOD FROM TO Commission File Number 000-27701 HEALTHSTREAM, INC. (Exact name of registrant as specified in its charter) Tennessee (State or other jurisdiction of incorporation or organization) 500 11th Avenue North, Suite 1000 Nashville, Tennessee (Address of principal executive offices) 62-1443555 (I.R.S. Employer Identification No.) 37203 (Zip Code) (615) 301-3100 (Registrant’s telephone number, including area code) Securities Registered Pursuant To Section 12(b) Of The Act: Title of each class Common Stock (Par Value $0.00) Trading Symbol(s) HSTM Name of each exchange on which registered Nasdaq Global Select Market Securities Registered Pursuant To Section 12(g) Of The Act: None Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes ☐ No ☒ Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 of 15(d) of the Act. Yes ☐ No ☒ Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15 (d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ☒ No ☐ Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§ 232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes ☒ No ☐ Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act. Large accelerated filer ☐ Accelerated filer ☒ Non-accelerated filer ☐ Smaller reporting company ☐ Emerging growth company ☐ If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐ Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☒ If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the registrant included in the filing reflect the correction of an error to previously issued financial statements. ☐ Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant’s executive officers during the relevant recovery period pursuant to §240.10D-1(b). ☐ Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Act). Yes ☐ No ☒ The aggregate market value of the Common Stock issued and outstanding and held by non-affiliates of the Registrant, based upon the closing sales price for the Common Stock on the Nasdaq Global Select Market on June 30, 2023 was $596.9 million. All executive officers and directors of the registrant have been deemed, solely for the purpose of the foregoing calculation, to be “affiliates” of the registrant. As of February 19, 2024, there were 30,300,371 shares of the Registrant’s common stock outstanding. DOCUMENTS INCORPORATED BY REFERENCE Portions of the Registrant’s definitive Proxy Statement for its 2024 Annual Meeting of Shareholders are incorporated by reference into Part III hereof. Table of Contents HEALTHSTREAM, INC. TABLE OF CONTENTS ANNUAL REPORT ON FORM 10-K PART I Item 1. Item 1A. Item 1B. Item 1C. Item 2. Item 3. Item 4. PART II Item 5. Item 6. Item 7. Item 7A. Item 8. Item 9. Item 9A. Item 9B. Item 9C. PART III Item 10. Item 11. Item 12. Item 13. Item 14. PART IV Item 15. Item 16. Business. Risk Factors Unresolved Staff Comments Cybersecurity Properties Legal Proceedings Mine Safety Disclosures Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities Reserved Management’s Discussion and Analysis of Financial Condition and Results of Operations Quantitative and Qualitative Disclosures About Market Risk Financial Statements and Supplementary Data Changes in and Disagreements with Accountants on Accounting and Financial Disclosure Controls and Procedures Other Information Disclosure Regarding Foreign Jurisdictions that Prevent Inspections Directors, Executive Officers and Corporate Governance Executive Compensation Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters Certain Relationships and Related Transactions, and Director Independence Principal Accounting Fees and Services Exhibits, Financial Statement Schedules Form 10-K Summary Signatures Page 1 11 24 24 25 25 25 26 28 28 37 38 62 62 63 63 64 64 64 64 64 65 66 67 Table of Contents PART I This Annual Report on Form 10-K contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, Section 21E of the Securities Exchange Act of 1934, and the Private Securities Litigation Reform Act of 1995. Such forward-looking statements include, among others, those statements including the words “expects,” “anticipates,” “intends,” “believes,” “may,” “will,” “should,” “continue,” and similar language or the negative of such terms or other comparable terminology. Forward-looking statements involve known and unknown risks, uncertainties, and other factors that may cause our actual results, performance, or achievements to be materially different from future results, performance, or achievements expressed or implied by the forward-looking statements included herein. Factors that might cause or contribute to such differences include, but are not limited to, those discussed in the section Risk Factors in Item 1A of this Annual Report on Form 10-K and elsewhere in this document. In addition, factors that we are not currently aware of, or that we currently deem immaterial, could harm our future operating results. You should carefully review the risks described in other documents HealthStream files from time to time with the Securities and Exchange Commission. You are cautioned not to place undue reliance on forward- looking statements, which speak only as of the date of this Annual Report on Form 10-K. HealthStream undertakes no obligation to publicly release any revisions to the forward-looking statements to reflect future events or circumstances after the date of this document. Item 1. Business OVERVIEW AND HISTORY HealthStream’s focus is and has always been on improving the quality of healthcare through the development of the dedicated individuals who deliver care. Like healthcare itself, our mission remains constant, but how we accomplish that mission continues to evolve and improve over time. Originally, we pioneered the use of online learning to hospitals, which began with courses specifically tailored to educate healthcare professionals and meet hospitals' required regulatory needs, and we remain a leading innovator in those areas today. Since our inception, the scope of HealthStream’s Software-as-a-Service (SaaS) solutions has expanded well beyond our governance, risk, and compliance (GRC) offerings to include a diverse ecosystem of applications that optimize and support the healthcare workforce and the students preparing to enter that workforce. Today, we are characterized by our single platform strategy, which is designed to create interoperability among the various applications in our ecosystem through our proprietary hStream technology platform. We believe that our single platform strategy, as represented by hStream, is the best way to realize our mission of improving the quality of care by developing the people who deliver care, and the best way to create value for our shareholders in the process. For healthcare organizations—our primary customers—HealthStream’s solutions help to effectively onboard, retain, engage, educate, manage, and develop workforce talent; meet rigorous GRC requirements; optimize staff scheduling and capacity management; and automate the management of medical staff credentialing, privileging, and enrollment. For healthcare professionals and students—our primary end users—HealthStream’s solutions help them to professionally develop their knowledge and skills, manage and fulfill their required continuing education and certifications, manage their schedules, including swapping and filling shifts, engage with peers, provide personalized competency development, and optimize their career pathways. For both healthcare organizations and healthcare professionals and students, HealthStream’s solutions are generally accessed through SaaS application suites that are increasingly enhanced through our hStream technology platform. Our learning, credentialing, and scheduling application suites are designed to help solve the most critical problems facing the healthcare workforce today. They accomplish this by utilizing a combination of established and cutting- edge technologies, such as initiative and workflow management capabilities; proprietary taxonomy engines; dynamic engagement models; artificial intelligence (AI) driven clinical assessments; physical-based simulations; healthcare-specific benchmarks; and automated license monitoring and validation. HealthStream’s success in offering the largest, most diverse ecosystem of workforce solutions in healthcare has made it a thought leader and barometer of innovation for the industry. From its roots in originating online learning for healthcare organizations to the Company's more recent release of "Jane AI," the first AI-driven clinical assessment application, HealthStream continues to believe that the key to quality patient care lies in the people who deliver care. To that end, we are solely dedicated to providing solutions for the healthcare workforce and for those about to enter it. The Company was incorporated in 1990. It began providing its SaaS-based workforce solutions in 1999, its provider solutions in 2012, and launched the hStream technology platform in 2018. Since January 2023, the Company’s operations have been streamlined around a consolidated, enterprise approach such that, beginning January 1, 2023, the Company ceased having two reportable business segments (Workforce Solutions and Provider Solutions). As such, since January 1, 2023, the Company has had a single reportable segment and presents financial information on a single segment basis. HealthStream is headquartered in Nashville, Tennessee and had 1,079 full-time and 13 part-time employees as of December 31, 2023. 1 Table of Contents INDUSTRY BACKGROUND According to the Centers for Medicare & Medicaid Services (CMS), spending in the healthcare industry reached nearly $4.5 trillion in 2022, or 17.3% of the U.S. gross domestic product. The growth in 2022, which was an increase of 4.1% over the prior year, reflected growth in Medicaid and private health insurance spending that was partially offset by continued declines in supplemental funding by the federal government associated with the COVID-19 pandemic. Hospital care expenditures in 2022 accounted for approximately 30% of the $4.5 trillion industry. While hospital spending increased 2.2% in 2022 to reach nearly $1.4 trillion, the rate of increase was slightly lower in 2022 (4.5%) compared to the prior year due to a slower growth in hospital prices and a decline in hospital days and discharges. According to the Bureau of Labor Statistics, as of January 2024, approximately 22 million professionals are employed in the healthcare and social services segment of the domestic economy, with approximately 5.4 million employed in acute-care hospitals and, according to CMS, approximately 5.9 million employed in healthcare organizations throughout the continuum of care, the primary target markets for our products. (Organizations in the continuum of care employ approximately 2.2 million employees in ambulatory centers, approximately 2.8 million employees in post-acute care facilities, and over 0.9 million employees in health & human services facilities.) All of the approximately 5.4 million hospital-based healthcare professionals that work in the nation’s approximately 5,400 inpatient hospitals that are registered with Medicare are required by federal and state mandates and accrediting bodies to complete training in a number of areas. This training includes safety training mandated by both the Occupational Safety and Health Administration (OSHA) and The Joint Commission (an independent, not-for-profit organization that accredits and certifies healthcare organizations and programs in the United States), as well as training on patient information confidentiality required under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). In hospitals, staffing issues and personnel shortages have contributed to the need for more effective and efficient workflows, including scheduling and capacity management as well as credentialing and privileging. Staffing shortages have also increased the need for facility-based workforce development as well as additional assessment and competency-based training. An ongoing nursing shortage, for example, is resulting in skill gaps and rising costs. Employment of registered nurses is projected to grow 6% from 2022 to 2032, faster than the average for all occupations, according to the U.S. Bureau of Labor Statistics. We believe that offering training and education and other engagement solutions for hospital personnel is increasingly being utilized as a retention and recruitment incentive. We also believe that offering training to nursing schools and nursing students can help address personnel shortages and lead to more efficient and effective transition from school to employment. Many healthcare professionals use continuing education to keep abreast of clinical and other industry developments as well as to meet licensing and certification requirements. Continuing education is required for nurses, emergency medical services personnel, first responder personnel, radiologic personnel, and physicians, among many other healthcare professionals. Pharmaceutical and medical device companies must also provide their medical industry sales representatives with training mandated for the healthcare industry and training for new products. Such companies also provide support and content for education and training of audiences that use their products in healthcare organizations. The healthcare education and training industry is highly fragmented, varies significantly in delivery methods (i.e., online products, live events, written materials, and technology-enabled manikins for simulation-based training), and is composed of a wide variety of entities competing for customers. The sheer volume of healthcare information available to satisfy continuing education needs, rapid advances in medical developments, and the time constraints that healthcare professionals face can make it difficult to quickly and efficiently access the continuing education content most relevant to an individual’s practice or profession. Historically, healthcare professionals have received continuing education and training through offline publications, such as medical journals or by attending conferences and seminars. Other healthcare workers and pharmaceutical and medical device manufacturers’ sales and internal regulatory personnel usually fulfill their training from external vendors or internal training departments. While these approaches satisfy the ongoing education and training requirements, they are typically costly and inconvenient. In addition, live courses are often limited in the breadth of offerings and do not provide an automated method for tracking training completion. The effectiveness of these traditional methods, both from a business and compliance standpoint, is difficult to track and measure. Provider data management has become more complex and arduous for healthcare organizations. Spurred by The Joint Commission Medical Staff standards and other regulatory requirements, credentialing and privileging has been transformed from a periodic review to a continuous, evidence-driven analysis of professional competency and provider performance. This transformation requires ongoing, automatic monitoring of licenses, sanctions, and exclusions, as well as expanding the scope of review at initial credentialing and re-credentialing. In addition, provider enrollment processes have compounded in difficulty. For example, a single provider may need to enroll annually with some 30 to 40 payers, with each payer application often taking two to four hours to complete. Healthcare organizations continue to operate under ongoing pressure to reduce costs as a result of actual and potential reductions in reimbursement rates and increased focus on cost containment consistent with participation of patients in managed care programs, among other factors. In addition, many care settings, including hospitals, surgery centers, telehealth companies, outpatient centers, and skilled nursing facilities, may continue to experience rising operating costs, coupled with increased pressure to measure and report on the outcomes of the dollars spent on training. Our products and services are designed to meet these needs by reducing healthcare organizations’ costs of training while improving learning outcomes, enhancing reporting capabilities, and supporting customers’ business objectives. HEALTHSTREAM’S SOLUTIONS HealthStream’s products, services, and operations are organized and managed under our One HealthStream approach. Through this One HealthStream approach, we collectively help healthcare organizations meet their ongoing learning, clinical development, credentialing, and scheduling needs. HealthStream’s solutions are provided to a wide range of customers within the healthcare industry. 2 Table of Contents All of our solutions are powered by our hStream technology platform, which enables activity across HealthStream's diverse ecosystem of solutions. At December 31, 2023, HealthStream had contracts with customers for approximately 5.79 million subscriptions to hStream, compared to 5.54 million subscriptions as of December 31, 2022. Under our One HealthStream approach, the hStream technology platform benefits both customers and partners. Our underlying solutions are comprised primarily of SaaS, subscription-based applications that are used by healthcare organizations to meet a broad range of their workforce development needs around learning, clinical development, credentialing, and scheduling. Nursing schools, nursing students, as well as individual healthcare professionals are also beginning to utilize our training and education solutions. Our numerous content libraries allow customers to subscribe to a wide array of courseware, which includes content from leading healthcare and nursing associations, medical and healthcare publishers, and other content providers. Our scheduling solutions provide customers with real-time visibility into clinical staff scheduling that enables them to optimize their workforce, reduce costs, and improve care. Our flagship credentialing, privileging, and enrollment solution, CredentialStream, provides customers an intuitive, modern user experience with a continual stream of enhancements, evidence-based content, and curated data, all which provides healthcare organizations with tools to support the provider lifecycle management from recruiting, application submission, verification of licensure and other credentials, privileging, appointments by credentialing committees, enrollment, network, management, onboarding, and performance evaluations of providers. Pricing for hStream and HealthStream’s products is primarily subscription-based, with fees based on the number of subscriptions, solutions provided, and other factors. We offer implementation, training, and account management services to facilitate adoption of our subscription-based solutions. Fees for implementation services are based on the time and efforts of the personnel involved. Training fees vary based on the size, scope, and complexity of the project. Our platform and subscription-based solutions are hosted on a combination of private-cloud infrastructure and public-cloud infrastructure, leveraging Amazon Web Services and Azure, which allows authorized personnel access to our services through the Internet, thereby eliminating the need for onsite local implementations of installed workforce development products. HealthStream also sells a growing number of products directly to individuals in the healthcare industry and these products are primarily based on per-unit retail price. Other Applications on our Platform — HealthStream offers an array of other applications on our platform, each serving a unique function for healthcare customers. Each application on our platform has its own value. Examples of individual applications that are offered on our platform include applications for performance appraisal, competency management, disclosure management, clinical competency, assessment, development, simulation-based education, clinical rotation and onboarding management, quality management, scheduling, and industry training. BUSINESS ACQUISITIONS As part of our overall growth strategy, we evaluate opportunities for mergers and acquisitions, and since the beginning of 2022, we have completed two acquisitions. In May 2022, we acquired the remaining ownership interest (representing approximately 82% of the outstanding equity interests) of CloudCME, LLC (CloudCME) and in December 2022, we acquired substantially all of the assets of Electronic Education Documentation System (d/b/a eeds) (eeds). For additional information regarding acquisitions, please see Note 8 of the Consolidated Financial Statements and “Management’s Discussion and Analysis of Financial Condition and Results of Operations” in Part II, Item 7 of this Form 10-K. CUSTOMERS We provide our solutions to customers across a broad range of individuals and entities within the healthcare industry, including private, not-for-profit, and government entities, as well as pharmaceutical and medical device companies. More recently, HealthStream has begun to market and sell its solutions to nursing schools and students as well. We derive a substantial portion of our revenues from a relatively small number of customers that are healthcare providers. However, during the year ended December 31, 2023, no single customer accounted for 10% or more of our annual revenue. 3 Table of Contents SALES AND MARKETING We market our products and services primarily through our direct sales teams, who are located throughout the United States. We conduct a variety of marketing programs to promote our products and services, including via our hStream content marketplace, user groups, trade shows, social media, Internet promotion and demonstrations, digital marketing campaigns, public relations, distribution of product-specific literature, direct mail, advertising, and in partnership with third parties. We have marketing teams that are responsible for these initiatives and for working with and supporting our product management and sales teams. OPERATIONS AND TECHNOLOGY We believe our ability to establish and maintain long-term customer relationships, obtain recurring sales, and develop and maintain new and existing products are dependent on the strength of our operations, customer service, product development and maintenance, training, and other support teams. Our operations teams are primarily associated with technical support, customer implementation and training, product management, software development and quality assurance, and other functions. Our services are designed to be reliable, secure, and scalable. Our software is a combination of proprietary and commercially available software and operating systems. We designed the applications that provide our services to allow each component to be independently scaled by adding commercially available hardware and a combination of commercially available and proprietary software components. Our software applications, servers, and network infrastructure that deliver our services are hosted by a combination of third-party data center providers and cloud-based infrastructure. We maintain fully redundant disaster recovery data centers that are located in geographically separate locations. Our technology equipment is maintained in secure, limited access environments, supported by redundant power, environmental conditioning, and network connectivity. For information on our cybersecurity risk management, strategy, and governance, see Item 1C. Cybersecurity. COMPETITION In addition to the competing healthcare education delivery methods in the industry, we also have direct competitors. A number of companies offer competitive learning, scheduling, and credentialing solutions, some of which are focused on multiple industries and some of which are focused on the healthcare industry. We compete with companies such as Cornerstone OnDemand, Ultimate Kronos Group, Oracle, SAP, Infor, and Workday, which provide their services to multiple industries, including healthcare. We also compete with companies that are dedicated to, or have operating units focused on healthcare, such as Relias Learning, RLDatix, Symplr, Verisys, MD-Staff, AMN Healthcare, as well as with an array of smaller companies. We believe our hStream technology platform and the interoperability it has begun to enable provides us a competitive advantage by facilitating education, training, assessment, engagement, scheduling, credentialing, privileging, validation, and development for healthcare professionals through a wide assortment of content, functionality, and applications. We also believe that our hStream platform technology is beginning to accelerate the scope and quality of our products, capability to connect medical staff credentialing with provider enrollment, and innovative new predictive analytics, all of which we believe provide us with a competitive advantage. We believe that the principal competitive factors affecting the marketing of our solutions to the healthcare industry include: • our hStream technology platform, which combines SaaS-based capabilities and certain Platform-as-a-Service (PaaS) capabilities to help capture, track, manage, and report on activities, such as learning, performance, scheduling, credentialing, and privileging across various modalities, and provides interoperability with external systems such as HRIS and other systems utilized by our customers; 4 Table of Contents • • • • • • • • scope and variety of Internet-based solutions available, including, without limitation, learning and education, clinical, GRC, resuscitation, revenue cycle, talent management, scheduling, credentialing, and privileging solutions; our singular focus on the healthcare industry and our deep healthcare expertise; scope and quality of professional services offered, including implementation, benchmarking, and training; competitive pricing, which supports a return on investment to customers; customer service and support; mobility, security, uniqueness, and value of underlying data sets and embedded content; effectiveness of sales and marketing efforts; and company reputation. We believe these factors provide us with the ability to improve the quality of healthcare by developing the people who deliver care. GOVERNMENT REGULATION OF THE INTERNET AND THE HEALTHCARE INDUSTRY Regulation of the Internet and the Privacy and Security of Personal Information We are subject to various legal requirements related to the Internet and the privacy and security of personal information, which legal requirements may change rapidly. The following are areas of law in this regard that are significant to our business: • • • Privacy and Security Laws. Federal, state, and foreign privacy and security laws and regulations restricting the collection, use, retention, deletion, security, disclosure, and other processing of personal information limit our ability to collect information or use and disclose the information in our databases or that we derive from other sources to generate revenues. These laws and regulations are rapidly evolving and could have an adverse effect on our operations. For example, various states have passed privacy laws that impose restrictive requirements on the use and disclosure of personal information, some of which were recently enacted and will be implemented over the course of 2024. Moreover, additional states have been considering similar legislation, and privacy laws have been proposed at the federal level as well. Additionally, we have expanded our business in recent years into new markets and jurisdictions (including foreign jurisdictions), which may subject our business to additional privacy and data protections laws and regulations, such as the Family Educational Rights and Privacy Act (FERPA), the Canadian Personal Information Protection and Electronic Documents Act, the New Zealand Privacy Act 2020, the Australia Privacy Act 1988, and the European Union’s General Data Protection Regulation. Many of the data privacy requirements in foreign jurisdictions are more stringent than those imposed by the U.S. federal and state governments. The significant differences among various privacy and security laws introduces complexity in our compliance efforts. It may be costly to implement measures (such as certain security requirements, contracting terms, assessments, and registrations with authorities) that are designed to comply with new legal requirements, changes to existing legal requirements, or legal requirements in jurisdictions into which we have recently expanded or are planning to expand. The obligations and requirements applicable to companies under these laws and regulations are subject to uncertainty in how they may be interpreted by government authorities and regulators. We may be audited or subject to an investigation by a federal, state, or foreign regulator regarding our compliance with privacy and security laws and regulations. If the Company is determined by a regulator or court to fail to comply with such laws and regulations, the Company may become subject to penalties and the Company’s business and reputation could be negatively impacted. Content Regulation and Artificial Intelligence. Both foreign and domestic governments have adopted and proposed laws and regulations governing content and materials transmitted over the Internet. These include laws relating to obscenity, indecency, libel, and defamation. We could be liable if content created, stored, or delivered by us is determined to be in violation of these laws and regulations. In addition, various jurisdictions (both in the U.S. and in foreign jurisdictions) have enacted and/or are considering laws and regulations applicable to the use of artificial intelligence and machine learning applications and tools, particularly on the use of artificial intelligence to facilitate healthcare, education, employment, or hiring decisions. Information Security Accountability Regulation. As a HIPAA business associate of certain of our customers, we are required to report certain breaches of protected health information to our customers, who must in turn notify affected individuals, the U.S. Department of Health and Human Services (HHS) and/or other governmental agencies, and, in certain situations, the media. In addition, we are subject to various foreign and state laws and regulations that relate to data security, some of which require reporting of security breaches. For example, California law requires notification of security breaches involving personal information and medical information. We may incur costs to comply with these notification requirements that are difficult to estimate. 5 Table of Contents • Sales and Use Tax. We collect sales, use, or other taxes on taxable transactions in states and foreign jurisdictions in which we have employees, have a significant level of sales activity, or otherwise determine that such collection is appropriate. While HealthStream believes that this approach is appropriate, other states or foreign jurisdictions may seek to impose tax collection obligations on companies like us that engage in online commerce. If they do, these obligations could limit the growth of electronic commerce in general and adversely impact our business. Laws and regulations directly applicable to content regulation, e-commerce, Internet communications, the privacy and security of personal information, and artificial intelligence are becoming more prevalent and/or broader in scope. The dynamic nature of this regulatory environment increases the uncertainty regarding the marketplace impact of such regulation. New or changes to existing laws or regulations may increase our cost of conducting business or otherwise harm our business, financial condition, and operating results. Regulation of Education, Training, and Other Services for Healthcare Professionals and Students Occupational Safety and Health Administration. OSHA regulations require certain employers to provide training to certain employees to minimize the risk of injury from various potential workplace hazards. Employers in the healthcare industry may be required to provide training with respect to various topics, including, but not limited to, blood borne pathogens exposure control, laboratory safety, and tuberculosis infection control. OSHA regulations further require employers to keep records of their employees’ completion of training with respect to these workplace hazards, as applicable. The Joint Commission. The Joint Commission accreditation and certification standards require employers in the healthcare industry to provide certain workplace safety and patient interaction training to employees. Training required by The Joint Commission may include programs on infection control, patient bill of rights, radiation safety, and incident reporting. Healthcare organizations are required to provide and document training on these topics to receive accreditation from The Joint Commission. In addition, The Joint Commission imposes continuing education requirements on physicians that relate to each physician’s specific staff appointments. HIPAA. HIPAA and its implementing regulations restrict how certain organizations (known as covered entities), including most healthcare providers and health plans, use and disclose protected health information. HIPAA requires these organizations to provide reasonable and appropriate safeguards to protect the privacy, integrity, and confidentiality of protected health information, whether in paper, oral, or electronic form. Covered entities are required to establish, maintain, and provide training with regard to their policies and procedures for protecting the integrity and confidentiality of protected health information and must document training on these topics to support their compliance. Certain HIPAA privacy and security requirements apply to entities (known as business associates) that handle protected health information on behalf of covered entities or other business associates. Covered entities, business associates, and their subcontractors may be directly subject to criminal and civil sanctions for violations of HIPAA privacy and security standards. FERPA. FERPA and its implementing regulations prohibit institutions of higher learning that receive funds through an applicable program of the U.S. Department of Education, such as nursing schools, from disclosing personally identifiable information from a student’s record without the student’s consent. Third parties acting on behalf of an educational institution are indirectly subject to FERPA and, as such, may not transfer or otherwise disclose any personally identifiable information from a student’s record to another party other than as permitted by FERPA. Institutions and organizations subject to FERPA may be subject to an enforcement action by the U.S. Department of Education, which may include, among other things, financial penalties. The American Nurses Credentialing Center (ANCC). ANCC, a subsidiary of the American Nurses Association (ANA), provides individuals and organizations throughout the nursing profession with resources intended to assist with achieving practice excellence. ANCC’s credentialing programs certify nurses in specialty practice areas; recognize healthcare organizations for promoting safe, positive work environments through the Magnet Recognition Program® and the Pathway to Excellence® Program; and accredit providers of continuing nursing education. ANCC maintains seventeen certification exams to validate nurses’ skills, knowledge, and abilities. The ANCC Magnet Recognition Program recognizes healthcare organizations that provide the best in nursing care and professionalism in nursing practice. The program also provides a vehicle for disseminating best practices and strategies among nursing systems. The ANCC Magnet Recognition Program is a highly regarded standard for nursing excellence. The Pathway to Excellence Program recognizes the essential elements of a high standard nursing practice environment. The designation is earned by healthcare organizations that create work environments where nurses can develop professionally. The award substantiates the professional satisfaction of nurses and identifies best places to work. Continuing Nursing Education (CNE). State nurse practice laws generally authorize a state’s board of nursing to establish CNE requirements for professional nurses to maintain valid licensure. CNE requirements vary widely from state to state, with reporting generally required on a bi-annual basis. In some states, the CNE requirement only applies to re-licensure of advance practice nurses, while in other states, additional CNEs may be required of this category of nurses. Board certifications (e.g., Certified Nurse Operating Room (CNOR) – certification of perioperative nursing) also require CNE hours/credits, with certain percentages required in specific categories based on the certification type. Failure to obtain the requisite CNE could result in non-renewal of the license or certification. The ANCC Commission on Accreditation is responsible for accrediting or approving organizations to award ANCC nursing continuing professional development (NCPD) credit (contact hours) to activities for a national audience of nurses. State boards of nursing approve individual CNE activities or continuing education providers that offer CNE activities primarily for nurses within the state. ANCC NCPD credit for online activities is accepted by all state boards of nursing within the United States and each of its territories. Our HealthStream CNE Provider Unit is accredited as a provider of NCPD by ANCC. We are also approved by the California Board of Registered Nursing and the Florida Board of Nursing. 