McKesson 2009 Annual Report Download - page 64

Download and view the complete annual report

Please find page 64 of the 2009 McKesson annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 128

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128

McKESSON CORPORATION
FINANCIAL REVIEW (Continued)
58
Various risks could interrupt customers’ access to their data residing in our service center, exposing us to
significant costs.
We provide remote hosting services that involve operating both our software and the software of third-party
vendors for our customers. The ability to access the systems and the data that we host and support on demand is
critical to our customers. Our operations and facilities are vulnerable to interruption and/or damage from a number
of sources, many of which are beyond our control, including, without limitation, (1) power loss and
telecommunications failures, (2) fire, flood, hurricane and other natural disasters, (