6 Table of Contents Continuing Medical Education (CME). State licensing boards, professional organizations, and employers require physicians to certify that they have accumulated a minimum number of CME hours to maintain their licenses. Generally, each state’s medical practice laws authorize the state’s board of medicine to establish and track CME requirements. Medical licensing boards in most U.S. states and territories currently have CME requirements, and certain state medical societies and practice specialty boards also require CME. The failure to obtain the requisite amount and type of CME could result in non-renewal of the physician’s license to practice medicine and/or membership in a medical or practice specialty society. The American Medical Association (AMA) classifies CME activities as either Category 1, which includes formal CME activities, or Category 2, which includes self-designated credit for informal activities that meet certain requirements. Most boards of medical examiners nationwide that require CME participation specify AMA PRA Category 1 Credit. Only institutions and organizations accredited to provide CME can designate an activity for AMA PRA Category 1 Credit. The Accreditation Council for Continuing Medical Education (ACCME) is responsible for awarding accreditation status to state medical societies, medical schools, and other institutions and organizations that provide CME activities, typically for a national audience of physicians. State medical societies, operating under the aegis of the ACCME, accredit institutions and organizations that provide CME activities primarily for physicians within the state or bordering states. We are recognized as an accredited provider of CME for physicians by the ACCME. Centers for Medicare & Medicaid Services (CMS). The CMS National Quality Strategy is focused on ensuring that all persons receive equitable, high- quality, and value-based care, with an emphasis on shaping a health care system that incorporates quality and safety as foundational components to delivering value as part of the overall care journey. The goals of the initiative include: embedding quality into the care journey; advancing health equity; promoting safety; embracing the digital age; ensuring resilience to adapt to future challenges and emergencies; incentivizing innovation and technology; and increasing alignment across CMS, its partners, and stakeholders. Value-based purchasing (VBP), which links payment more directly to the quality of care provided, is a strategy that aims to transform the current payment system by rewarding providers for delivering high quality, efficient clinical care. Through a number of public reporting programs, demonstration projects, pilot programs, and other initiatives, some voluntary and some mandatory, CMS has launched VBP initiatives in various settings, including hospitals, physician offices, nursing homes, home health services, and dialysis facilities. Through its “Meaningful Measures” initiative, CMS identifies priorities for quality measurement and improvement. The framework is intended to improve patient outcomes while also reducing burdens on providers. Interoperability Initiatives. CMS interoperability programs encourage eligible professionals, eligible hospitals, and critical access hospitals to adopt electronic health record (EHR) technology by imposing payment reductions for failure to demonstrate meaningful use of certified EHR technology. Providers that meaningfully use an EHR system may reap benefits such as reduction in errors, availability of records and data, reminders and alerts, clinical decision support, and e-prescribing/refill automation. Further, the 21st Century Cures Act and implementing regulations promote interoperability and the exchange of patient health information through a number of requirements including a ban on information blocking by healthcare providers, health IT developers, and certain other entities. Information blocking is generally defined as engaging in activities that are likely to interfere with the access, exchange, or use of electronic health information, subject to limited exceptions. Allied Disciplines. Various allied health professionals are required to obtain continuing education to maintain their licenses. For example, emergency medical technician (EMT) personnel may be required to attain a minimum number of continuing education hours per year, all or a portion of which can be fulfilled online. These requirements vary by state and depend on the professional classification of the individual. HealthStream is an organization accredited and/or approved by the Commission on Accreditation for Prehospital Continuing Education (CAPCE) and the Florida Department of Health. Regulation of Educational Program Sponsorship and Support There are a variety of laws and regulations that affect the relationships between our medical device and pharmaceutical customers and the users of our products and services, including the sponsorship and support of educational programs. For example, the Physician Payments Sunshine Act (Sunshine Act) requires manufacturers of drugs, biological devices, and medical devices covered by Medicare, Medicaid, or the Children’s Health Insurance Program to report annually to CMS payments and other transfers of value given by such manufacturers to physicians, certain other healthcare professionals, and teaching hospitals, including educational programs, with limited exceptions. CMS regulations generally require manufacturers to report the recipient’s name, business address, and national provider identifier as well as other information about the payment or transfer of value including the amount, date, form, and nature of what is offered. CMS publishes the information on its Open Payments website. Manufacturers that do not meet the reporting obligations are subject to significant monetary penalties. 7 Table of Contents Further, the Office of Inspector General (OIG) has issued Compliance Program Guidance for Pharmaceutical Manufacturers and for the Durable Medical Equipment, Prosthetics, Orthotics, and Supply Industry (collectively, the Guidelines). The Guidelines address compliance risks raised by the support of continuing educational activities by pharmaceutical and medical device companies. The Guidelines have affected and may continue to affect the type and extent of commercial support we receive for our continuing education activities. The trade associations for the pharmaceutical and medical device industries (PhRMA and AdvaMed, respectively) have also promulgated their own codes of ethics that further restrict the interactions between industry and health care professionals. In addition, the AMA has established its own code of ethics that provides standards of conduct for physicians, addressing professional-self regulation and including a policy regarding Gifts to Physicians from Industry. Some continuing education organizations issue standards applicable to our services. For example, we comply with the ACCME’s Standards for Integrity and Independence in Accredited Continuing Education to ensure that our CME and CNE activities are evidence-based, designed to improve patient care and/or community health, and are free from commercial influence. We follow all standards/criteria/guidelines set-forth by ACCME, ANCC, and other continuing education organizations regarding the regulation of educational program sponsorship and support. The U.S. Food and Drug Administration (FDA) and the Federal Trade Commission (FTC) Current FDA and FTC rules and enforcement actions and regulatory policies, or those that the FDA or the FTC may develop in the future, could have a material adverse effect on our ability to provide existing or future applications or services to our end users or obtain the necessary corporate sponsorship to do so. The FDA and the FTC regulate the form, content, and dissemination of labeling, advertising, and promotional materials, including direct-to- consumer prescription drug and medical device advertising, prepared by, or for, pharmaceutical, biotechnology, or medical device companies. The FTC regulates over-the-counter drug advertising and, in some cases, medical device advertising. Generally, regulated companies must limit their advertising and promotional materials to discussions of the FDA-approved indications. Therefore, any information that promotes the use of pharmaceutical or medical device products that is presented with our services is subject to the FDA and FTC requirements and regulatory oversight including criminal, civil, and administrative actions. We believe that banner advertisements, sponsorship links, and any educational programs we may present with our services, even if we lack independent editorial control over it, could be subject to FDA or FTC regulation. While the FDA and the FTC place the principal burden of compliance with advertising and promotional regulations on the advertiser, if the FDA or FTC finds that any regulated information presented with our services violates FDA or FTC regulations, they may take regulatory action against us or the advertiser or sponsor of that information. In addition, the FDA may adopt new regulatory policies that more tightly regulate the format and content of promotional information on the Internet. ENVIRONMENTAL MATTERS We are subject to a number of federal, state, and local environmental laws, rules, and regulations. In addition, we could be affected by climate change to the extent that climate change results in severe weather conditions or other disruptions impacting the communities in which we have office locations and/or where we have network infrastructure or adversely impacts general economic conditions. Moreover, legal requirements regulating greenhouse gas emissions and energy inputs or otherwise associated with the transition to a lower carbon economy could increase in the future, which could increase our costs associated with compliance and otherwise disrupt and adversely affect our operations. At the current time, our compliance with environmental legal requirements, including legal requirements relating to climate change, does not have a material effect on our capital expenditures, financial results, or operations, and we did not incur material capital expenditures with respect to environmental matters during the year ended December 31, 2023. However, it is possible that future environmental-related developments may impact us, including as a result of climate change and/or legal requirements associated with the transition to a lower carbon economy in a manner that we are currently unable to predict. INTELLECTUAL PROPERTY AND OTHER PROPRIETARY RIGHTS To protect our proprietary rights, we rely generally on copyright, trademark, patent, and trade secret laws; confidentiality agreements, contracts, and procedures with employees, consultants and other third parties; contractual provisions in license agreements with consultants, vendors, and customers; and use measures designed to control access to our software, documentation, and other proprietary information. We own federal trademark and service mark registrations for several marks, including, without limitation “HEALTHSTREAM”, “HEALTHSTREAM LEARNING CENTER”, "HSTREAM", "JANE", “HEALTHSTREAM EPORTFOLIO”, and “COMPLYQ”. We also have obtained registration of the “HEALTHSTREAM” mark in certain other countries. Additionally, we hold a number of patents related to the solutions we provide. Applications for several trademarks and patents are currently pending. However, there can be no assurance that we will be successful in obtaining registration of trademarks and patents for which we have applied. The content we license to our customers is developed through a combination of license agreements with publishers and authors, assignments and work-for- hire arrangements with third parties, and development by employees. We require publishers, authors, and other third parties to represent and warrant that their content does not infringe on or misappropriate any third-party intellectual property rights and that they have the right to provide their content and have obtained all third party consents necessary to do so. Our publishers, authors, and other third parties also agree to indemnify us against certain liability we might sustain due to the content they provide. 8 Table of Contents If a third party asserts a claim that we or our third party partners have infringed its patents or other intellectual property right, we may incur costs to defend against that claim, and we may be required to redesign or discontinue products that we currently offer or enter into royalty or licensing agreements, which may result in negative publicity, harm to our reputation, or an adverse effect on our results of operations. In addition, we license technologies from third parties for incorporation into our services. Licensing agreements with these third parties may not be available on terms acceptable to us, if at all. Additionally, despite the steps we have taken to protect our intellectual property and proprietary rights, our efforts may not be adequate. Third parties may infringe or misappropriate our intellectual property, and such violations of our intellectual property are difficult to detect and police. Competitors may also independently develop technologies that are substantially equivalent or superior to the technologies we employ in our products or services. If we are unable to safeguard our proprietary rights adequately, our competitors could offer similar services, potentially significantly harming our competitive position and decreasing our revenues. We hold inbound licenses for certain intellectual property that is used internally, and in some cases, utilized in HealthStream’s products or services. While it may be necessary in the future to seek or renew licenses relating to various aspects of our products and services, we believe, based upon past experience and industry practice, such licenses generally can be obtained on commercially reasonable terms. We believe our operations and products and services are not materially dependent on any single license or other agreement with any third party. AVAILABLE INFORMATION The Company files reports with the SEC, including annual reports on Form 10-K, quarterly reports on Form 10-Q, and other reports from time to time. The SEC maintains an Internet site at http://www.sec.gov that contains the reports, proxy, and other filings made by us electronically. Our website address is www.healthstream.com. Please note that our website address is provided as an inactive textual reference only. We make available, free of charge through our website, our annual report on Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K, all amendments to those reports, and other filings made by us with the SEC, as soon as reasonably practicable after such material is electronically filed with or furnished to the SEC. The information provided on our website is not part of this report and is not incorporated by reference herein. HUMAN CAPITAL RESOURCES As of December 31, 2023, the Company had 1,079 full-time and 13 part-time employees. The Company operates under a hybrid work policy that allows employees to work remotely if they so choose and if the scope of their job duties is suitable for remote work. As of December 31, 2023, approximately 48% of employees worked within a commutable distance from one of the Company's three offices, while the remaining 52% did not. HealthStream’s culture is both exemplified and driven by our Constitution, which is a living document and the lens through which we endeavor to view and shape our actions. Our Constitution is comprised of the Company’s vision statement, values, and business principles. Upon being hired at HealthStream, each employee completes a course on our Constitution, which we view to be an important step in engagement, development, and training of our employees. Our Constitution is available on our website on the Investor Relations page. This and other information on our website is not a part of this Annual Report on Form 10-K and is not incorporated by reference herein. HealthStream is committed to recruiting, maintaining, and growing a diverse, equitable, and inclusive workforce that helps us live our Constitutional values as we strive to achieve positive results for our shareholders, employees, customers, and community. The labor market for personnel, including technical personnel, continues to be competitive. For additional information regarding risks related to the current competitive labor market, see Item 1A. Risk Factors — “We operate in a challenging market for talent and may fail to attract and retain qualified personnel, including key management personnel.” INFORMATION ABOUT OUR EXECUTIVE OFFICERS The following is a brief summary of the business experience of each of the executive officers of the Company. Executive officers of the Company are elected by the Board of Directors and serve at the pleasure of the Board of Directors. The following table sets forth certain current information regarding the executive officers of the Company: Name Robert A. Frist, Jr. Michael M. Collier Michael Sousa Scott A. Roberts Jeffrey D. Cunningham Trisha L. Coady M. Scott McQuigg Kevin O’Hara Scott Fenstermacher Age 56 48 55 47 57 48 56 54 55 Position Chief Executive Officer and Chairman of the Board of Directors Executive Vice President, Corporate Strategy and Development Executive Vice President, Enterprise Applications Senior Vice President and Chief Financial Officer Senior Vice President and Chief Technology Officer Senior Vice President, Workforce Development Solutions Senior Vice President, Digital & Network Development Senior Vice President, Platform Solutions Senior Vice President, Sales 9 Table of Contents Robert A. Frist, Jr., one of our co-founders, has served as our chief executive officer and chairman of the board of directors since 1990. Mr. Frist is the company’s chief operating decision maker. He graduated with a Bachelor of Science in Business with concentrations in Finance, Economics, and Marketing from Trinity University. Michael M. Collier joined the Company in August 2011 as vice president and general counsel, began serving as the vice president of business development and general counsel shortly thereafter, was promoted to senior vice president in July 2017, and was promoted to executive vice president, corporate strategy and development in April 2022. From August 2011 through the end of 2022, Mr. Collier also served as the Company’s Corporate Secretary. He graduated with bachelors and masters degrees in Philosophy and Religion from University of Tennessee-Knoxville and earned a Juris Doctorate (J.D.) from University of California, Berkeley – School of Law. Michael Sousa joined the Company in October 2004 and served as senior vice president of sales from January 2010 to June 2014. In June 2014, he was promoted to senior vice president of business development. In February 2015, he was named president of HealthStream’s Provider Solutions business segment, while continuing to serve as a senior vice president of the Company. In February 2023, he was promoted to executive vice president, Enterprise Applications. He earned a Bachelor of Science degree from Boston College and a Master of Business Administration from Boston University. Scott A. Roberts joined the Company in January 2002 and served as vice president of accounting and finance beginning in January 2015, following service in multiple positions to which he was promoted. Thereafter, Mr. Roberts was appointed as interim chief financial officer in February 2019 and was appointed as chief financial officer and senior vice president of the Company in September 2019. He earned a Bachelor of Business Administration degree from Middle Tennessee State University. Jeffrey D. Cunningham joined the Company in July 2017 as senior vice president and chief technology officer. Prior to joining the Company, he founded and served as chief technology officer and chief strategy officer for Informatics Corporation of America for twelve years. He earned a Bachelor of Science in Computer Science from University of North Texas. Trisha L. Coady joined the Company in January 2014 and served as associate vice president and subsequently vice president and general manager of clinical development solutions from June 2015 to November 2018. In November 2018, she was promoted to senior vice president and general manager of clinical solutions. Ms. Coady currently serves as senior vice president of workforce development solutions. She earned a Bachelor of Science in Nursing degree from Université de Moncton. M. Scott McQuigg joined the Company in January 2019 as senior vice president of hStream solutions and then served as general manager of scheduling solutions. Mr. McQuigg currently serves as senior vice president of digital & network development. Prior to joining the Company, he co-founded and served as chief executive officer for GoNoodle for thirteen years. Before this role, he co-founded and served as chief executive officer of HealthLeaders. Kevin O’Hara joined the Company in January 2021 as senior vice president and general manager of platform solutions and currently serves as senior vice president of platform solutions. Prior to joining the Company, he served as chief product officer for Caresyntax for one year and as chief executive officer for Syus, a predecessor entity, for eight years. He earned a Bachelor of Arts in Public Policy Studies and a J.D. from Vanderbilt University. Scott Fenstermacher joined the Company in 2012 and served as vice president of sales beginning in 2017 and was promoted to senior vice president of sales in January 2021. He graduated from University of Pittsburgh with a Bachelor of Arts and a Bachelor of Science. 10 Table of Contents Item 1A. Risk Factors We believe that the risks and uncertainties described below are the material risks facing the Company as of the date of this Annual Report on Form 10-K. Our business, reputation, financial condition, results of operations, and/or prospects could be materially and adversely affected by the occurrence of any of the following risks and uncertainties. The considerations and risks that follow are organized within relevant headings but may be relevant to other headings as well. Additional risks or uncertainties not presently known to us, or that we currently deem immaterial, also may adversely affect our business, reputation, financial condition, results of operations, and prospects. Therefore, the risk factors below should not be considered a complete list of potential risks we may face. The trading price of our common stock could also decline due to the occurrence of any of the following risks, as well as risks and uncertainties not presently known to us, or that we currently deem immaterial. Risks Related to Our Business Model Unfavorable conditions in our industry or the U.S. economy, or reductions in information technology spending, could limit our ability to grow our business and negatively affect our operating results. The U.S. has recently experienced negative macroeconomic conditions, including as the result of significant inflationary pressures, elevated interest rate levels, and challenging labor market conditions. Continued global economic uncertainty, political conditions, and fiscal challenges in the U.S. and abroad, such as inflation and potential recessionary conditions, have, among other things, limited our ability to forecast future demand for our products and services, contributed to increased volatility in customer demand, and could constrain future access to capital for ourselves, our suppliers, customers, and partners. In this regard, we have recently experienced, and believe that many of our customers have experienced, increased labor, supply chain, capital, and other expenditures associated with current inflationary pressures. Moreover, these conditions impacting the U.S. economy and our customers in the healthcare industry have adversely affected, and may continue to adversely impact, our business and results of operations. In addition, if current economic conditions in the U.S. significantly deteriorate, any such developments could materially and adversely affect our results of operations, financial position, and/or cash flows. Our operating results may vary based on the impact of changes in our industry or the economy on us or our clients. The revenue growth and potential profitability of our business depends on demand for our solutions by healthcare providers. We sell our products and services to large, mid-sized, and small organizations whose businesses fluctuate based on general economic and business conditions. In addition, a portion of our revenue is attributable to the number of users of our products at each of our clients, which in turn is influenced by the employment and hiring patterns of our clients and potential clients. To the extent that economic uncertainty or weak economic conditions cause our clients and potential clients to freeze or reduce their headcount or operations, demand for our products may be negatively affected. Moreover, prior economic downturns and the current economic circumstances have resulted in overall reductions in spending by some healthcare providers as well as pressure from some clients and potential clients for extended billing terms. If ongoing negative economic conditions persist or deteriorate, our clients and potential clients may elect to decrease their budgets for our solutions by deferring or reconsidering purchases, which would limit our ability to grow our business and negatively affect our operating results. Moreover, other economic, regulatory or other developments that adversely or disproportionately impact the healthcare industry may reduce spending on information technology by healthcare organizations and otherwise adversely affect our customer base. Furthermore, the margins of many healthcare providers are modest, and potential decreases in reimbursement for healthcare costs may reduce the overall solvency of our customers or cause further deterioration in their financial or business condition. These developments could reduce our sales or adversely impact the ability of our customers to pay for our products and services. In addition, any reductions in government health care spending in an effort to reduce the U.S. federal deficit could result in reduced demand for our products or additional pricing pressure. Further, there is ongoing uncertainty regarding the federal budget and federal spending levels, including the possible impacts of a failure to increase the “debt ceiling.” Any U.S. government default on its debt could have broad macroeconomic effects. Moreover, any future shutdown of the federal government or failure to enact annual appropriations could adversely affect our financial results due to the reliance of many of our customers on payments from third-party healthcare payors, including Medicare, Medicaid, and other government-sponsored programs. We may be unable to effectively execute our business strategy which could have an adverse effect on our business and competitive position in the industry. Our business strategy includes increasing our market share and presence through sales to new customers, additional sales to existing customers, introductions of new products and services, participation in our ecosystem, interoperability and integration with our platform, and maintaining strong relationships with our existing customers. Risks that we may encounter in executing our growth strategy include: • • expenses, delays, and difficulties in identifying and developing new products or services and integrating such new products or services into our existing organization; inability to leverage or evolve our customer and partner facing technology platform and applications; 11 Table of Contents • • • • • • • • • • • • • • inability to leverage our operational and financial systems and processes sufficiently to support our growth; inability to generate sufficient revenue from our products to offset investment costs; inability to effectively identify, manage, and benefit from existing and emerging market opportunities; inability to maintain our existing customer relationships; inability to identify, attract, and retain partners; inability to maintain our corporate culture; increased competition from new and existing competitors; lengthy sales cycles, or customers delaying purchasing decisions or payments due to economic conditions; reduced spending by customers within our target markets; the loss of a significant customer, including through acquisitions or consolidations; a negative change in the financial condition or creditworthiness of our customers; failure of the market for our products and services to grow to a sufficient size or at a sufficient rate; negative impact on our customers and our business related to the ongoing impact of the pandemic (or concerns over the possibility of another public health crisis or pandemic); and inability to hire sufficient number of qualified employees to execute and support the growth of the Company. If any of these risks are realized, our business, and our competitive position in the industry, could suffer. In addition, we may be unable to effectively execute on our One HealthStream approach of operating and managing the Company on a consolidated, enterprise basis. Our ability to effectively execute this strategy is dependent upon various factors, including our ability to achieve anticipated operational efficiencies and to effectively implement the operational and management changes associated with this strategy without adversely impacting the services we provide. In the event that we are unable to effectively execute on this strategy or are otherwise adversely affected by our shift to this One HealthStream approach, our business and financial results may be adversely affected. A deterioration of public health conditions associated with COVID-19, a future pandemic, epidemic, or public health event, or a future catastrophic event, could adversely affect our business and financial results. If public health conditions related to COVID-19 significantly worsen, our business and financial results could be adversely impacted. Moreover, conditions related to COVID-19 continue to evolve, and we may not be able to predict or effectively respond to future developments. We face a wide variety of risks related to potential future public health crises, epidemics, pandemics, or similar events, including as a result of the potential impact of any such events on our healthcare customers that could in turn adversely impact us. If a new health epidemic or outbreak were to occur, our business and financial results could be adversely impacted, including in a similar or more extensive manner to how our business was adversely impacted by COVID-19. If any such event were to occur or if public health conditions in the U.S. were to significantly deteriorate, our business and financial results could be adversely affected. Our business could also be adversely impacted by catastrophic events (particularly in areas where we have office locations and/or where we have network infrastructure), such as fires, earthquakes, hurricanes, natural disasters, civil unrest, military conflicts or warfare (such as the war in the Ukraine or the conflict in the Middle East), geographic instability, terrorist attacks, pandemics or other public health emergencies, or the effects of climate change (such as drought, flooding, wildfires, increased storm severity and sea level rise). 12 Table of Contents We may be unable to effectively identify, complete, or integrate the operations of acquisitions, joint ventures, collaborative arrangements, or other strategic investments, which would inhibit our ability to execute upon our growth strategy. As part of our growth strategy, we actively review possible acquisitions, joint ventures, collaborative arrangements, or strategic investments that complement or enhance our business. However, we may be unable to source or complete future acquisitions, joint ventures, collaborative arrangements, or other strategic investments on acceptable terms or at all. In addition, if we finance acquisitions, joint ventures, collaborative arrangements, or other strategic initiatives by issuing equity securities, our existing shareholders may be diluted, which could affect the market price of our stock. As a result, if we fail to properly evaluate and execute acquisitions, joint ventures, collaborative arrangements, or strategic investments, our performance or prospects may be seriously harmed. Risks that we may encounter in implementing our acquisition, joint venture, collaborative arrangement, or strategic investment strategies include: • • • • • • • • • • expenses, delays, or difficulties in identifying and integrating acquired companies or joint venture operations, collaborative arrangements, or other strategic investments into our organization and to otherwise realize expected synergies; the possibility that we may become responsible for substantial contingent or unanticipated liabilities as the result of an acquisition, joint venture, collaborative arrangement, or other strategic investment; inability to retain key personnel associated with acquired companies, joint ventures, collaborative arrangements, or other strategic investments; loss of material customers or contracts and other key business relations associated with acquired companies, joint ventures, collaborative arrangements, or other strategic investments; diversion of management’s attention from other initiatives and/or day-to-day operations to effectively execute our growth strategy; the incorporation of products associated with acquired companies, joint ventures, collaborative arrangements, or other strategic investments into our product lines; the increasing demands on our operational and informational technology systems which may arise from any such acquired companies or joint venture operations, collaborative arrangements, or other strategic investments; potentially insufficient internal controls over financial activities or financial reporting at any such acquired company that could impact us on a consolidated basis; the financial performance of acquired entities, joint ventures, collaborative arrangements, or other strategic investments may have a negative impact on our financial performance; and an inability to generate sufficient revenue, profit, and cash flow from acquisitions, joint ventures, collaborative arrangements, or other strategic investments to offset our investment costs. Moreover, although we conduct what we believe to be a prudent level of investigation regarding the operating, financial, and information security conditions of acquired companies, joint ventures, collaborative arrangements, or other strategic investments, an unavoidable level of risk remains regarding the operating performance, financial condition and potential liabilities of, and the information and cyber security risks associated with, these businesses, and we may not be able to fully assess these risks until a transaction has been completed. In addition, a significant portion of the purchase price of companies we acquire may be allocated to acquired goodwill, which must be assessed for impairment at least annually, or to intangible assets, which are assessed for impairment upon certain triggering events. In the future, if our acquisitions do not yield expected returns, we may be required to take charges to our operating results based on this impairment assessment process, which could harm our operating results. We are subject to risks associated with our equity investments, including partial or complete loss of invested capital, and significant changes in the fair value of these investments could adversely impact our financial results. We have invested in, and may continue to invest in, early-to-late stage companies for strategic reasons and to support key business initiatives, and we may not realize a return on our equity investments. Many such companies generate net losses and the market for their products, services, or technologies may be slow to develop or never materialize. Further, valuations of non-marketable equity investments are inherently complex due to the lack of readily available market data. We may experience additional volatility to our financial results due to changes in market prices of our marketable equity investments, the valuation and timing of observable price changes or impairments of our non-marketable equity investments, including impairments to such investments as a result of current negative macroeconomic conditions, and changes in the proportionate share of earnings and losses or impairment of our equity investments accounted for under the equity method. This volatility could be material to our results in any particular period. 13 Table of Contents Our financial performance may be difficult to predict as the result of lengthy and widely varying sales cycles and other factors. The period from our initial contact with a potential customer and such customer’s first purchase of our solution typically ranges from three to nine months, and in some cases may be significantly longer. Sales of additional solutions to existing customers may also experience sales cycles ranging from three to nine months, or longer. The range in the sales cycle can be impacted by multiple factors, including an increasing trend towards more formal request for proposal processes and more competition within our industry, delays associated with the impact of the pandemic, as well as formal budget timelines which impact timing of purchases by target customers. New products, including those that may compete with or replace our former product offerings, tend to have a longer and more unpredictable revenue ramp period because of varying customer adoption rates. As a result of these factors, our ability to accurately predict the timing and type of initial sales may be limited. Moreover, while the revenue we receive from particular products and services in our subscription business may be predictable during the term of the applicable contract, the performance of our subscription business may become more subject to fluctuations between quarterly periods as our solution offerings are increasingly diversified and become more sophisticated. Certain professional services contracts are subject to the customers’ involvement in the provision of the product or service. The timing and magnitude of these product and service contracts may vary widely from quarter to quarter and year to year, and thus may affect our ability to accurately forecast our financial performance. In addition, some products can require significant implementation lead times and resources and may require a level of change management efforts from our clients, which may also limit our ability to accurately predict our financial performance. Additionally, our ability to accurately predict our financial performance may be further limited as we expand our revenue generating model such that third parties may pay network connection fees based on sales they make. We may not be able to maintain our competitive position against current and potential competitors, especially those with significantly greater financial, technical, marketing, or other resources. Many of our competitors and potential competitors have longer operating histories and significantly greater financial, technical, marketing, or other resources than we do. We encounter direct competition from both large and small companies focused on providing solutions that compete with those we offer. Given the profile and growth of the healthcare industry and the ongoing need for training, simulation, scheduling, credentialing, and other information products and services, it is likely that additional competitors will emerge. Additionally, mergers of or other strategic transactions by our competitors could weaken our competitive position. Moreover, our lack of market diversification resulting from our concentration on the healthcare industry may make us susceptible to losing market share to our competitors who also offer solutions, and in some cases a more robust suite of solutions, to a cross-section of industries. These companies may be able to respond more quickly than we can to new or changing opportunities, technologies, standards, or customer requirements. Additionally, given the evolving nature of technology, our technology enabled offerings may be disrupted by innovative or emerging technologies, such as artificial intelligence, blockchain, Web3, or quantum computing technologies, and such disruption could adversely impact our ability to compete. Further, most of our customer agreements are for terms ranging from one to five years, with no obligation to renew. The terms of these agreements may enable customers to more easily shift to one of our competitors following the expiration of the agreement. Expanding our business model such that third parties may pay network connection fees in exchange for the ability to deliver their products through our technology platform and have them featured as part of our ecosystem may result in unpredictability and/or harm to the operational and financial performance of our business. The Company has expanded its business model by offering third parties the ability to utilize their sales teams to market and sell their third-party products and have such products delivered through the Company’s technology platform, provided such third parties pay a network connectivity fee when such products are sold to customers in our network. Given that these third parties are responsible for their products and the marketing and selling thereof, the Company may not always be able to ensure the operational, financial, or security-related performance or impact of products controlled by a third party. While we have contractual protections with third parties regarding their products, including but not limited to service levels, information security, confidentiality, data rights, and indemnification against certain breaches, these may not be sufficient to ensure the predictability or performance of such products, or potential negative impacts related thereto. The failure to maintain and strengthen our relationships with ecosystem partners or significant changes in the terms of the agreements we have with ecosystem partners may have an adverse impact on our ability to successfully market, sell, and deliver certain product and service offerings. We have entered into contracts with ecosystem partners, including content, application, infrastructure, technology, and retail channel vendors. Our ability to increase the sales of our products and services depends in part upon maintaining and strengthening relationships with these current and future ecosystem partners. Certain ecosystem partners may offer multiple products and services, including, in some instances, products or services which may compete with other products and services we offer. Moreover, under contracts with some of our ecosystem partners, we may be bound by provisions that restrict our ability to market and sell our products and services to certain potential customers. The success of these contractual arrangements will depend in part upon the ecosystem partners’ own competitive, marketing, and strategic considerations, including the relative advantages for such ecosystem partners in using alternative products being developed and marketed by them or our competitors, rather than our products and services. Moreover, most of our agreements with ecosystem partners are for initial terms of three or more years. These partners may choose not to renew their agreements with us or may terminate their agreements early if we do not fulfill our contractual obligations. If our partners terminate or fail to renew their agreements with us on as favorable terms, such as through a reduction in our revenue share arrangement, it could result in a reduction in the number of solutions we are able to distribute, declines in the number of subscribers to our platform, and decreased revenues. Some of our agreements with our ecosystem partners are non-exclusive, and our competitors offer, or could offer, solutions that are similar to or the same as those we offer. If our current partners offer or otherwise make available their products and services to users or our competitors on more favorable terms than those offered to us or increase our license fees, our competitive position, revenue, and our profit margins and prospects could be harmed. 14 Table of Contents We cannot guarantee that we will be able to maintain and strengthen our relationships with ecosystem partners, that we will be successful in effectively integrating or enhancing such partners’ products and technology, including without limitation through our single platform strategy, with, into, or through our own, or that such relationships will be successful in generating additional revenue. If any of these ecosystem partners have negative experiences with our products and services, or seek to amend or terminate the financial or other terms of the contracts or arrangements we have with them, we may need to increase our organizational focus on the types of services and solutions they sell and alter our development, integration, and/or distribution strategies, which may divert our planned efforts and resources from other projects. We could also be subject to claims and liability or related expenses as a result of the activities, products, or services of these ecosystem partners and/or our actual or alleged acts or omissions with regard to these ecosystem partners, which could adversely impact our business. We may not be able to develop new products and services or enhancements to our existing products and services, or be able to achieve widespread acceptance of new products, services, or features, or keep pace with technological developments. Our growth strategy depends in part on our ability to generate revenue growth through sales to new customers as well as increasing sales of additional subscriptions and other products and services to existing customers. Our identification of additional features, content, products, and services may not result in timely development of complementary products. In addition, the success of certain new products and services may be dependent on continued growth in our customer base. Furthermore, we are not able to accurately predict the volume or speed with which existing and new customers may adopt such new products and services. Because healthcare technology continues to evolve and regulatory and industry requirements and standards are subject to change, we may be unable to accurately predict and develop new products, features, content, and other products to address the needs of the healthcare industry. We may not be able to develop such new products, features, content, and other products, in a cost-effective and competitive manner. Further, the new products, services, and enhancements we develop may introduce significant defects into or otherwise negatively impact our technology platform. While all new products and services are subject to testing and quality control, all software and software-based services are subject to errors and malfunctions. If we release new products, services, and/or enhancements with bugs, defects, or errors or that cause bugs, defects, or errors in existing products, it could result in lost revenues and/or reduced ability to meet contractual obligations and would be detrimental to our business and reputation. If new products, features, or content are not accepted or integrated by new or existing customers, we may not be able to recover the cost of this development, and our financial performance may be adversely affected. Continued growth and maintenance of our customer population is dependent on our ability to continue to provide relevant products and services in a timely manner. The success of our business will depend on our ability to continue providing our products and services as well as enhancing our content, product, and service offerings that address the needs of healthcare organizations in a timely manner. We may be unable to continue to license our third-party software, on which a portion of our product and service offerings rely, or we may experience errors in this software, which could adversely impact our business. We use technology components in some of our products that have been licensed from third parties. Future licenses to these technologies may not be available to us on commercially reasonable terms or at all. The loss of or inability to obtain or maintain any of these licenses could result in delays in the introduction of new products and services or could force us to discontinue offering portions of solutions until equivalent technology, if available, is identified, licensed, and integrated. In addition, customers may choose not to renew their agreements with us or to terminate their agreements early if we lose or are unable to maintain licenses to some of our product components. If our customers terminate or fail to renew their agreements with us on as favorable terms, it could result in a reduction in the number of content and solutions we are able to distribute, declines in the number of subscribers to our offerings, and decreased revenues. The operation of our products would be impaired if errors occur in third party technology or content that we incorporate, and we may incur additional costs to repair or replace the defective technology or content. It may be difficult for us to correct any errors in third party products because the products are not within our control. Accordingly, our revenue could decrease, and our costs could increase in the event of any errors in this technology. Furthermore, we may become subject to legal claims related to licensed technology based on product liability, infringement of intellectual property, or other legal theories. Even if these claims do not result in liability to us, investigating and defending these claims could be expensive and time- consuming and could result in suspension of or interference with certain offerings to our clients and/or adverse publicity that could harm our business. Financial Risks A significant portion of our revenue is generated from a relatively small number of customers. We derive a substantial portion of our revenues from a relatively small number of customers. A termination or material modification of our agreements with any of our significant customers or a failure of these customers to renew their contracts on favorable terms, or at all, could have an adverse effect on our business. A significant portion of our business is subject to renewal. Therefore, renewals have a significant impact on our revenue and operating results. For the year ended December 31, 2023, approximately 96% of our net revenue was derived from SaaS-based subscriptions and software licensing agreements. Our product and service contracts typically range from one to five years in length, and customers are not obligated to renew their contract with us after their contract term expires; in fact, some customers have elected not to renew their contract, and this risk has increased as the result of current negative macroeconomic conditions. In addition, our customers may renew at a lower price or volume level. Our customers’ renewals may decline or fluctuate as a result of a number of factors, including but not limited to, their dissatisfaction with our service, a dissipation or cessation of their need for one or more of our products or services, pricing, or competitive product offerings. If we are unable to renew a substantial portion of the contracts that are up for renewal or maintain our pricing, our results of operations and financial condition could be adversely affected. 15 Table of Contents Failure to adequately optimize our direct sales infrastructure will impede our growth. We continue to need to optimize our sales infrastructure in order to grow our customer base and our business. Identifying and recruiting qualified personnel and training them in our sales methodology, our sales systems, and the use of our software requires significant time, expense, and attention. Moreover, the current competitive labor market has increased the challenge of recruiting and retaining qualified sales representatives. It can take significant time before our sales representatives are fully trained and productive. Our business may be adversely affected if our efforts to expand and train our direct sales teams do not generate a corresponding increase in revenues. In particular, if we are unable to hire, develop, and retain talented sales personnel or if new direct sales personnel are unable to achieve desired productivity levels in a reasonable period of time, we may not be able to realize the expected benefits of this investment or increase our revenues. We may be unable to accurately predict the timing of revenue recognition from sales activity as it is often dependent on achieving certain events or performance milestones, and this inability could impact our operating results. Our ability to recognize revenue is dependent upon several factors in order for us to implement customers on our subscription-based platform and applications. If customers do not provide us with the information required to complete implementations in a timely manner, our ability to recognize revenue may be delayed, which could adversely impact our operating results. Moreover, some products can require significant implementation lead times and the rate at which customer orders move from backlog to revenue generation in connection with these products may significantly affect the timing of revenue recognition. Because we recognize revenue from subscriptions for our products and services over the term of the subscription period, downturns or upturns in new sales and renewals may not be immediately reflected in our operating results. During the year ended December 31, 2023, we recognized approximately 96% of our revenue from customers over the terms of their subscription or software licensing agreements, which generally have contract terms ranging from one to five years. As a result, much of the revenue we report in each quarter is related to subscription or licensing agreements entered into during previous quarters. Consequently, a decline in new or renewed subscription or licensing agreements in any one quarter will not necessarily be reflected in the revenue in that quarter and will negatively affect our revenue in future quarters. In addition, we may be unable to adjust our cost structure in a timely manner, or at all, to reflect this reduced revenue. Accordingly, the effect of significant downturns in new sales, renewals, and market acceptance of our products and services may not be reflected in our results of operations until future periods. Additionally, our subscription model also makes it difficult for us to rapidly increase our revenue through additional sales in any period, as revenue from new customers must be recognized over the applicable subscription term. Moreover, as noted above, we generally have contract terms ranging from one to five years, and the fees payable under a majority of contracts were often determined without reference to any increases in the consumer price index or similar inflation-related metric over the term of such contract, although we intend to implement such provisions going forward to the extent possible. As such, particularly for longer term contracts, we have been, and may continue to be, adversely impacted by inflationary conditions such as those that the U.S. economy is currently experiencing given that the fees that we are receiving during the outstanding term of such contracts will not be impacted by general price increases resulting from inflation whereas such inflationary conditions may increase the amount of labor, capital, and other expenditures we incur in connection with the operation of our business. We may not be able to meet our strategic business objectives unless we obtain additional financing, which may not be available to us on favorable terms or at all. We may need to raise additional funds for various purposes, including to: • • • • • develop new or enhance existing products, services, and technology; respond to competitive pressures; finance working capital requirements; acquire or invest in complementary businesses, technologies, content, or products; or otherwise effectively execute our growth strategy. At December 31, 2023, we had approximately $71.1 million in cash, cash equivalents, and marketable securities. We also have up to $50.0 million of availability under our Revolving Credit Facility, subject to certain covenants, which expires in October 2026. We cannot be assured that if we need additional financing, it will be available on terms favorable to us or at all. Moreover, elevated interest rate levels and current economic uncertainty have led to disruption and volatility in financial and capital markets and could lead to future disruption and/or volatility. Moreover, if elevated interest rate levels persist, this could increase the costs associated with any future financing activities. If adequate funds are not available or are not available on acceptable terms, our ability to fund expansion, take advantage of available opportunities, develop or enhance services or products, or otherwise respond to competitive pressures would be significantly limited. If we raise additional funds by issuing equity or convertible debt securities, the percentage ownership of our existing shareholders may be reduced. 16 Table of Contents Goodwill, identifiable intangible assets, long-lived assets, and strategic investments recorded on our balance sheet may be subject to impairment losses that could reduce our reported assets and earnings. There are inherent uncertainties in the estimates, judgments, and assumptions used in assessing recoverability of goodwill, intangible assets, long-lived assets, and strategic investments. Economic, legal, regulatory, competitive, reputational, contractual, and other factors could result in future declines in the operating results of our business units or market values that do not support the carrying value of goodwill, identifiable intangible assets, long-lived assets, and strategic investments. Moreover, the risk of such declines in operating results and market values, and thus, potential goodwill impairment, may be increased by current negative macroeconomic conditions. If the value of our goodwill, intangible assets, long-lived assets, or strategic investments is impaired, accounting principles require us to reduce their carrying value and report an impairment charge, which would reduce our reported assets and earnings for the period in which an impairment is recognized. We may be affected by healthcare reform efforts and other changes in the healthcare industry that impact us and our clients. Our clients are concentrated in the healthcare industry, which is subject to changing regulatory, economic, and political conditions. In recent years, there have been significant changes at the federal and state levels, many of which have been aimed at reducing costs and government spending and increasing access for health insurance. The most prominent of these reform efforts, the Patient Protection and Affordable Care Act, as amended by the Healthcare and Education Reconciliation Act of 2010 (collectively, the ACA), affects how healthcare services are covered, delivered, and reimbursed and expanded health insurance coverage. The ACA has been, and continues to be, subject to legislative and regulatory changes and court challenges. There is uncertainty regarding whether, when, and how the ACA will be further changed and how the law will be interpreted and implemented. Other recent health reform initiatives and proposals at the federal and state levels include those focused on price transparency and out-of-network charges, such as the No Surprises Act, and those intended to advance value-based payment efforts. Some members of Congress have proposed significantly expanding the coverage of government-funded programs, while others have proposed reducing them. At the state level, there has been increasing acceptance of interstate licensure compacts and uniformity in licensure requirements, which may reduce continuing education requirements for some professionals and impact demand for our services. Other industry participants, such as large employer groups and their affiliates, may also introduce financial or delivery system reforms or otherwise intensify competitive pressures. Some of the recent changes in the healthcare industry have driven consolidation, particularly among health insurance providers, which could affect the size of our customer base. Other reforms or industry changes may reduce payments from third-party healthcare payers, including Medicare and Medicaid, to our customers. There is uncertainty regarding whether, when, and what other health reform initiatives will be adopted and the impact of such efforts on the healthcare industry. Any legal or regulatory developments, or other developments affecting participants in the healthcare industry. that adversely impact the business or financial condition of our clients could reduce the amount of business we receive from such clients and thus have an adverse effect on our results of operations. We may discover weaknesses in our internal controls over financial reporting, which may adversely affect investor confidence in the accuracy and completeness of our financial reports and consequently the market price of our securities. Section 404 of the Sarbanes-Oxley Act of 2002 requires our management to report on and requires our independent public accounting firm to attest to, the effectiveness of our internal controls over financial reporting. The rules governing the standards to be met are complex and may require significant process review, documentation, and testing, as well as remediation efforts for any identified deficiencies. This process of review, documentation, testing, and remediation may result in increased expenses and require significant attention from management and other internal and external resources. These requirements may also extend to acquired entities and our efforts to integrate those operations into our system of internal controls. Any material weaknesses identified during this process may preclude us from asserting the effectiveness of our internal controls. This may negatively affect our stock price if we cannot effectively remediate the issues identified in a timely manner. Risks Related to Operations Our operating margins could be affected if our ongoing refinement to pricing models for our products and services is not accepted by our customers and the market. We continue to make changes in the pricing of our offerings so as to increase revenue and meet the needs of our customers. We cannot predict whether the current pricing of our offerings or any ongoing refinements we make will be accepted by our existing customer base or by prospective customers. If our customers and potential customers decide not to accept our current or future pricing or offerings, it could have an adverse effect on our business and results of operations. Additionally, ecosystem partners establish the price for some of the products we market and sell, and we do not have control over such price setting or customer acceptance thereof or reaction thereto. 17 Table of Contents We may be unable to adequately develop our systems, processes, and support in a manner that will enable us to meet the demand for our products and services. We have provided our online products and services for a significant period of time and continue to expand our ability to provide our solutions on both a subscription and transactional basis over the Internet or otherwise. Our future success will depend on our ability to effectively develop and maintain our infrastructure, including procurement of additional hardware and software, integrate and interoperate with third party systems, and implement the services, including customer support, necessary to meet the demand for our offerings. Our inability from time to time to successfully develop the necessary systems and implement the necessary services on a timely basis may result in our customers experiencing delays, interruptions, and/or errors in their service. Such delays or interruptions may cause customers to become dissatisfied with our service and move to competing providers. If this happens, our reputation, results of operations, and financial condition could be adversely affected. We operate in a challenging market for talent and may fail to attract and retain qualified personnel, including key management personnel. Our future performance is substantially dependent on the continued services of our management team and our ability to attract, retain, and motivate them. The loss of the services of any of our officers or senior managers, or the inability to attract additional officers or senior managers as appropriate, could harm our business, as we may not be able to find suitable replacements. Moreover, current competitive labor market conditions may make it more difficult for us to attract and retain key management personnel. In addition, our future success will depend on our ability to attract, train, motivate, and retain other highly skilled technical, managerial, marketing, sales, and customer support personnel. We continue to face competition for certain personnel, especially for software developers, web designers, user experience and interaction designers, and sales personnel, and we may be unable to successfully attract sufficiently qualified personnel where needed. Additionally, current competitive labor market conditions have increased, and may continue to increase, our labor costs as well as the difficulty of hiring and retaining qualified personnel where needed. We have experienced in the past, and continue to experience, difficulty hiring qualified personnel in a timely manner for certain positions, and we may not be able to fill certain positions in desired geographic areas or at all. The pool of qualified technical personnel, in particular, is limited. Many of the companies with which we compete for experienced personnel have greater resources than we have and some of these companies may offer more lucrative compensation packages. We anticipate needing to continue to maintain or increase the size of our staff to support our anticipated growth, without compromising the quality of our offerings or customer service. Our inability to locate, attract, hire, integrate, and retain qualified personnel in sufficient numbers may reduce the quality of our services and impair our ability to grow and adversely impact our financial performance. A significant portion of our workforce have been working remotely since 2020 and we expect a significant portion to continue working remotely under our hybrid workplace model. If we are unable to effectively maintain this hybrid work environment long-term, then we may experience increased attrition, a less cohesive workforce, reduced performance, and less innovation, which may adversely impact our business and financial results. We may not be able to upgrade our hardware and software technology infrastructure quickly enough to effectively meet demand for our services or our operational needs. We must continue to obtain reasonably priced, commercially available hardware, operating software, and hosting services, as well as continue to enhance our software and systems to accommodate the increased use of our platform, the increased content in our library, the expanding amount and type of data we store on behalf of our customers, and the resulting increase in operational demands on our business, including as imposed by new and changing legal and regulatory requirements applicable to our business. Decisions about hardware and software enhancements are based in part on estimated forecasts of the growth in demand for our services. This growth in demand for our services is difficult to forecast and the potential audience for our services is widespread and dynamic. If we are unable to increase the data storage and processing capacity of our systems at least as fast as the growth in demand, our customers may encounter delays or disruptions in their service. Unscheduled downtime or reduced response time of our platforms could harm our business and could discourage current and potential customers from using or continuing to use our services and reduce future revenue. If we are unable to acquire, update, or enhance our technology infrastructure and systems quickly enough to effectively meet increased operational demands on our business, that may also have an adverse effect on our results of operations or financial condition. Further, our applications necessarily must integrate with a variety of systems and technologies. As we develop our platform and applications and rely on ever changing and improving technologies, we may be impeded by our customers’ and ecosystem partners’ inability to adopt new technologies and technology standards upon which new platform enhancements may be based. 18 Table of Contents Our network infrastructure and computer systems and software may fail. An unexpected event (including but not limited to a cyber-security incident, such as a ransomware attack, denial-of-service attack, security compromise, or other attempts to misappropriate our confidential information; telecommunications failure; vandalism; fire; earthquake; public health crisis, such as an epidemic or pandemic; or other catastrophic loss) at or impacting our Internet service providers’ facilities, our on-site data center facilities, or our public- cloud infrastructure providers, could cause the loss of critical data and prevent us from offering our products and services for an unknown period of time. Our or a third party's disaster recovery planning cannot account for all eventualities, or may not be sufficient to mitigate against or recover from any of these events. We also may incur increased operating expenses to recover data, including ransom payments made to cyber-attackers, repair or remediate systems, equipment or facilities, and to protect ourselves from such disruptions. In addition, we may encounter challenges as a result of increased acceptance of remote work environments. For example, the daily activities and productivity of our workforce is now more closely tied to key vendors, such as video conference services, consistently delivering their services without material disruption. Our ability to deliver information using the Internet and to operate in a remote working environment may be impaired because of infrastructure failures, service outages at third party Internet providers, malicious attacks or other factors. System downtime could negatively affect our reputation and ability to sell our products and services and may expose us to significant third-party claims. Our cyber liability and business interruption insurance may not adequately compensate us for losses that may occur. In addition, we rely on third parties to securely store our archived data, house our infrastructure and network systems, and connect us to the Internet. While our service providers have planned for certain contingencies, the failure by any of these third parties to provide these services satisfactorily and our inability to find suitable replacements would impair our ability to access archives and operate our systems and software, and our customers may encounter delays. Such disruptions could harm our reputation and cause customers to become dissatisfied and possibly take their business to a competing provider, which would adversely affect our financial performance. A data breach or cybersecurity incident could result in a loss of confidential data, give rise to remediation and other expenses, expose us to liability under federal and state data protection and data privacy requirements, foreign data privacy regulations, consumer protection laws, common law theories, and other laws, rules and regulations, subject us to litigation and governmental inquiries and actions, damage our reputation, and otherwise adversely impact our financial results and business. We collect and store personal data and sensitive information, including intellectual property, Protected Health Information (PHI) as defined under HIPAA and other individually identifiable health information, provider credentialing and privileging data, education records, and other sensitive personal information, on our networks. In addition, there are a variety of other national, foreign, and international laws and regulations that apply to the collection, use, retention, protection, security, disclosure, transfer, and other processing of personal data, including, but not limited to: the Family Educational Rights and Privacy Act (FERPA), the European Union’s General Data Protection Regulation (GDPR), the United Kingdom's General Data Protection Regulation (which implements the GDPR into U.K. law), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), Australia's Privacy Act 1988, and New Zealand's Privacy Act 2020. In addition, various states, including California, Virginia, Colorado, Utah, and Connecticut, have passed data privacy laws, and federal lawmakers have proposed additional legislation. The laws and regulations to which we are subject are rapidly evolving and changing and could have an adverse effect on our operations. Companies’ obligations and requirements under these laws and regulations are subject to uncertainty in how they may be interpreted by government authorities and regulators. The costs of compliance with, and the other burdens imposed by, these and other laws or regulatory actions may increase our operational costs, affect our customers’ willingness to permit us to use and store personal data and sensitive information, prevent us from selling our products or services, and/or affect our ability to invest in or jointly develop products. We may be exposed to litigation, including through private rights of action, regulatory fines, penalties, or other sanctions and damage to our reputation if the personal, confidential, or proprietary information of our customers is not handled in compliance with these laws or is otherwise mishandled or misused by us or any of our suppliers, ecosystem partners, counterparties, or other third parties, or if such third parties do not have appropriate controls in place to protect such personal, confidential, or proprietary information. We may also face audits or investigations by one or more domestic or foreign government agencies relating to our compliance with these regulations. The secure maintenance of personal data and sensitive information is critical to our business operations. As a result, the continued development and enhancement of controls, processes, and practices designed to protect our information systems from attack, damage, or unauthorized access remain a priority for us. If the security measures that we use to protect personal data and sensitive information, or other data of our customers and business relations, are ineffective, we may lose users of our services, which could reduce our revenue, tarnish our reputation, and subject us to significant liability. In addition, if our subcontractors, subprocessors, or various other vendors and service providers on which we rely fail or if they fail to use adequate security or data protection processes or use personal data and sensitive information in an unpermitted or improper manner, we may be liable for losses as a result of their breach and, as a result, we may incur damage to our reputation. Additionally, our costs and efforts associated with obtaining and maintaining certain certifications related to data privacy and protection may also increase, to the extent we are able to obtain or maintain such certifications at all. 19 Table of Contents The current cyber threat environment presents increased risk for all companies, including companies in our industry, and cyberattacks have become increasingly frequent, sophisticated, and difficult to detect. While we have implemented multiple layers of security measures to protect personal data and sensitive information that we collect and store, there is no assurance that these security measures will not be circumvented, including by new technological developments. Moreover, advanced new attacks that may be directed at us or our third-party vendors create risk of cybersecurity incidents, including ransomware, malware, and phishing incidents. We may also be subject to attacks in which malicious actors seek to, and potentially succeed in, exploiting our products or services as a vector to compromise the security or integrity of our customers, partners, or vendors. Additionally, in the current environment, it has become increasingly prevalent for malicious actors to target vendors, such as ourselves, as a means through which to gain unauthorized access to the systems and sensitive information of organizations such as healthcare providers, which comprise our primary customer base. In addition, the rapid evaluation and increased adoption of artificial technologies may heighten our cybersecurity risks by making cybersecurity attacks more difficult to detect, contain, and mitigate. Further, the audit processes, penetration and vulnerability testing, and controls used within our production platforms may not be sufficient to identify and prevent errors or deliberate misuse. Moreover, our software, databases, and servers may contain vulnerabilities or irregularities that lead to computer viruses, physical or electronic attacks, and similar disruptions. Further, we may be at increased risk because we outsource certain services or functions to, or have systems that interface with, third parties. Our contracts with service providers typically require them to implement and maintain adequate security controls, but we may not have the ability to effectively monitor these security measures. As a result, inadequacies of third-party security controls may not be detected until after a cybersecurity incident has occurred. For example, third-party IT vendors may not provide us with fixes or updates to hardware or software in a manner as to avoid an unauthorized loss, access, or disclosure of data or to address a known vulnerability, which may subject us to known threats and cause system failures or disruptions. Third-party vendors that store or have access to our data may not have effective controls, processes, or practices to protect our information or systems from attack, damage, or unauthorized access. These risks may be heightened in connection with employees and service providers working from remote work environments, as our dependency on certain service providers, such as video conferencing and web conferencing services, has significantly increased. In addition, to access our network, products, and services, customers and other third parties may use personal mobile computing devices that are outside of our network environment and subject to their own security risks. We are regularly the target of cybersecurity attacks and other threats that could have a security impact, and we expect to continue to experience an increase in cybersecurity threats in the future. Moreover, in spite of our security measures, we have experienced data and cybersecurity incidents from time to time in the course of our business and have handled those incidents in accordance with our internal policies and our understanding of applicable laws. There is no assurance that we, or the third parties with which we interact, will not experience a cybersecurity incident or data breach in the future that will materially affect us. In the future, data breaches or security incidents could result from a variety of circumstances and events, including third party action or inaction, system errors or downtime, employee negligence or error, malfeasance, failures during the process of upgrading or replacing software, databases, or components thereof, power outages, hardware failures, telecommunication failures, user errors, catastrophic events, or threats from malicious persons and groups, new vulnerabilities, and advanced new attacks against information systems, including those against our vendors and customers. Moreover, because the techniques used in cybersecurity attacks change frequently and may not be immediately recognized, we may experience cybersecurity incidents that remain undetected for an extended time. Any such security incidents and data breaches involving us or third parties with which we interact could result in business and operational interruptions and delays; the loss, unauthorized access, misappropriation, acquisition, use, disclosure, or corruption of data; result in our inability to access data; damage or adversely impact our information systems; damage our reputation; adversely impact our relationship with key customers and other business relations; and otherwise adversely impact our business. There can be no assurance that we will not be subject to cybersecurity incidents that bypass our security measures, result in loss of personal data or other confidential information, or disrupt our information systems or business. In addition, data and cybersecurity incidents, particularly if a large number of individuals are affected or if the compromised information is highly sensitive, could expose us and our customers to liability under privacy, security, and consumer protection laws, such as HIPAA, FERPA, and state privacy laws, and foreign data privacy regulations, or subject us to litigation under these or other laws, including common law theories. Moreover, such incidents could subject us to federal and state governmental disclosure requirements, inquiries, or enforcement, result in civil monetary penalties, settlement agreements, corrective action plans, and monitoring requirements, require us to devote significant management resources to address and respond to any such cybersecurity events, interfere with the pursuit of other important business strategies, and/or cause us to incur additional expenditures, which could be material, including to investigate such events, remedy cybersecurity problems, recover lost data, and adapt systems and practices in response to such events. Moreover, there is no assurance that any remedial actions will meaningfully limit the success of future attempts to breach our information systems or the information systems of third parties with which we interact. In addition, our cyber liability and business interruption insurance may not cover or adequately compensate us for losses that may occur in connection with any cybersecurity incident. Furthermore, we have acquired a number of companies, products, services, and technologies in recent years. Although we devote significant resources to address any security issues with respect to such acquisitions, we still may inherit additional security risks when we integrate those companies within HealthStream. Moreover, if a high-profile security breach occurs with respect to an industry peer, our customers and potential customers may lose trust in the security of our solutions in general. As threats to personal data, sensitive information, and our confidential information continue to evolve and increase, we may be required to continue to expend significant resources to maintain, modify, or enhance our internal processes, governance, or protective measures, or to investigate and remediate any security vulnerabilities. For information on our cybersecurity risk management, strategy, and governance, see Item 1C. Cybersecurity. 20 Table of Contents We may experience errors or omissions in our software products or processes, including those that deliver credentialing, privileging, and payer enrollment services for our healthcare customers and those that administer and report on healthcare facility performance, and these errors could result in action taken against us that could harm our business. Hospitals and medical practices use our credentialing, privileging, and payer enrollment software to manage, validate, and maintain their providers’ and other staff credentials and authorization to practice in a particular facility and to maintain authorization to perform care covered by insurance providers. In some instances, we rely on sources outside the Company for information that we use in our credentialing and privileging products. If errors or omissions occur that inaccurately validate or invalidate the credentials of a provider or staff, or improperly deny or authorize a provider or staff to practice in a hospital or medical practice, these errors or omissions could result in litigation brought against us either by our customers, the provider or staff member, or other interested parties. For example, an important element in a malpractice case brought against a hospital or other provider could be the validation of proper credentialing for the provider, and any errors or omissions in our products that provide these services could subject us to claims. Further, a list of providers’ privileges may be made available to the general public by hospitals and medical practices, and errors in credentialing and privileging may result in damage to the hospital, medical practice, or provider. We may also be required to indemnify against such claims and defending against any such claims could be costly and time-consuming and could negatively affect our business and may not be fully insured. Risks Related to Government Regulation, Content, and Intellectual Property Government regulation may subject us to investigation, litigation, or liability or require us to change the way we do business. The laws and regulations that govern our business change rapidly, are often inconsistent between jurisdictions, and in certain respects have become, and may continue to become, more complex and restrictive. Evolving areas of law that are relevant to our business include privacy and security laws, proposed encryption laws, content regulation, information security accountability regulation, sales and use tax laws, laws related to the use of artificial intelligence and machine learning applications, and regulations and attempts to regulate activities on the Internet. For example, we are directly subject to certain requirements of the HIPAA privacy and security regulations. In addition, we are required through business associate agreements with our customers to protect the privacy and security of protected health information. Further, government laws and regulations that directly affect our customers can have an indirect impact on our business. We may also be required to develop features, enhancements, or modifications to our products to support our customers’ evolving compliance obligations. This may require us to divert development and other resources from other areas, incur significant expenditures, or, if we are unsuccessful in delivering these features, enhancements, or modifications, result in monetary damages, loss of revenue or customers, reputational harm, or other adverse impacts to our business. We may lose sales from existing or potential customers or incur significant expenses if states impose or assess sales and use taxes on our services to a greater degree than is currently the case or we inherit potential state sales and use tax compliance issues in connection with acquisitions we may make from time to time. A successful assertion by one or more states that we should collect sales or uses taxes on the sale of our services to a greater degree than is our current practice could result in substantial tax liabilities for past sales, decrease our ability to compete on pricing with other vendors, and otherwise harm our business. Each state has different rules and regulations governing sales and use taxes, and these rules and regulations are subject to varying interpretations that may change over time. There can be no assurance that we will not be subject to sales and use taxes or related interest or penalties for past sales in states where we believe we are not subject to such taxes. We are also subject to income and other taxes in the United States as well as in those states and foreign jurisdictions in which we do business. Changes in federal tax laws applicable to U.S. corporations and/or other laws, or interpretations of tax laws by taxing authorities or other standard setting bodies, could increase our tax obligations and adversely impact our results of operations. Additionally, we may be subject to taxes and tax laws in foreign jurisdictions where we do business. The rapidly evolving and uncertain regulatory and technology environment could require us to change how we do business or incur additional costs. It may be difficult to predict how changes to these laws and regulations might affect our business. While we strive to adhere our practices and procedures to the laws that are applicable to our business, we may not be able to timely adapt to evolving rules and regulations, interpretations, and regulator discretion. Further, a regulator or court could disagree with our interpretation of these laws and regulations. Failure to comply with applicable legal or regulatory requirements in the U.S. or in any of the countries in which we operate could result in significant legal and financial exposure, damage to our reputation, subject us to contractual penalties (including termination of our customer agreements), adversely affect our ability to retain clients and attract new clients, or otherwise have a material adverse effect on our business operations, financial condition, and results of operations. 21 Table of Contents Any reduction or change in the regulation of continuing education and training in the healthcare industry may adversely affect our business. A portion of our business model is dependent in part on required training and continuing education for healthcare professionals and other healthcare workers resulting from regulations of state and federal agencies, state licensing boards, and professional organizations. Any change in these regulations and professional standards that reduce the requirements for continuing education and training for the healthcare industry could harm our business. In addition, a portion of our business with pharmaceutical and medical device manufacturers and hospitals is predicated on our ability to maintain accreditation status with organizations such as the ACCME and ANCC. The failure to maintain status as an accredited provider of educational and other services could have a detrimental effect on our business. We may be liable to third parties for content that is sold or made available by us. We may be liable to third parties for the content sold or made available by us if the text, graphics, software, or other content therein violates copyright, trademark, or other intellectual property rights, if our ecosystem partners violate their contractual obligations to others by providing content that we sell or make available, or if the content is inaccurate, incomplete, or does not conform to accepted standards of care in the healthcare profession. Further, we may be liable to these ecosystem partners if we allow access or release and lose control of their intellectual property stored on our platform either due to security issues or through improper release to customers who have not paid for access to such intellectual property. We attempt to minimize these types of liabilities by requiring representations and warranties relating to our intellectual property partners’ ownership of the rights to distribute as well as the accuracy of their intellectual property. We also take measures to review this intellectual property ourselves. Although our agreements with our ecosystem partners in most instances contain provisions providing for indemnification by the ecosystem partners in the event of inaccurate intellectual property, our ecosystem partners may not have the financial resources to meet these indemnification obligations. Alleged liability could harm our business by damaging our reputation, requiring us to incur legal costs in defense, exposing us to awards of damages and costs, and diverting management’s attention away from our business. Protection of certain intellectual property may be difficult and costly, and our inability to protect our intellectual property could reduce the value of our products and services or reduce our competitive advantage. Despite our efforts to protect our intellectual property rights, as well as the intellectual property rights of our ecosystem partners, a third party could, without authorization, copy or otherwise misappropriate our content, information from our databases, or other intellectual property, including that of our third-party ecosystem partners. Our agreements with employees, consultants, and others who participate in development activities could be breached and result in our trade secrets becoming known. Alternatively, competitors and other third parties may independently develop or create content or systems that do not infringe our intellectual property rights. We may not have adequate remedies for such breaches or protections against such competitor developments. In addition, the laws of some foreign countries do not protect our proprietary rights to the same extent as the laws of the United States, and effective intellectual property protection may not be available in those jurisdictions. Our business could be harmed if unauthorized parties infringe upon or misappropriate our intellectual property, proprietary systems, content, platform, applications, services, or other information or the intellectual property of our ecosystem partners. Our efforts to protect our intellectual property through copyright, trademarks, trade secrets, patents, and other forms of protection, as well as our efforts to protect the intellectual property of our ecosystem partners, may not be adequate. For instance, we may not be able to secure trademark or service mark registrations for marks in the United States or in foreign countries or to secure patents for our proprietary products and services, and even if we are successful in obtaining patent and/or trademark registrations, these registrations may be opposed or invalidated by a third party. We also have certain contractual obligations to protect the intellectual property of our ecosystem partners and could be required to indemnify such ecosystem partners if we do not adequately provide such protections. There has been substantial litigation in the software services and healthcare technology industries regarding intellectual property assets, particularly patents. Third parties may claim infringement by us with respect to current and future products, trademarks, or other proprietary rights, and we may counterclaim against such third parties in such actions. Any such claims or counterclaims could be time-consuming, result in costly litigation, divert management’s attention, cause product release delays, require us to redesign our products, restrict our use of the intellectual property subject to such claim, or require us to enter into royalty or licensing agreements, any of which could have an adverse effect upon our business, financial condition, and operating results. Such royalty and licensing agreements may not be available on terms acceptable to us, if at all. We may be liable for infringing the intellectual property rights of others. Our competitors may develop similar intellectual property, duplicate our offerings, or design around any patents or other intellectual property rights we hold. Litigation may be necessary to enforce our intellectual property rights or to determine the validity and scope of the patents, intellectual property, or other proprietary rights of third parties, which could be time consuming and costly and have an adverse effect on our business and financial condition. Intellectual property infringement claims could be made against us and our ecosystem partners, especially as the number of our competitors grows. These claims, even if not meritorious, could be expensive and divert our attention from operating our company and result in a temporary inability to use the intellectual property subject to such claim. In addition, if we, our ecosystem partners, and/or our customers become liable to third parties for infringing their intellectual property rights, we could be required to pay a substantial damage award and develop comparable non-infringing intellectual property, to obtain a license, or to cease providing the content or services that contain the infringing intellectual property. We may be unable to develop non-infringing intellectual property or obtain a license on commercially reasonable terms, if at all. 22 Table of Contents We use open source software in our products, which could subject us to litigation or other actions. We use open source software in our products and may use more open source software in the future. From time to time, there have been claims challenging the ownership of open source software against companies that incorporate it into their products. As a result, we could be subject to suits by parties claiming ownership of what we believe to be open source software. Litigation could be costly for us to defend, have a negative effect on our operating results and financial condition, or require us to devote additional research and development resources to change our products. In addition, if we were to combine our proprietary software products with open source software in a certain manner, we could, under certain of the open source licenses, be required to release the source code of our proprietary software products to the public. If we inappropriately use open source software, we may be required to re-engineer our products, discontinue the sale of our products, or take other remedial actions. Our sources of data might restrict our use of or refuse to license data, which could adversely impact our ability to provide certain products or services. A portion of the data that we use is either purchased or licensed from third parties or public records or is obtained from our customers for specific customer engagements. We believe that we have all rights necessary to use the data that is incorporated into our products and services. However, if new laws or regulations impose restrictions on our use of the data or regulators’ or courts’ interpretations result in restrictions of the data that we currently use in our products and services, or a large number of data providers withdraw their data from us, our ability to provide our products and fulfill our contractual obligations to our customers could be materially adversely impacted. Risks Related to International Operations We face risks arising from our international operations. We have international operations in several countries outside of the United States, including Canada, Australia, and New Zealand. Conducting our business internationally, particularly with expansion into countries in which we have limited experience, subjects us to a variety of risks that that we do not necessarily face to the same degree in the U.S. These risks include, among others: • • • • • • • • • • • • • • unexpected changes or differences in regulatory requirements, including with respect to taxes, trade laws, tariffs, export quotas, custom duties, or other trade restrictions; differing labor regulations; differing income and non-income based tax rates and laws; regulations relating to data privacy and security, cross-border data transfers, and the unauthorized use of, or access to, commercial and personal information; potential penalties or other adverse consequences for violations of anti-corruption, anti-bribery, and other similar laws and regulations, including the U.S. Foreign Corrupt Practices Act; greater difficulty in supporting and localizing our products; unrest and/or changes in a specific country’s or region’s social, political, legal, health, or economic conditions or other geopolitical developments (such as developments arising from the ongoing conflict between Russia and Ukraine, increasing tensions between China and Taiwan, and the ongoing conflict in the Middle East); challenges inherent in efficiently managing an increased number of employees over large geographic distances, including the need to implement appropriate systems, controls, policies, benefits, and compliance programs; currency exchange rate fluctuations; uncertainties regarding the interpretation and enforceability of legal requirements, including limited or unfavorable intellectual property protection and the enforceability of contract rights; competition with companies or other services that may understand local markets better than we do; increased financial accounting and reporting burdens and complexities associated with implementing and maintaining adequate internal controls; regulations, health guidelines, and safety protocols in foreign jurisdictions related to the pandemic; and restrictions on repatriation of earnings. 23 Table of Contents Risks Related to Ownership of Our Common Stock It may be difficult for a third party to acquire our company. Tennessee corporate law and our charter and bylaws contain provisions that could delay, defer, or prevent a change in control of our company or our management. These provisions could also discourage proxy contests and make it more difficult for you and other shareholders to elect directors and take other corporate actions. These provisions in our organizational documents: • • • • • authorize us to issue "blank check" preferred stock, which is preferred stock that can be created and issued by the board of directors, without prior shareholder approval, with rights senior to those of common stock; provide for a staggered board of directors comprised of three classes such that it would take three successive annual meetings to replace all directors; prohibit shareholder action by written consent; do not provide shareholders with the right to call a special shareholders meeting; and establish advance notice requirements for submitting nominations for election to the board of directors and for proposing matters that can be acted upon by shareholders at a meeting. In addition, we are subject to certain provisions of Tennessee law which limit, in some cases, our ability to engage in certain business combinations or transactions with significant shareholders. These provisions, either alone or in combination with each other, give our current directors a substantial ability to influence the outcome of a proposed acquisition of the Company. These provisions would apply even if an acquisition or other significant corporate transaction was considered beneficial by some of our shareholders. If a change in control or change in management is delayed or prevented by these provisions, the market price of our securities could decline. There is no assurance that we will not discontinue or reduce the amount of our current quarterly dividend. Our payment of dividends, as well as the rate at which we pay dividends, is subject to the discretion of our board of directors and compliance with applicable legal requirements and our credit agreement, and our board of directors retains the power to modify, suspend, or cancel our dividend policy in any manner and at any time that our board may deem necessary or appropriate. Item 1B. Unresolved Staff Comments None. Item 1C. Cybersecurity Cybersecurity Risk Management Program The Company’s cybersecurity risk management program is designed to employ industry best practices, including ongoing enhancement of governance, risk, and compliance management, regular updates to our response planning and protocols, security policy and standards maintenance, and new technology implementation to proactively monitor vulnerabilities and reduce risk, including processes designed to identify material cybersecurity risks associated with our use of third-party service providers. This program includes the engagement of consulting firms and other third parties. 24 Table of Contents A key component of our cybersecurity risk management program is our incident response policy, which provides for evaluation, response, and reporting procedures in connection with a cybersecurity incident. Under this policy, we have established an incident response team (IRT), a multi-disciplinary management-level team led by the Company’s Chief Technology Officer (CTO) and comprised of the Company’s Chief Executive Officer (CEO), General Counsel/Compliance Officer, Chief Financial Officer, and EVP, Corporate Strategy. The policy provides that the IRT will conduct an initial assessment in the event of a cybersecurity incident meeting certain criteria elevated for the review of the IRT. In such event, the policy provides that the IRT will assess whether a cybersecurity incident has the potential to materially impact the Company and whether public disclosure is required or advisable in connection therewith, and further provides that, if appropriate, any such cybersecurity incident may be further elevated for the review of senior management, the Audit Committee and/or the Board of Directors. The Company maintains cyber liability insurance to help mitigate potential liabilities resulting from cybersecurity matters. While we maintain cybersecurity insurance, the costs related to cybersecurity threats or disruptions may not be fully insured. We do not believe that any risks we have identified to date, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. However, despite our security measures, there is no assurance that we or the third parties with which we interact, have not identified or experienced, or will not experience a cybersecurity incident in the future that will materially affect us. For additional information regarding the risks to us associated with cybersecurity incidents, see “A data breach or cybersecurity incident could result in a loss of confidential data, give rise to remediation and other expenses, expose us to liability under federal and state data protection and data privacy requirements, foreign data privacy regulations, consumer protection laws, common law theories, and other laws, rules and regulations, subject us to litigation and governmental inquiries and actions, damage our reputation, and otherwise adversely impact our financial results and business” included in Part I, Item 1A of this Form 10-K. Cybersecurity Governance The Company’s cybersecurity risk management processes are integrated into the Company’s overall risk management program. In this regard, our Board of Directors has designated the Audit Committee as being primarily responsible for overseeing risk management at a board level, and has delegated certain specific categories of risk oversight matters to the Audit Committee as well as to the other standing committees of the Board, within their respective areas of responsibilities. Additionally, the Audit Committee makes periodic reports to the Board regarding briefing and reports provided by management and advisors regarding various risk oversight matters as well as the Audit Committee’s own analysis and conclusions regarding the adequacy of the Company’s risk management program. As part of its board-level risk oversight responsibilities, the Audit Committee provides oversight of the Company’s privacy, data, cyber security, and information security risk exposures. Further, at a management level, the Company’s cybersecurity risk management program is led by our CTO, who reports to the Company’s CEO. Our CTO was appointed as the Company’s senior vice president and chief technology officer in July 2017. Our CTO has expertise in cybersecurity risk management through his more than 20 years of experience in healthcare technology, including his service with us as well as his service as chief technology officer at other organizations prior to joining the Company in 2017. On a quarterly basis, the Company’s CTO reports to the Audit Committee regarding the Company’s cybersecurity program. The CTO also reports to the Audit Committee on a quarterly basis regarding remediation activities, if any, along with related security metrics, in connection with any areas where cybersecurity threats have been identified. Item 2. Properties Our principal office is located in Nashville, Tennessee, which is primarily used to support our corporate functions. Our lease for approximately 92,000 square feet at this location will end in October 2031. As of December 31, 2023, we leased other facilities in Nashville, Tennessee; San Diego, California; and Boulder, Colorado. Item 3. Legal Proceedings None. Item 4. Mine Safety Disclosures Not applicable. 25 Table of Contents PART II Item 5. Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities Our common stock is traded on the Nasdaq Global Select Market under the symbol “HSTM”. Our common stock began trading on the Nasdaq National Market on April 14, 2000. As of February 14, 2024, the Company had a total of 13,901 shareholders, including 1,087 registered holders and 12,814 beneficial holders. DIVIDEND POLICY On February 20, 2023, we announced that our board of directors approved a quarterly dividend policy (the "Dividend policy"). During the year ended December 31, 2023, the Board of Directors authorized the following quarterly dividends under the Dividend Policy: Dividend Dividend Declaration Payment Date Date February April 28, 20, 2023 2023 April 24, June 23, 2023 2023 July 24, September 2023 29, 2023 October 23, December 22, 2023 2023 Total dividends $ $ Dividend Per Share Record Date Cash Outlay 0.025 April 17, 2023 0.025 June 12, 2023 0.025 September 18, 2023 0.025 December 11, 2023 0.10 $ $ 767,000 767,000 767,000 757,000 3,058,000 Additionally, as previously announced, on February 19, 2024, the Board approved a quarterly cash dividend of $0.028 per share, representing an increase of twelve percent (12%) over the previous quarter's dividend payment, payable on March 22, 2024 to holders of record on March 11, 2024. The Dividend Policy and the declaration and payment of each quarterly cash dividend will be subject to our board’s continuing determination that the policy and the declaration of dividends thereunder are in the best interests of our stockholders and are in compliance with applicable law and our credit agreement. Our board retains the power to modify, suspend, or cancel the dividend policy in any manner and at any time that our board may deem necessary or appropriate. 26 Table of Contents STOCK PERFORMANCE GRAPH The graph below matches HealthStream, Inc.'s cumulative 5-year total shareholder return on common stock with the cumulative total returns of the NASDAQ Composite index and the Dow Jones US Software TSM index. The graph tracks the performance of a $100 investment in our common stock and in each index (with the reinvestment of all dividends) from 12/31/2018 to 12/31/2023. The comparisons in the graph below are based on historical data and are not necessarily indicative of future performance of our common stock. 12/18 12/19 12/20 12/21 12/22 12/23 HealthStream, Inc. NASDAQ Composite Dow Jones US Software TSM $ 100.00 $ 100.00 100.00 112.63 $ 136.69 145.25 90.43 $ 198.10 214.46 109.15 $ 242.03 282.55 102.86 $ 163.28 188.80 112.38 236.17 300.75 The stock price performance included in this graph is not necessarily indicative of future stock price performance. RECENT SALES OF UNREGISTERED SECURITIES None. 27 Table of Contents ISSUER PURCHASES OF EQUITY SECURITIES On September 13, 2023, the Company announced a share repurchase program authorized by the Company’s Board of Directors under which the Company may purchase up to $10.0 million of its common stock. Pursuant to this authorization, repurchases may be made in the open market, including under a Rule 10b5-1 plan, through privately negotiated transactions, or otherwise. Under this program, during 2023, the Company repurchased 404,188 shares of common stock at an aggregate fair value of $8.9 million, reflecting an average price per share of $22.07 (excluding the cost of broker commissions). In addition, any future repurchases under the authorization will be subject to prevailing market conditions, liquidity and cash flow considerations, applicable securities laws requirements (including under Rule 10b-18 and Rule 10b5-1 of the Securities Exchange Act of 1934, as applicable), and other factors. The share repurchase program is scheduled to terminate on the earlier of March 31, 2024 or when the maximum dollar amount has been expended. This share repurchase program may be suspended or discontinued at any time. The table below sets forth activity under the stock repurchase plan for the three months ended December 31, 2023. (a) Total number of shares (or units) purchased (b) Average price paid per share (or unit)(1) (c) Total number of shares (or units) purchased as part of publicly announced plans or programs (d) Maximum number (or approximate dollar value) of shares (or units) that may yet be purchased under the plans or programs 305,098 $ — — 305,098 $ 22.22 — — 22.22 305,098 $ — — 305,098 $ 1,079,336 1,079,336 1,079,336 1,079,336 Period Month #1 (October 1 - October 31) Month #2 (November 1 - November 30) Month #3 (December 1 - December 31) Total (1) The weighted average price paid per share of common stock does not include the cost of broker commissions. Item 6. Reserved Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations The following discussion of the financial condition and results of operations of HealthStream should be read in conjunction with HealthStream’s Consolidated Financial Statements and related notes thereto included elsewhere in this report. This discussion contains forward-looking statements that involve risks and uncertainties. HealthStream’s actual results may differ significantly from the results discussed and those anticipated in these forward- looking statements as a result of many factors, including, but not limited to, the risks described under Risk Factors and elsewhere in this report, as well as additional risks or uncertainties not presently known to us or that we currently deem immaterial. The following discussion addresses our 2023 and 2022 results and year-to-year comparisons between 2023 and 2022. A discussion of year-to-year comparisons between 2022 and 2021 can be found in our Annual Report on Form 10-K for the fiscal year ended December 31, 2022, filed with the SEC on February 28, 2023, under Part II, Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations. OVERVIEW HealthStream provides primarily SaaS based applications for healthcare organizations—all designed to improve business and clinical outcomes by supporting the people who deliver patient care. We are focused on helping individuals and organizations in healthcare meet their ongoing learning, clinical development, credentialing, and scheduling needs. We also provide our solutions to nursing schools and nursing students. Our business is managed and organized around our single platform strategy, also referred to as our One HealthStream approach. At the center of this single platform strategy is our hStream technology platform. By enabling our applications through hStream, we believe that stand-alone applications, which already provide a powerful value proposition on their own, are beginning to leverage each other to more efficiently and effectively empower our customers to manage their businesses and improve their outcomes. Further, the Company’s internal structure and executive leadership are likewise shaped by the organizing principle of a single platform, including with regard to technology, operations, accounting, internal reporting (including the nature of information reviewed by our key decision makers), organizational structure, compensation, performance assessment, and resource allocation. 28 Table of Contents All of our solutions are powered by our hStream technology platform that enables activity across HealthStream's diverse ecosystem of applications. Our underlying solutions are comprised primarily of SaaS, subscription-based applications that are used by healthcare organizations to meet a broad range of their workforce development needs around learning, clinical development, credentialing, and scheduling. Our solutions are also utilized by nursing schools as they prepare the healthcare workforce of tomorrow and by nursing students as they prepare to enter that workforce. Our numerous content libraries allow customers to subscribe to a wide array of courseware, which includes content from leading healthcare and nursing associations, medical and healthcare publishers, and other content providers. Our scheduling solutions provide organizations with the tools to visualize and manage real-time clinical staff scheduling to enable them to optimize their workforce, reduce costs, and improve care. Our flagship credentialing, privileging, and enrollment solution, CredentialStream, provides customers an intuitive, modern user experience with a continual stream of enhancements, evidence-based content, and curated data, all of which provides healthcare organizations with tools to support the provider lifecycle management from recruiting, application submission, verification of licensure and other credentials, privileging, appointments by credentialing committees, enrollment, network, management, onboarding, and performance evaluations of providers. As HealthStream's business continues to evolve, we remain solely dedicated to the healthcare market and our primary customers continue to be healthcare organizations across the continuum of care and other participants in the healthcare industry, such as nursing schools and nursing students. Revenues for the year ended December 31, 2023 were $279.1 million, compared to $266.8 million for the year ended December 31, 2022, an increase of 5%. Revenues were positively impacted from recent acquisitions (detailed below) in the amount of $3.1 million and growth in several product categories. The contributions from growth in subscription revenues and recent acquisitions more than offset the decline of $1.7 million from professional services revenues. Gross margins improved to 65.9% during 2023, compared to 65.8% in 2022. Operating income increased by 29% to $16.0 million for 2023, compared to $12.4 million for 2022. Net income increased to $15.2 million for 2023, compared to $12.1 million for 2022. Earnings per share were $0.50 per share (diluted) for 2023, compared to $0.39 per share (diluted) for 2022. As of December 31, 2023, the Company had approximately 5.79 million contracted subscriptions to hStream, our Platform-as-a-Service technology which characterizes our single platform approach, compared to 5.54 million contract subscriptions at December 31, 2022. During 2023, the Company deployed capital to fund the acquisition of eeds that was completed during 2022 for a purchase price equal to approximately $6.6 million in cash. The purchase consideration paid for eeds was included in accrued liabilities in the Company's Consolidated Balance Sheet as of December 31, 2022 and was paid January 2023. The Company also repurchased approximately $8.9 million of common stock under its share repurchase programs, incurred $1.1 million of severance charges associated with the elimination of 33 job roles as part of the consolidation of HealthStream's business under a single platform strategy, and paid $3.1 million in cash dividends. As of December 31, 2023, cash and investment balances approximated $71.1 million, and the Company maintained full availability under its $50.0 million revolving credit facility. Since the beginning of 2022, we completed two acquisitions. We acquired CloudCME in May 2022 and substantially all of the assets of eeds in December 2022. For additional information regarding acquisitions, please see Note 8 of the Consolidated Financial Statements included elsewhere in this report. RECENT DEVELOPMENTS Macroeconomic conditions in the U.S. continue to be challenging in various respects, including as the result of ongoing inflationary pressures, elevated interest rate levels, challenging labor market conditions, and uncertain geopolitical conditions. In this regard, we have experienced, and believe that many of our customers have experienced, increased labor, supply chain, capital, and other expenditures associated with current inflationary pressures. These conditions impacting the U.S. economy and our customers in the healthcare industry have adversely affected, and may continue to adversely impact, our business and results of operations. While the COVID-19 pandemic continues to cause some level of uncertainty, including with regard to the pandemic's various and unpredictable impacts on our healthcare customers and, in turn, our business, the impact of the pandemic itself on public health and economic conditions has significantly lessened and normalized to the point of reaching an endemic stage. As our business is focused on providing solutions to healthcare organizations, we continue to closely monitor any developments related to COVID-19 and remain prepared to modify our operating approaches to address COVID 19-related developments or other public health related events as they may arise. 29 Table of Contents CRITICAL ACCOUNTING ESTIMATES Preparation of our Consolidated Financial Statements requires us to make estimates and assumptions affecting the reported amounts of assets and liabilities at the date of the financial statements, reported amounts of revenues and expenses during the reporting period, and related disclosures. In the Notes to our Consolidated Financial Statements, we describe our significant accounting policies used in preparing the Consolidated Financial Statements. Our policies are evaluated on an ongoing basis and are drawn from historical experience and other assumptions that we believe to be reasonable under the circumstances. Actual results could differ under different assumptions or conditions. Our management has identified the following critical accounting policies for the areas that are materially impacted by estimates and assumptions. Revenue Recognition Revenues are recognized when or as control of the promised goods or services is transferred to the customer in an amount that reflects the consideration the Company expects to be entitled in exchange for transferring those goods or services. Our contracts with customers often contain promises for multiple goods and services. For these contracts, the Company accounts for the promised goods and services in its contracts as separate performance obligations if they are distinct. The contract price, which represents transaction price when the contract reflects a fixed fee arrangement, or management’s estimate of variable consideration including application of the constraint when the contract does not have a fixed fee, is allocated to the separate performance obligations on a relative standalone selling price basis. We generally determine standalone selling prices based on the standard list price for each product, taking into consideration certain factors, including contract length and the number of subscriptions or licenses purchased within the contract. Judgment is required in determining whether performance obligations are distinct, standalone selling prices, and the amount of variable consideration to reflect as transaction price. Accounting for Income Taxes The Company accounts for income taxes using the asset and liability method, whereby deferred tax assets and liabilities are determined based on the temporary differences between the financial statement and tax bases of assets and liabilities measured at tax rates that will be in effect for the year in which the differences are expected to affect taxable income. Management evaluates all available evidence, both positive and negative, to determine whether, based on the weight of that evidence, a valuation allowance is needed. We assess the realizability of our deferred tax assets, and to the extent that we believe a recovery is not likely, we establish a valuation allowance to reduce the deferred tax asset to the amount we estimate will be recoverable. As of December 31, 2023, the Company established a valuation allowance of $2.0 million for the portion of its deferred tax assets that are not more likely than not expected to be realized, compared to a valuation allowance of $1.9 million as of December 31, 2022. Goodwill Goodwill represents the excess of purchase price in a business combination over the fair value of the net identifiable assets acquired. We evaluate goodwill for impairment at the reporting unit level by assessing whether it is more likely than not that the fair value of a reporting unit exceeds its carrying value. If this assessment concludes that it is more likely than not that the fair value of a reporting unit exceeds its carrying value, then goodwill is not considered impaired and no further impairment testing is required. Conversely, if the assessment concludes that it is more likely than not that the fair value of a reporting unit is less than its carrying value, a goodwill impairment test is performed to compare the fair value of the reporting unit to its carrying value. The Company determines fair value of its reporting unit using both income and market-based models. Our models contain significant assumptions and accounting estimates about discount rates, future cash flows, and terminal values that could materially affect our operating results or financial position if they were to change significantly in the future and could result in an impairment. We perform our goodwill impairment assessment whenever events or changes in facts or circumstances indicate that impairment may exist and during the fourth quarter each year. The cash flow estimates and discount rates incorporate management’s best estimates, using appropriate and customary assumptions and projections at the date of evaluation. For 2023, our qualitative assessment indicated that the fair value of our reporting unit substantially exceeded the carrying value such that a quantitative assessment was not necessary. 30 Table of Contents RESULTS OF OPERATIONS Revenues and Expense Components The following descriptions of the components of revenues and expenses apply to the comparison of results of operations. Revenues, net. The products and services generating revenues are increasingly oriented around and drive value in relation to our hStream technology platform and consist primarily of the following products and services: provision of services through our platform, learning management applications, a variety of training and development content subscriptions, staff scheduling software solutions, competency tools, training, implementation and onboarding, consulting services to serve professionals that work within healthcare organizations, and our applications that help facilitate provider credentialing, privileging, and enrollment administration for healthcare organizations. Cost of Revenues (excluding depreciation and amortization). Cost of revenues (excluding depreciation and amortization) consist primarily of salaries and employee benefits, stock-based compensation, employee travel and lodging, materials, contract labor, hosting costs, third party software licensing costs, and other direct expenses associated with revenues, as well as royalties paid by us to content providers. Personnel costs within cost of revenues are associated with individuals that facilitate product delivery, provide services, handle customer support calls or inquiries, manage the technology infrastructure for our applications, manage content, and provide training or implementation services. Product Development. Product development consists primarily of salaries and employee benefits, contract labor, stock-based compensation, employee travel and lodging, costs associated with the development of new software and feature enhancements, new products, third party software licensing costs, and costs associated with maintaining and developing our products. Personnel costs within product development include our systems teams, application development, quality assurance teams, product managers, and other personnel associated with software and product development. Sales and Marketing. Sales and marketing consist primarily of salaries and employee benefits, commissions, stock-based compensation, employee travel and lodging, third party software licensing costs, advertising, trade shows, customer conferences, promotions, and related marketing costs. Personnel costs within sales and marketing include our sales teams and marketing personnel. Other General and Administrative Expenses. Other general and administrative expenses consist primarily of salaries and employee benefits, stock-based compensation, employee travel and lodging, facility expenses, office expenses, fees for professional services, business development and acquisition-related costs, third party software licensing costs, and other operational expenses. Personnel costs within general and administrative expenses include individuals associated with normal corporate functions, including accounting, legal, business development, human resources, administrative, internal information systems, and executive management. Depreciation and Amortization. Depreciation and amortization consist of fixed asset depreciation, amortization of intangibles considered to have definite lives, and amortization of capitalized software development. Other Income (Loss), Net. The primary component of other income is interest income related to interest earned on cash and cash equivalents and investments in marketable securities. The primary component of other expense is interest expense related to our revolving credit facility. In addition, the income or loss attributed to equity method investments and fair value adjustments related to non-marketable equity investments is included in this category, along with foreign currency gains and losses. 31 Table of Contents 2023 Compared to 2022 Revenues, net. Revenues increased approximately $12.2 million, or 5%, to $279.1 million for 2023 from $266.8 million for 2022. The revenue growth was attributable to growth in several product categories, including contribution of $3.1 million, or 1%, from our recent acquisitions. Subscription revenues increased $14.0 million, or 6%, but were partially offset by $1.7 million of declines from professional services revenues. A comparison of revenues by revenue source is as follows (in thousands): Subscription services Professional services Total revenues, net % of Revenues Subscription services Professional services Year Ended December 31, 2023 2022 $ $ 267,935 11,128 279,063 $ $ 253,960 12,866 266,826 Percentage Change 6% -14% 5% 96% 4% 95% 5% Cost of Revenues (excluding depreciation and amortization). Cost of revenues increased $3.9 million, or 4%, to $95.0 million for 2023 from $91.1 million for 2022. Cost of revenues as a percentage of revenues were 34% of revenues for both 2023 and 2022. The increase in expense is primarily associated with higher costs for third-party software, cloud hosting, and royalties. Product Development. Product development expenses increased $1.2 million, or 3%, to $45.5 million for 2023 from $44.3 million for 2022. Product development expenses as a percentage of revenues were 16% and 17% of revenues for 2023 and 2022, respectively. The increase in expense is primarily due to increased personnel costs, including severance costs associated with the previously disclosed elimination of 33 job roles as part of the consolidation of HealthStream's business under a single platform strategy, partially offset by an increase in labor capitalized for internally developed software. Sales and Marketing. Sales and marketing expenses, including personnel costs, increased $1.6 million, or 4%, to $45.7 million for 2023 from $44.1 million for 2022. Sales and marketing expenses as a percentage of revenues were 16% and 17% of revenues for 2023 and 2022, respectively. The increase in expense is primarily due to increased personnel costs, including severance costs as noted above, sales commissions, and travel costs, which were partially offset by a decrease in marketing expenses. Other General and Administrative Expenses. Other general and administrative expenses decreased $1.2 million, or 3%, to $35.7 million for 2023 from $36.9 million for 2022. Other general and administrative expenses as a percentage of revenues were 13% and 14% of revenues for 2023 and 2022, respectively. The decrease is primarily due to lower software expenses, employee recruitment and onboarding expenses, telecom expenses, and personnel costs, which were partially offset by an increase in bad debt expense. Depreciation and Amortization. Depreciation and amortization increased $3.2 million, or 8%, to $41.1 million for 2023 from $37.9 million for 2022. The increase resulted from higher amortization of capitalized software, partially offset by lower depreciation expense. Other Income (Loss), Net. Other income (loss), net was income of $2.5 million for 2023 compared to $3.1 million for 2022. Other income for 2023 consisted of interest income earned on cash and investments during the year ended December 31, 2023 as well as an additional $0.4 million gain recognized upon the settlement and release of escrowed proceeds related to a prior sale of a non-marketable equity investment. Other income for 2022 consisted of the $2.7 million gain recorded upon the sale of a non-marketable equity investment during the year ended December 31, 2022 as well as the $0.9 million gain recorded due to the change in fair value of our previously held minority interest in CloudCME that was remeasured upon acquiring the remaining ownership interest of CloudCME during the year ended December 31, 2022, partially offset by losses attributed to equity method investments. Income Tax Provision. The Company recorded a provision for income taxes of $3.3 million and $3.5 million for 2023 and 2022, respectively. The Company’s effective tax rate was 18% for 2023 compared to 22% for 2022. The Company's effective tax rate primarily reflects the statutory corporate income tax rate, the net effect of state taxes, foreign income taxes, and the effect of various permanent tax differences. During the year ended December 31, 2023, the Company recorded discrete tax benefits of $0.4 million, which consisted of tax benefits in the amount of $0.9 million resulting primarily from changes in apportionment rules in Tennessee upon the enactment of the Tennessee Works Tax Act and stock-based awards in the amount of $0.1 million, partially offset by $0.2 million of discrete tax expense related to reserves for uncertain tax positions and $0.4 million of discrete tax expense associated with merging VerityStream into HealthStream. During the year ended December 31, 2022, the Company recorded discrete tax expense of $0.6 million, which included tax expense related to uncertain tax positions and changes in state tax rates. 32 Table of Contents Net Income. Net income increased $3.1 million, or 26%, to $15.2 million for 2023 compared to $12.1 million for 2022. Earnings per diluted share were $0.50 per share (diluted) for 2023, compared to $0.39 per share (diluted) for 2022. Adjusted EBITDA increased 15% to $61.3 million for 2023 compared to $53.4 million for 2022. The increase resulted from the factors mentioned above. Adjusted EBITDA is a non-GAAP financial measure which we define as net income excluding the impact of the deferred revenue write-downs associated with fair value accounting for acquired businesses and before interest, income taxes, stock-based compensation, depreciation and amortization, and changes in fair value of, including gains (losses) on the sale of, non-marketable equity investments. See "Reconciliation of Non-GAAP Financial Measures" below for a reconciliation of this calculation to the most comparable measure under U.S. GAAP and information regarding why this non-GAAP financial measure provides useful information to investors. Key Business Metrics Our management utilizes the following key financial and non-financial metrics in connection with managing our business. • • • • Revenues, net. Revenues, net, reflect income generated by the sales of goods and services related to our operations and reflect deferred revenue write-downs associated with fair value accounting for acquired businesses. Revenues, net, were $279.1 million for the year ended December 31, 2023 compared to $266.8 million for the year ended December 31, 2022. Management utilizes revenue in connection with managing our business and believes that this metric provides useful information to investors as a key indicator of the growth and success of our products. Adjusted EBITDA. Adjusted EBITDA, calculated as set forth below under “Reconciliation of Non-GAAP Financial Measures,” is utilized by our management in connection with managing our business and provides useful information to investors because adjusted EBITDA reflects net income adjusted for certain GAAP accounting, non-cash, and/or non-operating items, as more specifically set forth below, which may not fully reflect the underlying operating performance of our business. We also believe that adjusted EBITDA is useful to many investors to assess the Company’s ongoing results from operations. Additionally, short-term cash incentive bonuses and certain performance-based equity award grants are based on the achievement of adjusted EBITDA (as defined in applicable bonus and equity grant documentation) targets. Adjusted EBITDA was $61.3 million for the year ended December 31, 2023, compared to $53.4 million for the year ended December 31, 2022. Capital Expenditures. Capital expenditures represent cash payments incurred for purchases of property and equipment and during the development phase for projects to develop software and content. Capital expenditures were $28.0 million for the year ended December 31, 2023 compared to $25.1 million for the year ended December 31, 2022. Management utilizes this metric in connection with managing the allocation of capitalized expenditures in which the Company invests related to the development of its products and believes that this metric is a key indicator of investment in products relative to their current and expected performance. Net Income. Net income represents revenues, net less all expenses. Net income was $15.2 million for the year ended December 31, 2023 compared to $12.1 million for the year ended December 31, 2022. Management utilizes net income in connection with managing our business, including with regard to our capital deployment strategies. 33 Table of Contents Reconciliation of Non-GAAP Financial Measures This Annual Report on Form 10-K presents adjusted EBITDA, which is a non-GAAP financial measure used by management in analyzing our financial results and ongoing operational performance. In order to better assess the Company’s financial results, management believes that net income excluding the impact of the deferred revenue write-downs associated with fair value accounting for acquired businesses (as discussed in greater detail below) and before interest, income taxes, stock-based compensation, depreciation and amortization, changes in fair value of, including gains (losses) on the sale of, non-marketable equity investments, and the de-recognition of non-cash expense resulting form the paid-time off expense reduction in the first quarter if 2021 (adjusted EBITDA), is a useful measure for evaluating the operating performance of the Company because adjusted EBITDA reflects net income adjusted for certain GAAP accounting, non-cash, and/or non-operating items which we believe, in any such case, are not fully reflective of the underlying operating performance of our business. We also believe that adjusted EBITDA is useful to investors to assess the Company’s ongoing operating performance and to compare the Company’s operating performance between periods. Additionally, short-term cash incentive bonuses and certain performance-based equity awards are based on the achievement of adjusted EBITDA (as defined in applicable bonus and equity grant documentation) targets. As noted above, the definition of adjusted EBITDA includes an adjustment for the impact of the deferred revenue write-downs associated with fair value accounting for acquired businesses. Prior to the Company early adopting ASU 2021-08 effective January 1, 2022, following the completion of any acquisition by the Company, the Company was required to record the acquired deferred revenue at fair value as defined in GAAP, which typically resulted in a write-down of the acquired deferred revenue. When the Company was required to record a write-down of deferred revenue, it resulted in lower recognized revenue, operating income, and net income in subsequent periods. Revenue for any such acquired business was deferred and was typically recognized over a one-to-two year period following the completion of any particular acquisition, so our GAAP revenues for this one-to-two year period would not reflect the full amount of revenues that would have been reported if the acquired deferred revenue was not written down to fair value. Management believes that including an adjustment in the definition of adjusted EBITDA for the impact of the deferred write-downs associated with fair value accounting for businesses acquired prior to the January 1, 2022 effective date of the Company's adoption of ASU 2021-08 provides useful information to investors because the deferred revenue write-down recognized in periods after an acquisition may, given the nature of this non-cash accounting impact, cause our GAAP financial results during such periods to not fully reflect our underlying operating performance and thus adjusting for this amount may assist in comparing the Company’s results of operations between periods. Following the adoption of ASU 2021-08, contracts acquired in an acquisition completed on or after January 1, 2022 are measured as if the Company had originated the contract (rather than the contract being measured at fair value) such that, for such acquisitions, the Company no longer records deferred revenue write-downs associated with acquired businesses (for acquisitions completed prior to January 1, 2022, the Company continues to record deferred revenue write-downs associated with fair value accounting for periods on and after January 1, 2022 consistent with this prior standard). Through December 31, 2023, the Company continued to include an adjustment in the definition of adjusted EBITDA for the impact of deferred revenue write-downs from business acquired prior to January 1, 2022 given the impact of such deferred revenue on our financial results. Adjusted EBITDA is a non-GAAP financial measure and should not be considered as a measure of financial performance under GAAP. Because adjusted EBITDA is not a measurement determined in accordance with GAAP, adjusted EBITDA is susceptible to varying calculations. Accordingly, adjusted EBITDA, as presented, may not be comparable to other similarly titled measures of other companies and has limitations as an analytical tool. This non-GAAP financial measure should not be considered as a substitute for, or superior to, measures of financial performance which are prepared in accordance with U.S. GAAP. A reconciliation of adjusted EBITDA to the most directly comparable GAAP measure (net income) for the years ended December 31, 2023 and 2022, is set forth below (in thousands). GAAP net income Deferred revenue write-down Interest income Interest expense Income tax provision Stock-based compensation expense Depreciation and amortization Change in fair value of non-marketable equity investments Adjusted EBITDA 34 2023 2022 15,213 $ 212 (2,356) 124 3,298 4,153 41,076 (425) 61,295 $ 12,091 267 (444) 132 3,494 3,554 37,945 (3,596) 53,443 $ $ Table of Contents Liquidity and Capital Resources Net cash provided by operating activities was $64.0 million during 2023, compared to $51.2 million during 2022, an increase of 25%. The increase resulted from improved operating results, including efficiencies realized after the previously disclosed elimination of 33 jobs roles as part of the consolidation of HealthStream's business under a single platform strategy, and higher cash collections compared to the prior year. The number of days sales outstanding (DSO) was 46 days for both 2023 and 2022. The Company calculates DSO by dividing the average accounts receivable balance (excluding unbilled and other receivables) by average daily revenues for the year. The Company’s primary sources of cash were receipts generated from the sales of our products and services. The primary uses of cash to fund operations included personnel expenses, sales commissions, royalty payments, payments for contract labor and other direct expenses associated with delivery of our products and services, income tax payments, and general corporate expenses. Net cash used in investing activities was $56.6 million during 2023, compared to $28.4 million during 2022. During 2023, the Company spent $6.6 million for the acquisition of substantially all of the assets of eeds (note: the eeds was acquisition was consummated on December 31, 2022, but was funded in January 2023 such that the purchase price for eeds impacted net cash used in investing activities during the year ended December 31, 2023), invested in marketable securities of $50.3 million, made payments for capitalized software development of $25.8 million, and purchased property and equipment of $2.2 million. These uses of cash were partially offset by $28.3 million in maturities of marketable securities. During 2022, the Company paid $3.9 million in cash (plus shares issued by the Company in a private placement), net of cash acquired, for the acquisition of CloudCME, and on a net basis paid $0.1 million upon settling post-closing adjustments related to the ComplyALIGN and Rievent acquisitions which closed during 2021 (resulting in a net cash outflow of $4.0 million), invested in marketable securities of $13.5 million, made payments for capitalized software development of $23.3 million, and purchased property and equipment of $1.8 million. These uses of cash were partially offset by $10.6 million in maturities of marketable securities and $3.5 million in proceeds from the sale of non-marketable equity investments. Cash used in financing activities was $13.0 million during 2023, compared to $23.7 million during 2022. The primary uses of cash in financing activities during 2023 included $8.9 million for repurchases of common stock, $3.1 million for the payment of cash dividends, $0.9 million for payments of payroll taxes related to stock-based compensation, and $0.1 million associated with the renewal of the revolving credit facility loan agreement. During 2022, the primary use of cash in financing activities included $23.1 million for repurchases of common stock and $0.6 million for payments of payroll taxes related to stock-based compensation. On October 6, 2023, the Company entered into a new revolving credit facility, which amended and replaced our prior revolving credit facility. There currently are no outstanding borrowings under the new revolving credit facility. For additional information regarding the new revolving credit facility, see Note 12 to the Consolidated Financial Statements included herein. Our balance sheet reflected positive working capital of $11.8 million at December 31, 2023, compared to negative working capital of $2.8 million at December 31, 2022. The increase in working capital was primarily due to increases in cash and cash equivalents and marketable securities. The Company’s primary source of liquidity was $71.1 million of cash and cash equivalents and marketable securities as of December 31, 2023. The Company also has a $50.0 million revolving credit facility loan agreement, all of which was available at December 31, 2023. On November 30, 2021, the Company announced a share repurchase program approved by the Company’s Board under which the Company was authorized to purchase up to $20.0 million of its common stock. This share repurchase program concluded on March 8, 2022, when the maximum dollar amount authorized under the program was expended. During 2022, the Company repurchased 649,739 shares of common stock pursuant to this share repurchase program at an aggregate fair value of $14.9 million, reflecting an average price per share of $22.92 (excluding the cost of broker commissions). On March 14, 2022, the Board approved an expansion of the Company's share repurchase program by authorizing the repurchase of up to an additional $10.0 million of the Company's outstanding shares of common stock. The share repurchase program expired on March 13, 2023, and no repurchases occurred during 2023. Under this program, the Company repurchased a total of 402,050 shares at an aggregate fair value of $8.1 million, based on an average price per share of $20.19 (excluding the cost of broker commissions), during 2022. On September 13, 2023, the Company announced a share repurchase program approved by the Company’s Board of Directors under which the Company is authorized to purchase up to $10.0 million of its common stock. Pursuant to this authorization, repurchases may be made in the open market, including under a Rule 10b5-1 plan, through privately negotiated transactions, or otherwise. In addition, any repurchases under the authorization will be subject to prevailing market conditions, liquidity and cash flow considerations, applicable securities laws requirements (including under Rule 10b-18 and Rule 10b5- 1 of the Securities Exchange Act of 1934, as applicable), and other factors. Under this program, during 2023, the Company repurchased 404,188 shares of common stock at an aggregate fair value of $8.9 million, reflecting an average price per share of $22.07 (excluding the cost of broker commissions). The share repurchase program is scheduled to terminate on the earlier of March 31, 2024 or when the maximum dollar amount has been expended. This share repurchase program may be suspended or discontinued at any time. 35 Table of Contents On February 20, 2023, our Board approved a quarterly dividend policy. The Board of Directors authorized the following quarterly dividend payments during 2023 pursuant to this policy: Dividend Dividend Declaration Payment Date Date February April 28, 20, 2023 2023 April 24, June 23, 2023 2023 July 24, September 2023 29, 2023 October 23, December 22, 2023 2023 Total dividends $ $ Dividend Per Share Record Date Cash Outlay 0.025 April 17, 2023 0.025 June 12, 2023 0.025 September 18, 2023 0.025 December 11, 2023 0.10 $ $ 767,000 767,000 767,000 757,000 3,058,000 On February 19, 2024, as previously disclosed, our board of directors approved a quarterly dividend at a rate of $0.028 per share, which represented an increase of 12% compared to the quarterly dividend per share payable in 2023 as set forth above. This quarterly dividend shall be payable on March 22, 2024 to the holders of record of all of the issued and outstanding shares of common stock as of the close of business on March 11, 2024. The dividend policy and the declaration and payment of each quarterly cash dividend will be subject to our Board’s continuing determination that the policy and the declaration of dividends thereunder are in the best interests of our stockholders and are in compliance with applicable law and our credit agreement. Our Board retains the power to modify, suspend, or cancel the dividend policy in any manner and at any time that our Board may deem necessary or appropriate. The Company's contractual obligations arising in the normal course of business primarily consist of operating lease obligations and purchase obligations. The amounts included as contractual obligations represent the non-cancelable portion of agreements or the minimum cancellation fee. As further discussed in Note 13 to the Company's Consolidated Financial Statements, as of December 31, 2023, we had operating lease obligations of approximately $29.0 million, of which $4.3 million is expected to be paid within 12 months. The Company's purchase obligations that represent non-cancelable contractual obligations primarily relate to information technology assets and our revolving credit facility, which facility is described further in Note 12 to the Company's Consolidated Financial Statements. As of December 31, 2023, the Company had purchase obligations of $9.2 million, with $6.5 million expected to be paid within 12 months. We believe that our existing cash and cash equivalents, marketable securities, cash generated from operations, and available borrowings under our revolving credit facility will be sufficient to meet anticipated working capital needs, new product development, effect any share repurchases we may elect to make, pay our quarterly cash dividends, and fund capital expenditures for at least the next 12 months and for the foreseeable future thereafter. The Company’s growth strategy includes acquiring businesses that provide complementary products and services. It is anticipated that future acquisitions, if any, would be effected through cash consideration, stock consideration, or a combination of both. The issuance of our stock as consideration for an acquisition or to raise additional capital could have a dilutive effect on earnings per share and could adversely affect our stock price. The revolving credit facility contains financial covenants and availability calculations designed to set a maximum leverage ratio of outstanding debt to consolidated EBITDA (as defined in our credit facility) and an interest coverage ratio of consolidated EBITDA to interest expense. Therefore, the maximum borrowings against the revolving credit facility would be dependent on the covenant values at the time of borrowing. As of December 31, 2023, the Company was in compliance with all covenants. There can be no assurance that amounts available for borrowing under our revolving credit facility will be sufficient to consummate any possible acquisitions, and we cannot be assured that if we need additional financing, it will be available on terms favorable to us or at all. Failure to generate sufficient cash flow from operations or raise additional capital when required in sufficient amounts and on terms acceptable to us could harm our business, financial condition, and results of operations. Recent Accounting Pronouncements In November 2023, the Financial Accounting Standards Board (FASB) issued Accounting Standards Update (ASU) 2023-07, Segment Reporting (Topic 280): Improvements to Reportable Segment Disclosures. The new guidance requires disclosures of significant reportable segment expenses that are regularly provided to the CODM and other segment items on an interim and annual basis. Entities with a single reportable segment will also be required to apply the disclosure requirements in ASU 2023-07 on an interim and annual basis. The ASU will be effective for annual periods beginning after December 15, 2023, and interim periods within fiscal years beginning after December 15, 2024. Early adoption of the ASU is permitted and should be applied retrospectively to all prior periods presented in the financial statements. The Company is currently evaluating the impact of adopting ASU 2023-07 and expects to adopt this ASU for the year ending December 31, 2024. In December 2023, the FASB issued ASU 2023-09, Income Taxes (Topic 740): Improvements to Income Tax Disclosures, which requires public entities to provide disclosure of disaggregated information in the entity’s tax rate reconciliation, as well as disclosure of income taxes paid disaggregated by jurisdiction. The ASU is effective for fiscal years beginning after December 15, 2024, with early adoption permitted. The Company is currently evaluating the impact of adopting ASU 2023-09. 36 Table of Contents Item 7A. Quantitative and Qualitative Disclosures about Market Risk The Company is exposed to market risk from changes in interest rates, foreign currency risk, and investment risk. We do not have any material commodity price risk. Interest Rate Risk As of December 31, 2023, the Company had no outstanding debt. We may become subject to interest rate market risk associated with any future borrowings under our revolving credit facility. The interest rate under the revolving credit facility varies depending on the interest rate option selected by the Company plus a margin determined in accordance with a pricing grid. We are exposed to market risk with respect to our cash and investment balances, which approximated $71.1 million at December 31, 2023. Assuming a hypothetical 10% decrease in interest rates, interest income from cash and investments would decrease on an annualized basis by approximately $0.3 million. Foreign Currency Risk We have foreign currency risks related to our revenue and operating expenses denominated in currencies other than the U.S. dollar, including Canadian dollar, New Zealand dollar, and Australian dollar. Increases and decreases in our foreign-denominated revenue from movements in foreign exchange rates are often partially offset by the corresponding decreases or increases in our foreign-denominated operating expenses. To the extent that our international operations grow, our risks associated with fluctuation in currency rates will become greater, and we will continue to assess our approach to managing this risk. In addition, currency fluctuations or a weakening U.S. dollar can increase the costs of our international operations. To date, we have not entered into any foreign currency hedging contracts although we may do so in the future. Investment Risk The Company’s investment policy and strategy is focused on investing in highly rated securities, with the objective of minimizing the potential risk of principal loss. The Company’s policy limits the amount of credit exposure to any single issuer and sets limits on the average portfolio maturity. We have an investment portfolio that includes strategic investments in privately held companies, which primarily include early-stage companies. We primarily invest in healthcare technology companies that we believe can help expand our ecosystem. We may continue to make these types of strategic investments as opportunities arise that we find attractive. We may experience additional volatility to our Consolidated Financial Statements due to changes in market prices, observable price changes, and impairments to our strategic investments. These changes could be material based on market conditions and events. The above market risk discussion and the estimated amounts presented are forward-looking statements of market risk assuming the occurrence of certain adverse market conditions. Actual results in the future may differ materially from those projected as a result of actual developments in the market. 37 Table of Contents Item 8. Financial Statements and Supplementary Data HEALTHSTREAM, INC. INDEX TO CONSOLIDATED FINANCIAL STATEMENTS Reports of Independent Registered Public Accounting Firm (PCAOB ID: 42) Consolidated Balance Sheets Consolidated Statements of Income Consolidated Statements of Comprehensive Income Consolidated Statements of Shareholders’ Equity Consolidated Statements of Cash Flows Notes to Consolidated Financial Statements 38 Page 39 41 42 43 44 45 46 Table of Contents Report of Independent Registered Public Accounting Firm To the Shareholders and the Board of Directors of HealthStream, Inc. Opinion on the Financial Statements We have audited the accompanying consolidated balance sheets of HealthStream, Inc. (the Company) as of December 31, 2023 and December 31, 2022, the related consolidated statements of income, comprehensive income, shareholders' equity and cash flows for each of the three years in the period ended December 31, 2023, and the related notes (collectively referred to as the “consolidated financial statements”). In our opinion, the consolidated financial statements present fairly, in all material respects, the financial position of the Company at December 31, 2023 and 2022, and the results of its operations and its cash flows for each of the three years in the period ended December 31, 2023, in conformity with U.S. generally accepted accounting principles. We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the Company's internal control over financial reporting as of December 31, 2023, based on criteria established in Internal Control—Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (2013 framework) and our report dated February 26, 2024 expressed an unqualified opinion thereon. Basis for Opinion These financial statements are the responsibility of the Company's management. Our responsibility is to express an opinion on the Company’s financial statements based on our audits. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB. We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether due to error or fraud. Our audits included performing procedures to assess the risks of material misstatement of the financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that our audits provide a reasonable basis for our opinion. Critical Audit Matter The critical audit matter communicated below is a matter arising from the current period audit of the financial statements that was communicated or required to be communicated to the audit committee and that: (1) relates to accounts or disclosures that are material to the financial statements and (2) involved our especially challenging, subjective or complex judgments. The communication of the critical audit matter does not alter in any way our opinion on the consolidated financial statements, taken as a whole, and we are not, by communicating the critical audit matter below, providing a separate opinion on the critical audit matter or on the accounts or disclosures to which it relates. Revenue Recognition Description of the Matter As described in Note 1 of the consolidated financial statements, the Company recognizes revenue when control of the promised goods or services is transferred to the customer in an amount that reflects the consideration the Company expects to be entitled in exchange for transferring those goods or services. The Company’s contracts with customers often contain promises for multiple goods and services. The Company accounts for the promised goods and services in its contracts as separate performance obligations if they are distinct. The transaction price is then allocated to the separate performance obligations on a relative standalone selling price basis. Auditing the Company’s accounting for revenue recognition was challenging due to the judgment and effort required to analyze the Company’s contracts to determine whether promised goods and services are distinct performance obligations and to determine stand-alone selling prices used to allocate the transaction price to those performance obligations. How We Addressed the Matter in Our Audit We obtained an understanding, evaluated the design and tested the operating effectiveness of controls over the Company's process to identify and evaluate performance obligations and determine the stand-alone selling prices used to allocate the transaction price to those performance obligations. Among other procedures to evaluate management’s identification and determination of the distinct performance obligations, we obtained an understanding of the Company’s various product and service offerings and tested the application of the revenue recognition accounting requirements to determine which performance obligations were distinct. To test management’s determination of relative standalone selling price for each performance obligation, we performed audit procedures that included, among others, assessing the methodology applied and testing the data underlying the Company’s calculations. We inspected a sample of customer contracts to assess management’s treatment of significant terms and tested the amounts recognized as revenue or recorded in deferred revenue. /s/ Ernst & Young LLP We have served as the Company’s auditor since 1998. Nashville, Tennessee February 26, 2024 39 Table of Contents Report of Independent Registered Public Accounting Firm To the Shareholders and the Board of Directors of HealthStream, Inc. Opinion on the Internal Control Over Financial Reporting We have audited HealthStream, Inc.’s internal control over financial reporting as of December 31, 2023, based on criteria established in Internal Control— Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (2013 framework) (the COSO criteria). In our opinion, HealthStream, Inc. (the Company) maintained, in all material respects, effective internal control over financial reporting as of December 31, 2023, based on the COSO criteria. We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the consolidated balance sheets of the Company as of December 31, 2023 and 2022, the related consolidated statements of income, comprehensive income, shareholders’ equity and cash flows for each of the three years in the period ended December 31, 2023, and the related notes and our report dated February 26, 2024 expressed an unqualified opinion thereon. Basis for Opinion The Company’s management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of internal control over financial reporting included in the accompanying Management’s Annual Report on Internal Control over Financial Reporting. Our responsibility is to express an opinion on the Company’s internal control over financial reporting based on our audit. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB. We conducted our audit in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our audit included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, testing and evaluating the design and operating effectiveness of internal control based on the assessed risk, and performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion. Definition and Limitations of Internal Control Over Financial Reporting A company’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company’s internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements. Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate. /s/ Ernst & Young LLP Nashville, Tennessee February 26, 2024 40 Table of Contents HEALTHSTREAM, INC. CONSOLIDATED BALANCE SHEETS (In thousands) Current assets: ASSETS Cash and cash equivalents Marketable securities Accounts receivable, net of allowance of $781 and $544 at December 31, 2023 and 2022, respectively Accounts receivable - unbilled Prepaid royalties, net of amortization Prepaid software maintenance and subscriptions Other prepaid expenses and other current assets $ Total current assets Property and equipment, net of accumulated depreciation of $19,503 and $20,280 at December 31, 2023 and 2022, respectively Capitalized software development, net of accumulated amortization of $127,009 and $105,025 at December 31, 2023 and 2022, respectively Operating lease right of use assets, net Goodwill Customer-related intangibles, net of accumulated amortization of $57,095 and $48,552 at December 31, 2023 and 2022, respectively Other intangible assets, net of accumulated amortization of $16,603 and $12,818 at December 31, 2023 and 2022, respectively Deferred commissions Non-marketable equity investments Other assets LIABILITIES AND SHAREHOLDERS’ EQUITY Total assets Current liabilities: Accounts payable Accrued royalties Accrued liabilities Deferred revenue Total current liabilities Deferred tax liabilities Deferred revenue, noncurrent Operating lease liability, noncurrent Other long-term liabilities Commitments and contingencies Shareholders’ equity: Common stock, no par value, 75,000 shares authorized; 30,298 and 30,579 shares issued and outstanding at December 31, 2023 and 2022, respectively Retained earnings Accumulated other comprehensive loss Total shareholders’ equity Total liabilities and shareholders’ equity $ $ $ See accompanying notes to the Consolidated Financial Statements. 41 December 31, 2023 December 31, 2022 40,333 $ 30,800 34,346 4,100 10,202 7,397 3,032 130,210 46,023 7,885 36,730 5,980 9,071 6,034 2,654 114,377 13,005 15,483 40,643 20,114 191,379 37,118 22,759 192,398 54,742 61,269 13,289 31,700 4,134 726 499,942 $ 7,465 $ 4,556 22,717 83,623 118,361 16,132 2,169 20,247 2,281 249,075 92,368 (691) 340,752 499,942 $ 20,284 28,344 4,518 1,191 497,741 7,287 5,443 25,014 79,469 117,213 17,996 2,937 23,321 2,210 254,832 80,213 (981) 334,064 497,741 Table of Contents HEALTHSTREAM, INC. CONSOLIDATED STATEMENTS OF INCOME (In thousands, except per share data) Revenues, net Operating costs and expenses: Cost of revenues (excluding depreciation and amortization) Product development Sales and marketing Other general and administrative expenses Depreciation and amortization Total operating costs and expenses Operating income Other income (loss), net Income before income tax provision Income tax provision Net income Net income per share: Basic Diluted Weighted average shares of common stock outstanding: Basic Diluted Dividends declared per share 2023 Year Ended December 31, 2022 2021 $ 279,063 $ 266,826 $ 256,712 95,021 45,540 45,743 35,664 41,076 263,044 91,143 44,277 44,146 36,866 37,945 254,377 16,019 12,449 2,492 3,136 18,511 3,298 15,213 $ 0.50 $ 0.50 $ 30,571 30,673 0.10 $ 15,585 3,494 12,091 $ 0.39 $ 0.39 $ 30,648 30,717 — $ 91,033 41,659 39,457 39,695 36,813 248,657 8,055 (289) 7,766 1,921 5,845 0.19 0.18 31,534 31,618 — $ $ $ $ See accompanying notes to the Consolidated Financial Statements. 42 Table of Contents HEALTHSTREAM, INC. CONSOLIDATED STATEMENTS OF COMPREHENSIVE INCOME (In thousands) Net income Other comprehensive income, net of taxes: Foreign currency translation adjustments Unrealized gain on marketable securities Total other comprehensive income (loss) Comprehensive income 2023 Year Ended December 31, 2022 2021 $ 15,213 $ 12,091 $ 5,845 283 7 290 15,503 $ (1,091) 4 (1,087) 11,004 $ 99 6 105 5,950 $ See accompanying notes to the Consolidated Financial Statements. 43 Table of Contents HEALTHSTREAM, INC. CONSOLIDATED STATEMENTS OF SHAREHOLDERS’ EQUITY (In thousands) Balance at December 31, 2020 Net income Comprehensive income Stock donated to Company (held in treasury) Stock-based compensation Common stock issued under stock plans, net of shares withheld for employee taxes Repurchase of common stock Balance at December 31, 2021 Net income Comprehensive loss Issuance of common stock in acquisition Stock-based compensation Common stock issued under stock plans, net of shares withheld for employee taxes Repurchase of common stock Balance at December 31, 2022 Net income Comprehensive income Dividends declared on common stock ($0.100 per share) Stock-based compensation Common stock issued under stock plans, net of shares withheld for employee taxes Excise tax on repurchase of common stock Repurchase of common stock Balance at December 31, 2023 Common Stock Shares Amount Retained Earnings Accumulated Other Comprehensive (Loss)/Income Total Shareholders’ Equity 31,493 $ — — (94) — 131 (203) 31,327 — — 209 — 95 (1,052) 30,579 — — — — 123 — (404) 30,298 $ 271,784 $ — — — 5,303 (1,182) (5,114) 270,791 — — 4,084 3,554 (565) (23,032) 254,832 — — — 4,153 (934) (47) (8,929) 249,075 $ 62,277 $ 5,845 — — — — — 68,122 12,091 — — — — — 80,213 15,213 — (3,058) — — — — 92,368 $ 1 $ — 105 — — — — 106 — (1,087) — — — — (981) — 290 — — — — — (691) $ 334,062 5,845 105 — 5,303 (1,182) (5,114) 339,019 12,091 (1,087) 4,084 3,554 (565) (23,032) 334,064 15,213 290 (3,058) 4,153 (934) (47) (8,929) 340,752 See accompanying notes to the Consolidated Financial Statements. 44 Table of Contents HEALTHSTREAM, INC. CONSOLIDATED STATEMENTS OF CASH FLOWS (In thousands) 2023 Year Ended December 31, 2022 2021 OPERATING ACTIVITIES: Net income Adjustments to reconcile net income to net cash provided by operating activities: $ 15,213 $ 12,091 $ Depreciation and amortization Stock-based compensation Amortization of deferred commissions Provision for credit losses Deferred income taxes (Gain) loss on disposal of fixed assets Loss on equity method investments Non-cash paid time off expense Change in fair value of non-marketable equity investments Other Changes in operating assets and liabilities: Accounts and unbilled receivables Prepaid royalties Other prepaid expenses and other current assets Deferred commissions Other assets Accounts payable and accrued expenses Accrued royalties Deferred revenue Net cash provided by operating activities INVESTING ACTIVITIES: Business combinations, net of cash acquired Proceeds from maturities of marketable securities Purchases of marketable securities Proceeds from sale of fixed assets Proceeds from sale of non-marketable equity investments Payments to acquire non-marketable equity investments Payments associated with capitalized software development Purchases of property and equipment Net cash used in investing activities FINANCING ACTIVITIES: Taxes paid related to net settlement of equity awards Payment of debt issue costs Repurchases of common stock Payment of cash dividends Net cash used in financing activities Effect of exchange rate changes on cash and cash equivalents Net (decrease) increase in cash and cash equivalents Cash and cash equivalents at beginning of period Cash and cash equivalents at end of period SUPPLEMENTAL CASH FLOW INFORMATION: Interest paid Income taxes paid (refunded) 41,076 4,153 11,495 1,021 (1,725) — 384 — (425) (891) 3,243 (1,131) (1,243) (14,852) 328 4,825 (887) 3,386 63,970 (6,621) 28,250 (50,268) — 47 — (25,806) (2,200) (56,598) (934) (118) (8,929) (3,058) (13,039) (23) (5,690) 46,023 40,333 $ 132 $ 2,611 $ 37,945 3,554 10,599 385 710 (25) 747 — (3,596) 3 (7,770) 84 2,329 (14,931) 208 3,742 406 4,707 51,188 (3,965) 10,625 (13,467) 26 3,494 — (23,334) (1,768) (28,389) (565) — (23,137) — (23,702) 21 (882) 46,905 46,023 $ 99 $ 718 $ $ $ $ See accompanying notes to the Consolidated Financial Statements. 45 5,845 36,813 5,303 9,169 723 1,539 21 462 (1,011) (279) 184 10,344 416 1,772 (13,274) 52 (4,329) (3,772) (7,593) 42,385 (4,705) 9,931 (5,223) — 1,370 (1,750) (21,929) (3,417) (25,723) (1,182) — (5,008) (19) (6,209) (114) 10,339 36,566 46,905 132 (92) Table of Contents HEALTHSTREAM, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS 1. SUMMARY OF SIGNIFICANT ACCOUNTING POLICIES Description of Business HealthStream, Inc. (the "Company") was incorporated in 1990 as a Tennessee corporation and is headquartered in Nashville, Tennessee. The Company primarily provides Software-as-a-Service ("SaaS") based applications for healthcare organizations—all designed to improve business and clinical outcomes by supporting the people who deliver patient care. The Company is focused on helping healthcare organizations meet their ongoing clinical development, talent management, training, education, assessment, competency management, safety and compliance, scheduling, and provider credentialing, privileging, and enrollment needs. The Company is organized and operated according to its One HealthStream approach, with its hStream technology platform at the center of that approach. Increasingly, SaaS-based applications in its diverse ecosystem of solutions utilize its proprietary hStream technology platform to enhance their value proposition by creating interoperability with and among other applications. Recognition of Revenue In accordance with Accounting Standards Codification ("ASC") 606, Revenue from Contracts with Customers, the Company's revenues are recognized when control of the promised goods or services is transferred to the customer in an amount that reflects the consideration the Company expects to be entitled in exchange for transferring those goods or services. Revenue is recognized based on the following five step model: • • • • • Identification of the contract with a customer Identification of the performance obligations in the contract Determination of the transaction price Allocation of the transaction price to the performance obligations in the contract Recognition of revenue when, or as, the Company satisfies a performance obligation Subscription revenues primarily consist of fees in consideration of providing customers access to one or more of its SaaS-based solutions and/or courseware subscriptions, as well as fees related to licensing agreements, all of which include routine customer support and technology enhancements. Revenue is generally recognized over time during the contract term beginning when the service is made available to the customer. Subscription contracts are generally non-cancelable, one to five years in length, and billed annually, semi-annually, quarterly, or monthly in advance. Professional services revenues primarily consist of fees for implementation and onboarding services, consulting, and training. The majority of professional services contracts are billed in advance based on a fixed price basis, and revenue is recognized over time as the services are performed. For both subscription services and professional services, the time between billing the customer and when performance obligations are satisfied is generally not significant. Contracts with customers often contain promises for multiple goods and services. For these contracts, the Company accounts for the promised goods and services in its contracts as separate performance obligations if they are distinct. The contract price, which represents transaction price when the contract reflects a fixed fee arrangement, or management’s estimate of variable consideration including application of the constraint when the contract does not have a fixed fee, is allocated to the separate performance obligations on a relative standalone selling price basis. The Company generally determines standalone selling prices based on the standard list price for each product, taking into consideration certain factors, including contract length and the number of subscriptions within the contract. The Company receives payments from customers based on billing schedules established in its contracts. Accounts receivable - unbilled represent contract assets related to its conditional right to consideration for subscription and professional services contracts where performance has occurred under the contract. Accounts receivable are primarily comprised of trade receivables that are recorded at the invoice amount, net of an allowance for credit losses, when the right to consideration becomes unconditional. Deferred revenue represents contract liabilities that are recorded when cash payments are received or are due in advance of satisfaction of performance obligations. 46 Table of Contents Basis of Presentation The Consolidated Financial Statements include the accounts of the Company and its wholly owned subsidiaries. All intercompany accounts and transactions have been eliminated in consolidation. Business Segments The Company’s chief operating decision maker ("CODM") is its Chief Executive Officer. Since January 1, 2023, the Company’s business has been organized and managed around a consolidated, enterprise approach, including with regard to technology, operations, accounting, internal reporting (including the nature of information reviewed by the CODM), organization structure, compensation, performance assessment, and resource allocation. The Company’s CODM uses consolidated financial information to make operating decisions, assess financial performance, and allocate resources. Discrete financial information to measure profitability is not prepared at any other level. Taking these factors into account, since January 1, 2023, the Company has a single reportable segment, such that the Company has presented historical financial information and comparable performance on a single segment basis in this Annual Report on Form 10-K for the year ended December 31, 2023. Use of Estimates The Consolidated Financial Statements are prepared in accordance with United States generally accepted accounting principles. These accounting principles require management to make estimates and assumptions that affect the amounts reported in the financial statements and accompanying notes. Actual results could differ from those estimates and such differences could be material to the Consolidated Financial Statements. Cash Equivalents The Company considers cash equivalents to be unrestricted, highly liquid investments with initial maturities of less than three months. Marketable Securities Marketable securities are classified as available for sale and are stated at fair market value, with the unrealized gains and losses, net of tax, reported in other accumulated comprehensive income (loss) on the accompanying Consolidated Balance Sheets. Realized gains and losses and declines in market value due to credit-related factors on investments in marketable securities are included in other income, net on the accompanying Consolidated Statements of Income. The cost of securities sold is based on the specific identification method. Interest and dividends on securities classified as available for sale are included in other income, net on the accompanying Consolidated Statements of Income. Premiums and discounts are amortized over the life of the related available for sale security as an adjustment to the yield using the effective interest method. Deferred Commissions Deferred commissions represent incremental costs to acquire contracts with customers, such as the sales commission payment and associated payroll taxes, which are capitalized and amortized consistent with the transfer of the goods or services to the customer over the expected period of benefit. Capitalized contract costs are included under the caption deferred commissions in the accompanying Consolidated Balance Sheets. The expected period of benefit is the contract term, except when the capitalized commission is expected to provide economic benefit to the Company for a period longer than the contract term, such as for new customer or incremental sales where renewals are expected and renewal commissions are not commensurate with initial commissions. Non-commensurate commissions are amortized over the greater of the contract term or technological obsolescence period of three years. Prepaid Royalties Prepaid royalties represent advance payments to business partners under revenue sharing arrangements for which the Company sells and delivers such partner products to its customers. Royalties are typically paid in advance at the commencement of the subscription period or periodically throughout the subscription period, such as in quarterly, bi-annual, or annual installments. Royalty payments are amortized over the term of the underlying subscription contracts, which generally range from one to five years, in order to match the direct royalty costs to the same period the subscription revenue is recognized. Amortization of prepaid royalties is included under the caption cost of revenues (excluding depreciation and amortization) in the accompanying Consolidated Statements of Income. 47 Table of Contents Allowance for Credit Losses The Company estimates its allowance for credit losses based on its historical collection experience, a review in each period of the aging status of the then- outstanding accounts receivable, and external market factors. Uncollectible receivables are written-off in the period management believes it has exhausted its ability to collect payment from the customer. Expected credit losses are recorded under the caption other general and administrative expenses in the accompanying Consolidated Statements of Income. Changes in the allowance for credit losses and the amounts charged to bad debt expense for the three years ended December 31, 2023 were as follows (in thousands): 2023 2022 2021 Allowance Balance at Beginning of Period Charged to Costs and Expenses Write-offs Allowance Balance at End of Period $ 544 $ 853 549 1,021 $ 385 723 (784) $ (694) (419) 781 544 853 Capitalized Software and Content Development Capitalized software and content development is stated on the basis of cost and is presented net of accumulated amortization. The Company capitalizes costs incurred during the development phase for projects to develop software and content. These assets are generally amortized using the straight-line method over three years. The Company capitalized $25.5 million and $23.8 million during 2023 and 2022, respectively. Amortization of capitalized software development was $22.0 million, $18.9 million, and $15.6 million during 2023, 2022, and 2021, respectively. Maintenance and operating costs are expensed as incurred. As of December 31, 2023 and 2022, there were no capitalized software development costs for external computer software developed for resale. Fair Value Measurements Fair value is defined as the price that would be received to sell an asset or paid to transfer a liability in the principal or most advantageous market in an orderly transaction between market participants at the measurement date. The fair value hierarchy prioritizes the inputs to valuation techniques used in measuring fair value. There are three levels to the fair value hierarchy based on the reliability of inputs, as follows: Level 1 – Observable inputs that reflect quoted prices (unadjusted) for identical assets or liabilities in active markets. Level 2 – Inputs other than quoted prices included in Level 1 that are observable for the asset or liability, either directly or indirectly. Level 3 – Unobservable inputs in which little or no market data exists, therefore requiring the Company to develop its own assumptions. The Company evaluates assets and liabilities subject to fair value measurements on a recurring basis to determine the appropriate level at which to classify them for each reporting period. This determination may require significant judgments to be made by the Company. At December 31, 2023 and 2022, the Company's assets measured at fair value on a recurring basis consisted of marketable securities, which are classified as available for sale (see Note 4 – Marketable Securities). Property and Equipment Property and equipment are stated on the basis of cost. Depreciation is provided on the straight-line method over the following estimated useful lives, except for leasehold improvements, which are amortized over the shorter of the estimated useful life or their respective lease term. Furniture and fixtures Equipment Goodwill Years 5 - 7 3 Goodwill represents the excess of purchase price in a business combination over the fair value of the net identifiable assets acquired, including intangible assets. The carrying amount of its goodwill is evaluated for impairment at least annually during the fourth quarter and whenever events or changes in facts or circumstances indicate that impairment may exist. In accordance with ASC 350, Intangibles – Goodwill and Other, companies may opt to first assess qualitative factors to determine whether it is more likely than not that the fair value of a reporting unit is less than its carrying amount. A qualitative assessment includes factors such as financial performance, industry and market metrics, and other factors affecting the reporting unit. If this assessment concludes that it is more likely than not that the fair value of a reporting unit exceeds its carrying value, then goodwill is not considered impaired and no further impairment testing is required. Conversely, if the qualitative assessment concludes that it is more likely than not that the fair value of a reporting unit is less than its carrying value, the Company must then compare the fair value of the reporting unit to its carrying value. The Company determines fair value of the reporting unit using both income and market-based models. These models require the use of various assumptions relating to cash flow projections, growth rates, discount rates, and terminal value calculations. There were no goodwill impairments identified or recorded for the years ended December 31, 2023, 2022, or 2021. 48 Table of Contents Intangible Assets The Company estimates fair values of intangible assets using the income and cost methods, which are based on management’s estimates and assumptions. As of December 31, 2023, intangible assets include customer relationships, internally developed technologies, non-competition agreements, and trade names. Intangible assets that are considered to have definite useful lives are being amortized on a straight-line basis over periods ranging between two and eighteen years. The weighted average amortization period for definite lived intangible assets as of December 31, 2023 was 11.7 years. Intangible assets considered to have indefinite useful lives are evaluated for impairment at least annually during the fourth quarter, and all intangible assets are reviewed for impairment whenever events or changes in facts or circumstances indicate that the carrying amount of the assets may not be recoverable. There were no intangible asset impairments identified or recorded for the years ended December 31, 2023, 2022, or 2021. Long-Lived Assets Long-lived assets to be held for use are reviewed for events or changes in facts and circumstances, both internally and externally, which may indicate that an impairment of long-lived assets held for use is present. Purchases of long-lived assets (including capitalized software and content development costs) totaled $27.3 million, $25.9 million, and $23.4 million for the years ended December 31, 2023, 2022, and 2021, respectively. The Company measures any impairment using observable market values or discounted future cash flows from the related long-lived assets. The cash flow estimates and discount rates incorporate management’s best estimates, using appropriate and customary assumptions and projections at the date of evaluation. Management periodically evaluates whether the carrying value of long-lived assets, including intangible assets, property and equipment, capitalized software development, deferred commissions, and other assets will be recoverable. There were no long-lived asset impairments identified or recorded for the years ended December 31, 2023, 2022, or 2021. Non-Marketable Equity Investments Non-marketable equity investments in limited liability companies with specific ownership accounts for each investor not resulting in a controlling financial interest are accounted for using the equity method of accounting. Non-marketable equity investments of preferred stock in corporations that do not result in a controlling financial interest are accounted for using the measurement alternative for equity investments that do not have readily determinable fair values. Accounting Standards Update ("ASU") 2016-01, Financial Instruments – Overall (Subtopic 825-10) requires equity investments (except those accounted for under the equity method of accounting or those that result in consolidation of the investee) to be measured at fair value with changes in fair value recognized in net income. The fair value of non-marketable equity investments is not estimated if there are no identified events or changes in circumstances that may have a significant adverse effect on the fair value of the investment. The proportionate share of income or loss from equity method investments and any changes in fair value of investments accounted for using the measurement alternative are recorded under the caption other income, net in the accompanying Consolidated Statements of Income. Financial Instruments The Company has various financial instruments, including cash and cash equivalents, accounts receivable, accounts receivable-unbilled, accounts payable, and accrued liabilities. The carrying amounts of these financial instruments approximate fair value because of the short-term maturity or short-term nature of such instruments. The Company also has marketable securities, which are recorded at approximate fair value based on quoted market prices or alternative pricing sources (see Note 4 – Marketable Securities) and non-marketable equity investments, which are recorded under the equity method or under the measurement alternative (see Note 15 - Non-Marketable Equity Investments). Advertising The Company expenses the costs of advertising as incurred. Advertising expense for the years ended December 31, 2023, 2022, and 2021 was $1.5 million, $1.9 million, and $1.9 million, respectively, and is included under the caption sales and marketing expense in the accompanying Consolidated Statements of Income. Shipping and Handling Costs Shipping and handling costs that are associated with delivering products and services are included under the caption cost of revenues (excluding depreciation and amortization) in the accompanying Consolidated Statements of Income. 49 Table of Contents Income Taxes Income taxes are accounted for using the asset and liability method, whereby deferred tax assets and liabilities are determined based on the temporary differences between the financial statement and tax bases of assets and liabilities measured at tax rates that will be in effect for the year in which the differences are expected to affect taxable income. Management evaluates all available evidence, both positive and negative, to determine whether, based on the weight of that evidence, a valuation allowance is needed. Future realization of the tax benefit of an existing deductible temporary difference or carryforward ultimately depends on the existence of sufficient taxable income of the appropriate character within the carryback or carryforward period available under the tax law. There are four possible sources of taxable income that may be available under the tax law to realize a tax benefit for deductible temporary differences and carryforwards: 1) future reversals of existing taxable temporary differences, 2) future taxable income exclusive of reversing temporary differences and carryforwards, 3) taxable income in prior carryback year(s) if carryback is permitted under the tax law, and 4) tax-planning strategies that would, if necessary, be implemented to realize deductible temporary differences or carryforwards prior to their expiration. Management reviews the realizability of its deferred tax assets each reporting period to identify whether any significant changes in circumstances or assumptions have occurred that could materially affect the realizability of deferred tax assets. As of December 31, 2023, the Company had established a valuation allowance of $2.0 million for the portion of its net deferred tax assets that are not more likely than not expected to be realized. The Company accounts for income tax uncertainties using a more-likely-than-not recognition threshold based on the technical merits of the tax position taken. Tax positions that meet the more- likely-than-not recognition threshold are measured in order to determine the tax benefit to be recognized in the financial statements. Earnings per Share Basic earnings per share is computed by dividing the net income available to common shareholders for the period by the weighted average number of common shares outstanding during the period. Diluted earnings per share is computed by dividing the net income for the period by the weighted average number of common and common equivalent shares outstanding during the period. Common equivalent shares are composed of incremental common shares issuable upon the exercise of stock options and restricted share units subject to vesting. The dilutive effect of common equivalent shares is included in diluted earnings per share by application of the treasury stock method. Common equivalent shares that have an anti-dilutive effect on diluted net income per share are excluded from the calculation of diluted weighted average shares outstanding. Concentrations of Credit Risk and Significant Customers The Company’s credit risks relate primarily to cash and cash equivalents, marketable securities, and accounts receivable. The Company places its temporary excess cash in high quality, short-term money market instruments. At times, such investments may be in excess of the FDIC insurance limits. Marketable securities consist primarily of U.S. treasuries. The Company sells its products and services to various companies in the healthcare industry that are primarily located in the United States. Customer credit worthiness evaluations are performed on an as-needed basis, and the Company generally requires no collateral from customers. An allowance for credit losses is maintained for potentially uncollectible accounts receivable. The Company did not have any single customer representing over 10% of net revenues or accounts receivable during or as of the years ended December 31, 2023, 2022, or 2021, respectively. Stock-Based Compensation As of December 31, 2023, the Company maintained two stock-based compensation plans under which awards are outstanding, as described in Note 10. The Company accounts for stock-based compensation using the fair-value based method for costs related to share-based payments, including stock options and restricted share units. The Company uses the Black Scholes option pricing model for calculating the fair value of option awards issued under its stock- based compensation plans. The Company measures compensation cost of restricted share units based on the closing fair market value of the Company’s stock on the date of grant. Stock-based compensation cost is measured at the grant date, based on the fair value of the award that is ultimately expected to vest, and is recognized as an expense over the requisite service period. The Company recognizes tax benefits or deficiencies from stock-based compensation if an excess tax benefit or deficiency is realized. Excess tax benefits and deficiencies are reflected in the Consolidated Statements of Income as a component of the provision for income taxes when realized. Leases The Company has several non-cancelable agreements to lease office space. For leases with a lease term greater than 12 months, the Company recognizes a right-of-use ("ROU") asset and a lease liability on the balance sheet at the lease commencement date. Lease liabilities and their corresponding ROU assets are recorded based on the present value of the future lease payments over the expected lease term. The Company does not have any lease contracts that contain: (1) an option to extend that the Company is reasonably certain to exercise, (2) an option to terminate that the Company is reasonably certain not to exercise, or (3) an option to extend (or not to terminate) in which exercise of the option is controlled by the lessor. Additionally, the Company does not have any leases with residual value guarantees or material restrictive covenants. Most of the Company’s lease agreements contain provisions for escalating rent payments over the terms of the leases, which escalations are either fixed within the contract or are variable based on the consumer price index. The Company’s leases do not contain readily determinable implicit discount rates, and as such the Company must use its incremental borrowing rate to discount the future lease payments based on information available at lease commencement. The incremental borrowing rate was estimated by determining the rate of interest that the Company would have to pay to borrow on a collateralized basis over a similar term an amount equal to the lease payments in a similar economic environment. 50 Table of Contents Foreign Currency The functional currency for the Company’s subsidiaries is determined based on the primary economic environment in which the subsidiary operates. The Company translates the assets and liabilities of its non-U.S. dollar functional currency subsidiaries into U.S. dollars using exchange rates in effect at the end of each period. Revenues and expenses for these subsidiaries are translated using rates that approximate those in effect during the period. Gains and losses from these translations are recognized as cumulative translation adjustments included in accumulated other comprehensive income in the Consolidated Balance Sheets. Recently Issued Accounting Pronouncements Not Yet Adopted In November 2023, the Financial Accounting Standards Board ("FASB") issued ASU 2023-07, Segment Reporting (Topic 280): Improvements to Reportable Segment Disclosures. The new guidance requires disclosures of significant reportable segment expenses that are regularly provided to the CODM and other segment items on an interim and annual basis. Entities with a single reportable segment will also be required to apply the disclosure requirements in ASU 2023-07 on an interim and annual basis. The ASU will be effective for annual periods beginning after December 15, 2023, and interim periods within fiscal years beginning after December 15, 2024. Early adoption of the ASU is permitted and should be applied retrospectively to all prior periods presented in the financial statements. The Company is currently evaluating the impact of adopting ASU 2023-07 and expects to adopt this ASU for the year ending December 31, 2024. In December 2023, the FASB issued ASU 2023-09, Income Taxes (Topic 740): Improvements to Income Tax Disclosures, which requires public entities to provide disclosure of disaggregated information in the entity’s tax rate reconciliation, as well as disclosure of income taxes paid disaggregated by jurisdiction. The ASU is effective for fiscal years beginning after December 15, 2024, with early adoption permitted. The Company is currently evaluating the impact of adopting this ASU. 2. SHAREHOLDERS’ EQUITY Common Stock The Company is authorized to issue up to 75 million shares of common stock. The number of common shares issued and outstanding as of December 31, 2023 and 2022 was 30.3 million and 30.6 million, respectively. Preferred Stock The Company is authorized to issue up to 10 million shares of preferred stock in one or more series, having the relative voting powers, designations, preferences, rights and qualifications, limitations or restrictions, and other terms as the Board of Directors may fix in providing for the issuance of such series, without any vote or action of the shareholders. As of December 31, 2023 and 2022, there were no shares of preferred stock issued or outstanding. Dividends on Common Stock On February 20, 2023, the Company's Board of Directors ("Board") approved a quarterly cash dividend policy, marking the first dividend policy adopted by the Company ("Dividend Policy"). During the year ended December 31, 2023, the Board declared the following quarterly dividends under the Dividend Policy: Dividend Dividend Declaration Payment Date Date February April 28, 20, 2023 2023 April 24, June 23, 2023 2023 July 24, September 2023 29, 2023 October 23, December 22, 2023 2023 Total dividends $ $ Dividend Per Share Record Date Cash Outlay 0.025 April 17, 2023 0.025 June 12, 2023 0.025 September 18, 2023 0.025 December 11, 2023 0.10 $ $ 767,000 767,000 767,000 757,000 3,058,000 Additionally, on February 19, 2024, the Board approved the Company’s first quarter 2024 cash dividend of $0.028 per share, payable on March 22, 2024 to holders of record on March 11, 2024. Share Repurchase Plan On November 30, 2021, the Company's Board of Directors authorized a share repurchase program to repurchase up to $20.0 million of the Company's outstanding shares of common stock. This share repurchase program concluded on March 8, 2022, when the maximum dollar amount authorized under the program was expended. Under this program, the Company repurchased a total of 853,023 shares through open market purchases at an aggregate value of $20.0 million, reflecting an average price per share of $23.45 (excluding the cost of broker commissions). During the year ended December 31, 2022, the Company repurchased 649,739 shares pursuant to this share repurchase program at an aggregate fair value of $14.9 million, based on an average price per share of $22.92 (excluding the cost of broker commissions). 51 Table of Contents On March 14, 2022, the Company's Board of Directors approved an expansion of the Company's share repurchase program by authorizing the repurchase of up to an additional $10.0 million of the Company's outstanding shares of common stock. The share repurchase expired on March 13, 2023. During the year ended December 31, 2022, the Company repurchased 402,050 shares at an aggregate fair value of $8.1 million, reflecting an average price per share of $20.19 (excluding the cost of broker commissions). No repurchases occurred under this share repurchase program during the year ended December 31, 2023. On September 13, 2023, the Company announced that the Board authorized a share repurchase program to repurchase up to $10.0 million of the Company's outstanding shares of common stock. The share repurchase program is scheduled to terminate on the earlier of March 31, 2024, or when the maximum dollar amount has been expended. During the year ended December 31, 2023, the Company repurchased 404,188 shares at an aggregate fair value of $8.9 million, reflecting an average price per share of $22.07 (excluding the cost of broker commissions). 3. EARNINGS PER SHARE The following table sets forth the computation of basic and diluted earnings per share for the three years ended December 31, 2023 (in thousands, except per share amounts): Numerator: Net income Denominator: Weighted-average shares outstanding Effect of dilutive shares Weighted-average diluted shares Net income per share: Basic Diluted 2023 Year Ended December 31, 2022 2021 $ 15,213 $ 12,091 $ 30,571 102 30,673 0.50 $ 0.50 $ 30,648 69 30,717 0.39 $ 0.39 $ $ $ 5,845 31,534 84 31,618 0.19 0.18 Potentially dilutive shares representing 252,000, 183,000, and 78,000 shares of common stock for the years ended December 31, 2023, 2022, and 2021, respectively, were excluded from the calculation of diluted earnings per share because their effect would have been anti-dilutive. 4. MARKETABLE SECURITIES At December 31, 2023 and 2022, the fair value of marketable securities, which were all classified as available for sale, included the following (in thousands): Level 2: U.S. government debt securities Total Level 2: U.S. government debt securities Total Adjusted Cost December 31, 2023 Unrealized Gains Unrealized Losses Fair Value $ $ 30,791 $ 30,791 $ 10 $ 10 $ (1) $ (1) $ 30,800 30,800 Adjusted Cost December 31, 2022 Unrealized Gains Unrealized Losses Fair Value $ $ 7,882 $ 7,882 $ 3 $ 3 $ — $ — $ 7,885 7,885 The carrying amounts of the marketable securities reported in the Consolidated Balance Sheets approximate fair value based on quoted market prices or alternative pricing sources and models utilizing market observable inputs. As of December 31, 2023 and 2022, the Company did not recognize any allowance for credit impairments on its available for sale debt securities. All investments in marketable securities are classified as current assets on the Consolidated Balance Sheets because the underlying securities mature within one year from the balance sheet date. 52 Table of Contents 5. REVENUE RECOGNITION AND SALES COMMISSIONS Revenue Recognition Revenues are recognized when control of the promised goods or services is transferred to the customer in an amount that reflects the consideration the Company expects to be entitled in exchange for transferring those goods or services. The following table represents revenues disaggregated by revenue source for the three years ended December 31, 2023, 2022, and 2021 (in thousands). Sales taxes are excluded from revenues. Subscription services Professional services Total revenues, net 2023 Year Ended December 31, 2022 2021 $ $ 267,935 $ 11,128 279,063 $ 253,960 $ 12,866 266,826 $ 243,617 13,095 256,712 For the years ended December 31, 2023, 2022, and 2021, the Company recognized $1.0 million, $0.4 million, and $0.7 million, respectively, in impairment losses on receivables and contract assets arising from contracts with customers. During the years ended December 31, 2023, 2022, and 2021, the Company recognized revenues of $79.6 million, $71.4 million, and $62.3 million, respectively, from amounts included in deferred revenue at the beginning of the respective period. As of December 31, 2023, $541 million of revenue is expected to be recognized from remaining performance obligations under contracts with customers. The Company expects to recognize revenue on approximately 42% of these remaining performance obligations over the 12 months ending December 31, 2024, with the remaining amounts recognized thereafter. Sales Commissions Sales commissions earned by the Company's sales employees are considered incremental and recoverable costs of obtaining a contract with a customer. The Company recorded amortization of deferred commissions of $11.5 million, $10.6 million, and $9.2 million for the years ended December 31, 2023, 2022, and 2021, respectively, which is included in sales and marketing expenses in the accompanying Consolidated Statements of Income. 6. PROPERTY AND EQUIPMENT Property and equipment consist of the following (in thousands): Equipment Leasehold improvements Furniture and fixtures Gross property and equipment Accumulated depreciation and amortization Property and equipment, net December 31, 2023 2022 12,541 $ 14,937 5,030 32,508 (19,503) 13,005 $ 15,843 14,937 4,983 35,763 (20,280) 15,483 $ $ Depreciation of property and equipment totaled $4.2 million, $4.5 million, and $6.3 million for the years ended December 31, 2023, 2022, and 2021, respectively. 53 Table of Contents 7. GOODWILL AND INTANGIBLE ASSETS The changes in the carrying amount of goodwill for the years ended December 31, 2023 and 2022 are as follows (in thousands): Balance at January 1, 2023 Post-closing adjustment for eeds Effect of exchange rate changes Balance at December 31, 2023 Balance at January 1, 2022 Acquisition of CloudCME Acquisition of eeds Post-closing adjustment for ANSOS Post-closing adjustment for ComplyALIGN Post-closing adjustment for Rievent Effect of exchange rate changes Balance at December 31, 2022 2023 192,398 (1,305) 286 191,379 2022 182,501 6,819 3,568 267 40 46 (843) 192,398 $ $ $ $ Intangible assets other than goodwill that are considered to have finite useful lives include customer-related intangibles consisting of customer relationships, which are amortized over their estimated useful lives ranging from eight to eighteen years, and other intangible assets consisting of developed technology, non-competition agreements, and trade names, which are amortized over their estimated useful lives ranging from two to ten years. The Company also previously recorded an indefinite lived intangible for a trade name valued at $0.7 million. However, in January 2023, the Company reassessed the future expected use of the indefinite lived trade name such that beginning in 2023, it is being amortized over a ten year remaining useful life and is therefore included in the future annual amortization expense table below. Amortization of intangible assets was $14.9 million, $14.5 million, and $14.9 million for the years ended December 31, 2023, 2022, and 2021, respectively. Identifiable intangible assets are comprised of the following (in thousands): Customer related Other Total As of December 31, 2023 Accumulated Amortization Gross Amount As of December 31, 2022 Accumulated Amortization Net (57,095) $ (16,603) (73,698) $ 54,742 $ 13,289 68,031 $ 109,821 $ 33,102 142,923 $ (48,552) $ (12,818) (61,370) $ Gross Amount $ 111,837 $ 29,892 141,729 $ $ The expected future annual amortization expense for the years ending December 31, is as follows (in thousands): 2024 2025 2026 2027 2028 Thereafter Total $ $ 54 Net 61,269 20,284 81,553 13,348 12,528 9,453 8,669 5,472 18,561 68,031 Table of Contents 8. BUSINESS COMBINATIONS On May 18, 2022 , the Company acquired the remaining ownership interest (representing approximately 82% of the outstanding equity interests) of CloudCME, LLC ("CloudCME"), a Nashville-based healthcare technology company offering a SaaS-based application for managing all aspects of continuing education ("CME/CE") within a healthcare organization, for approximately $4.0 million in cash and $4.1 million in shares of HealthStream's common stock issued through a private placement at closing. The Company previously held a minority interest in CloudCME of approximately 18%. Acquisition-related transaction costs were $0.1 million. The acquisition is not considered material to the Company’s financial statements. The Company accounted for the acquisition as a business combination and has allocated the purchase consideration based on management’s estimates of fair value. Net assets acquired were $9.6 million. Based on the fair value of assets acquired and liabilities assumed, including intangible assets of $3.8 million, goodwill of $6.8 million was established. The results of operations for CloudCME are included in the Company’s Consolidated Financial Statements from the date of acquisition. On December 31, 2022, the Company acquired substantially all of the assets of Electronic Education Documentation System, LLC (d/b/a eeds) ("eeds"), an Asheville, North Carolina-based healthcare technology company offering a SaaS-based CME/CE management application for healthcare organizations, for approximately $6.6 million in cash, reflecting customary purchase price adjustments made to the purchase price paid of $7.0 million. The purchase price was included in accrued liabilities in the Company's Consolidated Balance Sheet as of December 31, 2022 and was paid in January 2023. Of the purchase price paid at closing, $0.6 million is being held in escrow for a period of time following the closing to serve as a source of recovery for certain potential indemnification claims by the Company. Acquisition-related transaction costs were $0.1 million. The acquisition is not considered material to the Company’s financial statements. The Company accounted for the acquisition as a business combination and has allocated the purchase consideration based on management’s estimates of fair value. Net assets acquired were $6.6 million. Based on the fair value of assets acquired and liabilities assumed, including intangible assets of $4.7 million, goodwill of $2.3 million was established. The results of operations for eeds are included in the Company’s Consolidated Financial Statements from the date of acquisition. 55 Table of Contents 9. INCOME TAXES Components of earnings before income taxes are as follows (in thousands): United States Foreign Earnings before income taxes The provision for income taxes is comprised of the following (in thousands): Current federal Current state Current foreign Deferred federal Deferred state Deferred foreign Provision for income taxes 2023 Year Ended December 31, 2022 2021 18,472 $ 39 18,511 $ 15,777 $ (192) 15,585 $ 2023 Year Ended December 31, 2022 2021 4,066 $ 942 15 (1,493) (214) (18) 3,298 $ 1,972 $ 923 (110) 495 239 (25) 3,494 $ 8,006 (240) 7,766 5 406 (29) 926 699 (86) 1,921 $ $ $ $ A reconciliation of income taxes at the statutory federal income tax rate to the provision for income taxes included in the accompanying Consolidated Statements of Income is as follows (in thousands): Federal tax provision at the statutory rate State income tax provision, net of federal benefit Tax credits Change in valuation allowance Adjustments for prior year taxes Changes in uncertain tax positions Other Provision for income taxes 2023 Year Ended December 31, 2022 2021 $ $ 3,887 $ 528 (1,197) 3 (19) 167 (71) 3,298 $ 3,274 $ 975 (1,227) 51 (261) 767 (85) 3,494 $ 1,631 1,297 (717) (272) (13) (10) 5 1,921 Management periodically assesses the realizability of its deferred tax assets, and to the extent that a recovery is not likely, a valuation allowance is established to reduce the deferred tax asset to the amount estimated to be recoverable. At December 31, 2023, the Company has a valuation allowance of $2.0 million recorded against deferred tax assets for state net operating losses and certain foreign deferred tax assets. As of December 31, 2023, the Company had federal, state, and foreign net operating loss carryforwards of $3.3 million, $9.0 million, and $8.4 million, respectively. Certain losses have an indefinite carryforward period, while other loss carryforwards will expire in years 2030 through 2043. A portion of the net operating loss carryforwards are subject to annual limitations under Internal Revenue Code Section 382. The annual limitations could result in the expiration of net operating loss and tax credit carryforwards before they are fully utilized. The Company is subject to income taxation at the federal, foreign, and various state levels. The Company is under examination by the Internal Revenue Service for the 2018 tax year, and it has agreed to finalization of this examination and does not expect the adjustment to exceed the uncertain tax position previously recorded. The Company is no longer subject to U.S. federal tax examinations for tax years before 2020, and with few exceptions, the Company is not subject to examination by foreign or state tax authorities for tax years which ended before 2020. Loss carryforwards and credit carryforwards generated or utilized in years earlier than 2020 are also subject to examination and adjustment. 56 Table of Contents A reconciliation of the beginning and ending liability for gross unrecognized tax benefits are as follows (in thousands): Balance at beginning of year Additions for tax positions in current year Reductions for tax positions of prior years Balance at end of year December 31, 2023 2022 1,036 $ 298 (174) 1,160 $ 300 743 (7) 1,036 $ $ Upon reaching the final determination of the 2018 IRS examination, which resulted in a reduction to the research & development tax credit for 2018, the Company evaluated its research & development credit realizability for all open tax years. Taking into consideration the subjectivity of this credit qualification, the Company increased the reserve for uncertain tax positions by $0.1 million during the current year. The Company recognized $43,000 and $31,000 for interest and penalties related to unrecognized tax benefits within the provision for income taxes during the years ended December 31, 2023 and 2022, respectively. Unrecognized tax benefits included tax positions of $1.2 million and $1.0 million for the years ended December 31, 2023 and 2022, respectively, that if recognized would impact the Company’s effective tax rate. Deferred federal and state income taxes reflect the net tax effects of temporary differences between the carrying amounts of assets and liabilities for financial reporting purposes and the amounts used for income tax purposes. Significant components of deferred tax assets and deferred tax liabilities are as follows (in thousands): Deferred tax assets: Allowance for credit losses Accrued liabilities Lease liability Tax credits Stock-based compensation Deferred revenue Net operating loss carryforwards Total deferred tax assets Less: Valuation allowance Deferred tax assets, net of valuation allowance Deferred tax liabilities: Deductible goodwill Nondeductible intangible assets Right of use assets Prepaid assets Capitalized software development Depreciation Basis difference on investments Total deferred tax liabilities Net deferred tax liabilities December 31, 2023 2022 $ 202 $ 1,013 5,931 467 1,161 628 3,282 12,684 (1,992) 10,692 6,829 2,087 5,130 10,285 181 1,914 151 26,577 $ 15,885 $ 142 1,111 6,896 362 1,064 653 4,069 14,297 (1,947) 12,350 5,691 2,878 6,001 9,302 3,415 2,548 128 29,963 17,613 The Company realized $0.1 million of excess tax deductions related to stock-based awards during the year ended December 31, 2023, which was reflected in the statement of income as a component of the provision for income taxes. 57 Table of Contents 10. STOCK-BASED COMPENSATION Stock Incentive Plan The Company has outstanding stock-based awards under its 2016 Omnibus Incentive Plan ("2016 Plan") and 2022 Omnibus Incentive Plan ("2022 Plan") (collectively, the "2016 Plan" and "2022 Plan", referred to as the "Plans"). The 2022 Plan authorizes the grant of options, restricted share units ("RSUs"), or other forms of stock-based compensation to employees, officers, directors, and others, and such grants must be approved by the Compensation Committee of the Board of Directors. The 2022 Plan allows the Compensation Committee of the Board of Directors to determine the vesting period and parameters of each grant. The vesting period of the options and RSUs granted has historically included annual vesting over a period of up to five years, generally beginning one year after the grant date. As of December 31, 2023, 1,061,235 shares of common stock were available to be granted under the 2022 Plan. Stock Option Activity A summary of activity relative to stock options for the year ended December 31, 2023 is as follows (in thousands, except weighted-average exercise price). Outstanding at beginning of period Granted Exercised Expired Forfeited Outstanding at end of period Exercisable at end of period Common Shares Weighted- Average Exercise Price Aggregate Intrinsic Value 90 $ — — — — 90 $ 59 $ 20.34 — — — — 20.34 $ 20.34 $ 602 391 The aggregate intrinsic value for stock options in the table above represents the total difference between the Company’s closing stock price on December 29, 2023 (the last trading day of the year) of $27.03 per share and the option exercise price, multiplied by the number of in-the money options as of December 31, 2023. The weighted average remaining contractual term of options outstanding at December 31, 2023 was 7 years. Restricted Share Unit Activity A summary of activity relative to RSUs for the year ended December 31, 2023 is as follows (in thousands, except weighted-average grant date fair value): Outstanding at beginning of period Granted Vested Forfeited Outstanding at end of period Number of RSU’s Weighted- Average Grant Date Fair Value Aggregate Intrinsic Value 532 $ 268 (159) (22) 619 $ 22.49 24.67 23.55 23.63 23.12 $ 16,727 The aggregate fair value of RSUs that vested during the year ended December 31, 2023 and 2022, as of the respective vesting dates, was $3.8 million and $3.1 million, respectively. A portion of RSUs that vested in 2023 and 2022 were net-share settled such that the Company withheld shares with value equivalent to the employees’ minimum statutory obligation for the applicable income and other employment taxes and remitted the cash to the appropriate taxing authorities. The total shares withheld for taxes during 2023 and 2022 were 36,000 and 28,000, respectively, and were based on the value of the RSUs on their respective settlement dates as determined by the Company’s closing stock price. Total payments related to RSUs for the employees’ tax obligations to taxing authorities were $0.9 million in 2023, $0.6 million in 2022, and $0.5 million in 2021, and are reflected as a financing activity within the Consolidated Statements of Cash Flows. 58 Table of Contents Stock-Based Compensation Total stock-based compensation expense recorded in the Consolidated Statements of Income for the years ended December 31, is as follows (in thousands): Cost of revenues (excluding depreciation and amortization) Product development Sales and marketing Other general and administrative Total stock-based compensation expense 2023 Years Ended December 31, 2022 2021 183 $ 692 485 2,793 4,153 $ 155 $ 608 239 2,552 3,554 $ 944 1,164 759 2,436 5,303 $ $ The Company amortizes the fair value of all stock-based awards, net of estimated forfeitures, on a straight-line basis over the requisite service period, which generally is the vesting period. As of December 31, 2023, total unrecognized compensation expense related to non-vested stock options and RSUs was $6.5 million, net of estimated forfeitures, with a weighted average expense recognition period remaining of 2.5 years. The Company realized $0.1 million of excess tax deductions related to stock-based awards during the year ended December 31, 2023, which was reflected in the Consolidated Statement of Income as a component of the provision for income taxes. Stock Awards During December 2021, the Company’s Chief Executive Officer, Robert A. Frist, Jr., contributed 86,494 of his personally owned shares of HealthStream, Inc. common stock (valued at $2.25 million) to the Company, without any consideration paid to him, for the benefit of the Company’s employees. In connection therewith, effective December 29, 2021 the Company approved the award of 86,494 fully vested shares of common stock to over 1,000 employees of the Company under the HealthStream, Inc. 2016 Omnibus Incentive Plan. These shares were issued in December 2021. As required by ASC Topic 718, Compensation – Stock Compensation, ("ASC 718") the Company recognized $2.25 million of stock-based compensation expense for these stock awards during the three months ended December 31, 2021 based on the closing fair market value of the Company’s stock on the date of the Company’s approval of these grants. Total payments related to the employees’ tax obligations to taxing authorities for these stock awards were $0.7 million and are reflected as a financing activity within the Consolidated Statement of Cash Flows for 2021. In addition, the employer taxes and expenses associated with these grants were $0.2 million and were recorded as an expense during December 2021. Mr. Frist contributed an additional 7,113 of his personally owned shares to cover these costs. The receipt of shares from Mr. Frist in connection with the withholding of shares as set forth above are presented on the Company’s Statement of Shareholders’ Equity in a similar manner as a share repurchase (i.e., reduction of outstanding shares). 11. EMPLOYEE BENEFIT PLAN 401(k) Plan The Company has a defined-contribution employee benefit plan (401(k) Plan) incorporating provisions of Section 401(k) of the Internal Revenue Code. Employees must have attained the age of 21 and have completed thirty days of service to be eligible to participate in the 401(k) Plan. Under the provisions of the 401(k) Plan, a plan member may make contributions, on a tax-deferred basis, subject to IRS limitations. The Company elected to provide eligible employees with matching contributions totaling $1.6 million, $1.5 million, and $2.0 million for the years ended December 31, 2023, 2022, and 2021, respectively. 59 Table of Contents 12. DEBT At December 31, 2023 and 2022, the Company had no debt outstanding. Revolving Credit Facility On October 6, 2023, the Company entered into an Amended and Restated Revolving Credit Agreement ("Revolving Credit Facility"), amending the Revolving Credit Facility dated as of November 24, 2014, as amended, with certain lenders party thereto from time to time, and Truist, as Administrative Agent for the lenders. Under the Revolving Credit Facility, the Company may borrow up to $50.0 million, which includes a $5.0 million swingline sub- facility and a $5.0 million letter of credit sub-facility, as well as an accordion feature that allows the Company to increase the Revolving Credit Facility by a total of up to $25.0 million, subject to securing additional commitments from existing lenders or new lending institutions. The Revolving Credit Facility has a maturity date of October 6, 2026. The Company's obligations under the Revolving Credit Facility are unsecured. In addition, if the Company forms or acquires any domestic subsidiaries, the loans and other obligations under the Revolving Credit Facility will be guaranteed by such domestic subsidiaries. At the Company’s election, the borrowings under the Revolving Credit Facility, other than the swingline loans, bear interest at either (1) a base rate defined as the highest of (a) the rate which the Administrative Agent announces from time to time as its prime lending rate, as in effect from time to time, or (b) the Federal Funds Rate, as in effect from time to time, plus one-half of one percent (0.50%) per annum (any changes in such rates to be effective as of the date of any change in such rate), plus in each case an applicable margin that varies with the company’s funded debt leverage ratio; or (2) a term secured overnight financing rate (“SOFR”) defined as the greater of (a)(i) the forward-looking term rate based on SOFR determined as of the reference time for such interest period with a term equivalent to such interest period plus (ii) a term SOFR adjustment equal to 0.10% per annum and (b) zero, plus, in each case, an applicable margin that varies with the Company’s consolidated total leverage ratio. The Company’s borrowings under the swingline loans bear interest at the base rate plus the applicable margin. The initial applicable margin for base rate loans is 0.50% and the initial applicable margin SOFR loans is 1.50%. The applicable margins will be adjusted quarterly, in each case two (2) business days after the Administrative Agent's receipt of the Company's quarterly financial statements. The Company is also required to pay a commitment fee accruing on the unused revolving commitment, which fee initially is 20 basis points per annum and a letter of credit fee, accruing at a rate per annum equal to the applicable margin for SOFR loans then in effect on the daily average amount of such lender’s letter of credit exposure. Principal is payable in full at maturity on October 6, 2026, and there are no scheduled principal payments prior to maturity. Interest on base rate loans and swingline loans is payable quarterly in arrears, and interest on SOFR loans is payable at the end of each interest period, and in the case of interest periods longer than three months, on each day which occurs every three months after the initial date of such interest period. The purpose of the Revolving Credit Facility is for general working capital needs, permitted acquisitions (as defined in the Amended and Restated Revolving Credit Agreement), and for stock repurchase and/or redemption transactions that the Company may authorize. In addition, the Revolving Credit Facility requires the Company to meet certain financial tests, including, without limitation: • • a funded debt leverage ratio (consolidated debt/consolidated EBITDA) of not greater than 3.0 to 1.0; and an interest coverage ratio (consolidated EBITDA/consolidated interest expense) of not less than 3.0 to 1.0. In addition, the Revolving Credit Facility contains certain customary affirmative and negative covenants that, among other things, restrict additional indebtedness, liens and encumbrances, changes to the character of the Company’s business, acquisitions, asset dispositions, mergers and consolidations, sale or discount of receivables, creation or acquisitions of additional subsidiaries, and other matters customarily restricted in such agreements. As of December 31, 2023, the Company was in compliance with all covenants. There were no balances outstanding on the Revolving Credit Facility as of December 31, 2023 and there were no borrowings under the Revolving Credit Facility during the year ended December 31, 2023. 60 Table of Contents 13. LEASES The Company’s operating lease expense as presented in other general and administrative expense in the Consolidated Statements of Income was $4.6 million, $4.3 million, and $5.5 million for the twelve months ended December 31, 2023, 2022, and 2021, respectively. Cash paid for amounts included in the measurement of operating lease liabilities was $4.4 million and $4.7 million for the years ended December 31, 2023 and 2022, respectively. As of December 31, 2023, the weighted-average remaining lease term was 7.3 years, and the weighted-average incremental borrowing rate was 6%. As of December 31, 2023, the Company did not have any leases that had not yet commenced. The table below presents the lease-related assets and liabilities recorded on the Consolidated Balance Sheets as of December 31, 2023 and 2022 (in thousands). Assets Operating lease right-of-use assets Total leased assets Liabilities Operating lease liabilities, current Operating lease liabilities, noncurrent Total operating lease liabilities Classification Operating lease right of use assets, net Accounts payable and accrued expenses Operating lease liability, noncurrent Year Ended December 31, 2022 2023 $ $ $ $ 20,114 $ 20,114 $ 2,974 $ 20,247 23,221 $ The table below presents the maturities of lease liabilities under non-cancellable leases as of December 31, 2023 (in thousands). 2024 2025 2026 2027 2028 Thereafter Total undiscounted lease payments Less imputed interest Total lease liabilities $ $ $ 22,759 22,759 2,840 23,321 26,161 4,296 4,022 3,650 3,385 3,453 10,163 28,969 5,748 23,221 The Company subleases certain of its office space included above under non-cancellable leases and is due to receive future minimum rental payments of approximately $0.2 million and $37,000 for the years ended December 31, 2024 and 2025, respectively. 14. LITIGATION In connection with its business, the Company is from time to time involved in various legal actions. The litigation process is inherently uncertain, and it is possible that the resolution of such matters might have a material adverse effect upon the financial condition and/or results of operations of the Company. However, in the opinion of the Company’s management, matters currently pending or threatened against the Company are not expected to have a material adverse effect on the financial position or results of operations of the Company. 15. NON-MARKETABLE EQUITY INVESTMENTS The aggregate carrying amount of non-marketable equity investments accounted for using the measurement alternative for equity investments that do not have readily determinable fair values was $1.5 million for both the years ended December 31, 2023 and 2022, which the Company evaluates for impairment at each reporting period. There have been no adjustments recorded due to changes in the fair value of the non-marketable equity investments the Company held as of December 31, 2023 and 2022. The fair value of non-marketable equity investments is not estimated if there are no identified events or changes in circumstances that may have a significant adverse effect on the fair value of the investment. 61 Table of Contents Item 9. Changes in and Disagreements with Accountants on Accounting and Financial Disclosure None. Item 9A. Controls and Procedures Evaluation of Disclosure Controls and Procedures HealthStream’s chief executive officer and principal financial officer have reviewed and evaluated the effectiveness of the Company’s disclosure controls and procedures (as defined in Rules 13a-15(e) and 15d-15(e) promulgated under the Securities Exchange Act of 1934 (the Exchange Act)) as of December 31, 2023. Based on that evaluation, the chief executive officer and principal financial officer have concluded that HealthStream’s disclosure controls and procedures were effective to ensure that the information required to be disclosed by the Company in the reports the Company files or submits under the Exchange Act is recorded, processed, summarized, and reported within the time periods specified in the Securities and Exchange Commission’s rules and forms, and the information required to be disclosed in the reports the Company files or submits under the Exchange Act was accumulated and communicated to the Company’s management, including its principal executive and principal financial officer, or persons performing similar functions, as appropriate to allow timely decisions regarding required disclosure. Management’s Annual Report on Internal Control over Financial Reporting Our management is responsible for establishing and maintaining adequate internal control over financial reporting as defined in Rules 13a-15(f) and 15d- 15(f) under the Exchange Act, and for assessing the effectiveness of internal control over financial reporting. The Company’s internal control over financial reporting is designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with GAAP. The Company’s internal control over financial reporting includes those policies and procedures that: (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the Company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with GAAP, and that receipts and expenditures of the Company are being made only in accordance with authorizations of management and directors of the Company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the Company’s assets that could have a material effect on the financial statements. Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate. Management assessed the effectiveness of the Company’s internal control over financial reporting as of December 31, 2023. In making this assessment, management used the criteria set forth by the Committee of Sponsoring Organizations of the Treadway Commission in Internal Control-Integrated Framework (2013 Framework). Management’s assessment included an evaluation of the design of our internal control over financial reporting and testing of the operational effectiveness of our internal control over financial reporting. Management believes that, as of December 31, 2023, the Company’s internal control over financial reporting was effective based on those criteria. The Company’s independent registered public accounting firm, Ernst & Young LLP, has issued an audit report on the Company’s internal control over financial reporting, which appears in Item 8 of this Annual Report on Form 10-K. 62 Table of Contents Changes in Internal Control over Financial Reporting There were no changes in HealthStream’s internal control over financial reporting that occurred during the fourth quarter of 2023 that have materially affected, or that are reasonably likely to materially affect, HealthStream’s internal control over financial reporting. Item 9B. Other Information None. Without limiting the generality of the foregoing, during the three months ended December 31, 2023, no director or officer of the Company adopted or terminated any “Rule 10b5-1 trading arrangement,” or any “non-Rule 10b-5 trading arrangement,” as such terms are defined in Item 408(a) of Regulation S-K. Item 9C. Disclosure Regarding Foreign Jurisdictions that Prevent Inspections None. 63 Table of Contents Item 10. Directors, Executive Officers and Corporate Governance PART III Information required by Item 10 of Part III is incorporated by reference from the information to be contained in our proxy statement for the 2024 Annual Meeting of Shareholders (2024 Proxy Statement) that the Company will file with the Securities and Exchange Commission within 120 days of the end of the fiscal year to which this report relates. Pursuant to General Instruction G(3), certain information concerning executive officers of the Company is included in Part I of this Form 10-K, under the caption Information about our Executive Officers. Item 11. Executive Compensation Information required by Item 11 of Part III is incorporated by reference from the information to be contained in the Company’s 2024 Proxy Statement. Item 12. Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters Information required by Item 12 of Part III is incorporated by reference from the information to be contained in the Company’s 2024 Proxy Statement. Item 13. Certain Relationships and Related Transactions, and Director Independence Information required by Item 13 of Part III is incorporated by reference from the information to be contained in the Company’s 2024 Proxy Statement. Item 14. Principal Accounting Fees and Services Information required by Item 14 of Part III is incorporated by reference from the information to be contained in the Company’s 2024 Proxy Statement. 64 Table of Contents Item 15. Exhibits, Financial Statement Schedules (a)(1) Financial Statements PART IV Reference is made to the financial statements included in Item 8 to this Report on Form 10-K. (a)(2) Financial Statement Schedules All schedules are omitted because they are not applicable or the required information is shown in the Consolidated Financial Statements or the notes thereto. (a)(3) Exhibits Number 2.2 (1) 3.1* 3.2 (2) 4.1* 4.2* 4.3 (3) 10.1 10.2 10.3 10.4 (6) 10.5 10.6 10.7 10.8 10.9 10.10 10.11 10.12 (10) 10.13 (11) 10.14 (12) 10.15 (13) 10.16 10.17 10.18 10.19 10.20 10.21 10.22 10.23 10.24 10.25 (20) 21.1 23.1 31.1 31.2 Description Equity Purchase Agreement, dated November 25, 2020, by and among HSTM Max Holdings, Inc., Change Healthcare Holdings, LLC, Change Healthcare Technologies, LLC and Change Healthcare Ireland Limited. Fourth Amended and Restated Charter of HealthStream, Inc. Third Amended and Restated Bylaws of HealthStream, Inc. Form of certificate representing the common stock, no par value per share, of HealthStream, Inc. Reference is made to Exhibits 3.1 and 3.2. Description of Capital Stock of HealthStream, Inc. Form of Indemnification Agreement Contribution Agreement dated as of December 29, 2021 between HealthStream, Inc. and Robert A. Frist, Jr. Executive Employment Agreement, dated July 21, 2005, between HealthStream, Inc. and Robert A. Frist, Jr. Revolving Credit Agreement, dated November 24, 2014, by and among HealthStream, Inc., the several banks and other financial institutions and lenders from time to time party thereto and SunTrust Bank, as administrative agent, issuing bank, and swingline lender Summary of Director and Executive Officer Compensation Letter Agreement, dated as of February 20, 2023, between HealthStream, Inc. and Michael Sousa. HealthStream, Inc. 2023 Cash Incentive Bonus Plan Form of HealthStream, Inc. Restricted Share Unit Agreement (Time Based) under 2022 Omnibus Incentive Plan 2016 Omnibus Incentive Plan. Form of HealthStream, Inc. Restricted Share Unit Agreement (Officers) under 2016 Omnibus Incentive Plan. Form of HealthStream, Inc. Restricted Share Unit Agreement (Non-Employee Director) under 2016 Omnibus Incentive Plan. Lease Agreement, dated April 3, 2017, by and between HealthStream, Inc. and Capitol View Joint Venture. First Amendment to Revolving Credit Agreement, dated November 13, 2017, by and between HealthStream, Inc. and SunTrust Bank. Second Amendment to Revolving Credit Agreement, dated as of December 31, 2018, by and between HealthStream, Inc. and SunTrust Bank. Third Amendment to Revolving Credit Agreement, dated as of October 28, 2020, by and between HealthStream, Inc. and SunTrust Bank. Form of HealthStream, Inc. Restricted Share Unit Agreement (Performance) under 2016 Omnibus Incentive Plan between HealthStream, Inc. and J. Edward Pearson Form of HealthStream, Inc. Restricted Share Unit Agreement (Performance) under 2016 Omnibus Incentive Plan between HealthStream, Inc. and Michael Sousa Form of HealthStream, Inc. Non-Qualified Stock Option Agreement under 2016 Omnibus Incentive Plan. Form of HealthStream, Inc. Restricted Share Unit Agreement (Performance) under 2016 Omnibus Incentive Plan Form of HealthStream, Inc. Restricted Share Unit Agreement (Performance) which were contingent upon approval of 2022 Omnibus Incentive Plan Form of HealthStream, Inc. Restricted Share Unit Agreement (Time Based) which were contingent upon approval of 2022 Omnibus Incentive Plan HealthStream, Inc. 2022 Omnibus Incentive Plan Form of HealthStream, Inc. Restricted Share Unit Agreement (Non-Employee Director) under 2022 Omnibus Incentive Plan. Form of HealthStream, Inc. Restricted Share Unit Agreement (Performance) under 2022 Omnibus Incentive Plan Amended and Restated Credit Agreement, dated October 6, 2023, by and among the several banks and other financial institutions and lenders from time to time party thereto and Truist Bank, as administrative agent Subsidiaries of HealthStream, Inc. Consent of Independent Registered Public Accounting Firm Certification of the Chief Executive Officer Pursuant to Section 302 of the Sarbanes-Oxley Act of 2002 Certification of the Chief Financial Officer Pursuant to Section 302 of the Sarbanes-Oxley Act of 2002 65 Table of Contents 32.1 32.2 97 101.1 INS 101.1 SCH 101.1 CAL 101.1 DEF 101.1 LAB 101.1 PRE 104 * (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12) (13) (14) (15) (16) (17) (18) (19) (20) Certification Pursuant to 18 U.S.C. Section 1350, as Adopted Pursuant to Section 906 of the Sarbanes-Oxley Act of 2002 Certification Pursuant to 18 U.S.C. Section 1350, as Adopted Pursuant to Section 906 of the Sarbanes-Oxley Act of 2002 HealthStream, Inc. Amended and Restated Compensation Recoupment Policy XBRL Instance Document - the instance document does not appear in the Interactive Data File because its XBRL tags are embedded within the Inline XBRL document. Inline XBRL Taxonomy Extension Schema Inline XBRL Taxonomy Extension Calculation Linkbase Inline XBRL Taxonomy Extension Definition Linkbase Inline XBRL Taxonomy Extension Label Linkbase Inline XBRL Taxonomy Extension Presentation Linkbase Cover Page Interactive Data File (formatted in Inline XBRL and included in Exhibit 101.1) Incorporated by reference to Registrant’s Registration Statement on Form S-1, as amended (Reg. No. 333-88939). Management contract or compensatory plan or arrangement Incorporated by reference from exhibit filed on our Current Report on Form 8-K, dated November 30, 2020. Incorporated by reference from exhibit filed on our Current Report on Form 8-K, dated October 23, 2023. Incorporated by reference from exhibit filed on our Annual Report on Form 10-K, for the year ended December 31, 2019, filed with the SEC on February 26, 2020. Incorporated by reference from exhibit filed on our Annual Report on Form 10-K, for the year ended December 31, 2021, filed with the SEC on February 28, 2022. Incorporated by reference from exhibit filed on our Current Report on Form 8-K, dated July 25, 2005. Incorporated by reference from exhibit filed on our Current Report on Form 8-K, dated November 25, 2014. Incorporated by reference from exhibit filed on our Quarterly Report on Form 10-Q, for the quarterly period ended March 31, 2023, filed with the SEC on April 27, 2023. Incorporated by reference from exhibit filed on our Current Report on Form 8-K, dated May 31, 2016. Incorporated by reference from exhibit filed on our Quarterly Report on Form 10-Q, for the quarterly period ended March 31, 2017, filed with the SEC on May 1, 2017. Incorporated by reference from exhibit filed on our Quarterly Report on Form 10-Q, for the quarterly period ended June 30, 2017, filed with the SEC on July 31, 2017. Incorporated by reference from exhibit filed on our Current Report on Form 8-K, dated November 14, 2017. Incorporated by reference from exhibit filed on our Current Report on Form 8-K, dated January 2, 2019. Incorporated by reference from exhibit filed on our Current Report on Form 8-K, dated October 28, 2020. Incorporated by reference from exhibit filed on our Current Report on Form 8-K, dated May 16, 2018. Incorporated by reference from exhibit filed on our Annual Report on Form 10-K, for the year ended December 31, 2020, filed with the SEC on February 26, 2021. Incorporated by reference from exhibit filed on our Quarterly Report on Form 10-Q, for the quarterly period ended March 31, 2022, filed with the SEC on April 28, 2022. Incorporated by reference from exhibit filed on our Current Report on Form 8-K, dated May 31, 2022. Incorporated by reference from exhibit filed on our Quarterly Report on Form 10-Q, for the quarterly period ended June 30, 2023, filed with the SEC on July 27, 2023. Incorporated by reference from exhibit filed on our Annual Report on Form 10-K, for the year ended December 31, 2022, filed with the SEC on February 28, 2023. Incorporated by reference from exhibit filed on our Current Report on Form 8-K, dated October 6, 2023. Item 16. Form 10-K Summary None. 66 Table of Contents SIGNATURES Pursuant to the requirements of Section 13 or 15(d) of the Securities Exchange Act of 1934, the Registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized on this 26th day of February 2024. HEALTHSTREAM, INC. By: /s/ ROBERT A. FRIST, JR. Robert A. Frist, Jr. Chief Executive Officer Pursuant to the requirements of the Securities Exchange Act of 1934, this report has been signed by the following persons on behalf of the registrant and in the capacities and on the dates indicated: Signature Title(s) /s/ ROBERT A. FRIST, JR. Robert A. Frist, Jr. Chief Executive Officer and Chairman (Principal Executive Officer) /s/ SCOTT A. ROBERTS Scott A. Roberts Chief Financial Officer and Senior Vice President (Principal Financial and Accounting Officer) /s/ THOMPSON DENT Thompson Dent /s/ FRANK GORDON Frank Gordon Director Director /s/ TERRY ALLISON RAPPUHN Terry Allison Rappuhn Director /s/ JEFFREY L. MCLAREN Jeffrey L. McLaren /s/ LINDA REBROVICK Linda Rebrovick /s/ ALEX JAHANGIR Alex Jahangir /s/ WILLIAM STEAD William Stead /s/ DEBORAH TAYLOR TATE Deborah Taylor Tate Director Director Director Director Director 67 Date February 26, 2024 February 26, 2024 February 26, 2024 February 26, 2024 February 26, 2024 February 26, 2024 February 26, 2024 February 26, 2024 February 26, 2024 February 26, 2024 HealthStream, Inc. (the Company) Summary of Director and Executive Officer Compensation EXHIBIT 10.5 I. Director Compensation. Directors who are employees of the Company do not receive additional compensation for serving as directors of the Company. For fiscal year 2023, each director received an annual retainer of $10,000, except for the Audit Committee Chair and Nominating and Corporate Governance Chair, who received an additional annual retainer of $7,500, and the Compensation Committee Chair, who received an additional annual retainer of $2,000. Non-employee directors also received a $20,000 flat-fee, except for members of the Audit Committee who received $22,500, for board and committee meeting attendance and participation in lieu of per meeting fees. In addition to the cash compensation set forth above, each non-employee director is eligible to receive a nondiscretionary annual grant of restricted share units. The restricted share units are granted annually and vest ratably over a three-year period. Director compensation for 2024 has not yet been determined by the Compensation Committee. II. Executive Officer Compensation. The following table sets forth the current base salaries and fiscal 2023 performance bonuses to be provided to our executive officers upon review and approval by the Compensation Committee, including the individuals who the Company expects to be its Named Executive Officers for 2024. Executive Officer Robert A. Frist, Jr. Michael Sousa Scott A. Roberts Jeffrey D. Cunningham Michael M. Collier Trisha L. Coady M. Scott McQuigg Kevin O’Hara Scott Fenstermacher $ $ $ $ $ $ $ $ $ Current Base Salary Fiscal 2023 Bonus Amount 190,000 187,500 144,000 146,250 175,000 150,750 144,000 148,500 -0- 380,000 $ 375,000 $ 320,000 $ 325,000 $ 350,000 $ 335,000 $ 320,000 $ 330,000 $ 225,000 $ Base salaries for 2024, bonus targets for 2024 cash bonuses, and 2024 equity grants for executive officers have not yet been determined by the Compensation Committee. III. Additional Information. The foregoing information is summary in nature. Additional information regarding Director and Named Executive Officer compensation will be contained in the Company’s 2024 Proxy Statement. SUBSIDIARIES OF HEALTHSTREAM, INC. EXHIBIT 21.1 Names Under Which We Do Business HealthStream Information Solutions Company HSTM Group Australia PTY Limited HSTM Group New Zealand State or Other Jurisdiction of Incorporation or Organization Nova Scotia, Canada Australia New Zealand CONSENT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM EXHIBIT 23.1 We consent to the incorporation by reference in the following Registration Statements: (1) (2) Registration Statement (Form S-3 ASR No. 333-230169) of HealthStream, Inc. for the registration of shares of its common stock; and Registration Statement (Form S-8 No. 333-265242) pertaining to the HealthStream, Inc. 2022 Omnibus Incentive Plan of our reports dated February 26, 2024, with respect to the consolidated financial statements of HealthStream, Inc. and the effectiveness of internal control over financial reporting of HealthStream, Inc. included in this Annual Report (Form 10-K) of HealthStream, Inc. for the year ended December 31, 2023. /s/ Ernst & Young LLP Nashville, Tennessee February 26, 2024 EXHIBIT 31.1 I, 1. 2. 3. 4. Robert A. Frist, Jr., certify that: I have reviewed this annual report on Form 10-K of HealthStream, Inc.; CERTIFICATION Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this report; Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the financial condition, results of operations and cash flows of the registrant as of, and for, the periods presented in this report; The registrant’s other certifying officer and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act Rules 13a-15(e) and 15d-15(e)) and internal control over financial reporting (as defined in Exchange Act Rules 13a-15(f) and 15d- 15(f)) for the registrant and have: a) Designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision, to ensure that material information relating to the registrant, including its consolidated subsidiaries, is made known to us by others within those entities, particularly during the period in which this report is being prepared; b) Designed such internal control over financial reporting, or caused such internal control over financial reporting to be designed under our supervision, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles; c) Evaluated the effectiveness of the registrant’s disclosure controls and procedures and presented in this report our conclusions about the effectiveness of the disclosure controls and procedures, as of the end of the period covered by this report based on such evaluation; and d) Disclosed in this report any change in the registrant’s internal control over financial reporting that occurred during the registrant’s most recent fiscal quarter (the registrant’s fourth fiscal quarter in the case of an annual report) that has materially affected, or is reasonably likely to materially affect, the registrant’s internal control over financial reporting; and 5. The registrant’s other certifying officer and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to the registrant’s auditors and the audit committee of the registrant’s board of directors (or persons performing the equivalent functions): a) All significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting which are reasonably likely to adversely affect the registrant’s ability to record, process, summarize and report financial information; and b) Any fraud, whether or not material, that involves management or other employees who have a significant role in the registrant’s internal control over financial reporting. Date : February 26, 2024 /s/ ROBERT A. FRIST, JR. Robert A. Frist, Jr. Chief Executive Officer EXHIBIT 31.2 I, Scott A. Roberts, certify that: CERTIFICATION 1. 2. 3. 4. I have reviewed this annual report on Form 10-K of HealthStream, Inc.; Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this report; Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the financial condition, results of operations and cash flows of the registrant as of, and for, the periods presented in this report; The registrant’s other certifying officer and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act Rules 13a-15(e) and 15d-15(e)) and internal control over financial reporting (as defined in Exchange Act Rules 13a-15(f) and 15d- 15(f)) for the registrant and have: a) Designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision, to ensure that material information relating to the registrant, including its consolidated subsidiaries, is made known to us by others within those entities, particularly during the period in which this report is being prepared; b) Designed such internal control over financial reporting, or caused such internal control over financial reporting to be designed under our supervision, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles; c) Evaluated the effectiveness of the registrant’s disclosure controls and procedures and presented in this report our conclusions about the effectiveness of the disclosure controls and procedures, as of the end of the period covered by this report based on such evaluation; and d) Disclosed in this report any change in the registrant’s internal control over financial reporting that occurred during the registrant’s most recent fiscal quarter (the registrant’s fourth fiscal quarter in the case of an annual report) that has materially affected, or is reasonably likely to materially affect, the registrant’s internal control over financial reporting; and 5. The registrant’s other certifying officer and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to the registrant’s auditors and the audit committee of the registrant’s board of directors (or persons performing the equivalent functions): a) All significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting which are reasonably likely to adversely affect the registrant’s ability to record, process, summarize and report financial information; and b) Any fraud, whether or not material, that involves management or other employees who have a significant role in the registrant’s internal control over financial reporting. Date : February 26, 2024 /s/ SCOTT A. ROBERTS Scott A. Roberts Chief Financial Officer CERTIFICATION PURSUANT TO 18 U.S.C. SECTION 1350, AS ADOPTED PURSUANT TO SECTION 906 OF THE SARBANES-OXLEY ACT OF 2002 EXHIBIT 32.1 In connection with the Annual Report of HealthStream, Inc. (the “Company”) on Form 10-K for the year ending December 31, 2023, as filed with the Securities and Exchange Commission on the date hereof (the “Report”), Robert A. Frist, Jr., Chief Executive Officer of the Company certifies, pursuant to 18 U.S.C. §1350, as adopted pursuant to §906 of the Sarbanes-Oxley Act of 2002, that: (1) The Report fully complies with the requirements of Section 13(a) or 15(d) of the Securities Exchange Act of 1934; and (2) The information contained in the Report fairly presents, in all material respects, the financial condition and results of operations of the Company. /s/ ROBERT A. FRIST, JR. Robert A. Frist, Jr. Chief Executive Officer February 26, 2024 CERTIFICATION PURSUANT TO 18 U.S.C. SECTION 1350, AS ADOPTED PURSUANT TO SECTION 906 OF THE SARBANES-OXLEY ACT OF 2002 EXHIBIT 32.2 In connection with the Annual Report of HealthStream, Inc. (the “Company”) on Form 10-K for the year ending December 31, 2023, as filed with the Securities and Exchange Commission on the date hereof (the “Report”), Scott A. Roberts, Chief Financial Officer of the Company certifies, pursuant to 18 U.S.C. § 1350, as adopted pursuant to §906 of the Sarbanes-Oxley Act of 2002, that: (1) The Report fully complies with the requirements of Section 13(a) or 15(d) of the Securities Exchange Act of 1934; and (2) The information contained in the Report fairly presents, in all material respects, the financial condition and results of operations of the Company. /s/ SCOTT A. ROBERTS Scott A. Roberts Chief Financial Officer February 26, 2024

Continue reading text version or see original annual report in PDF format above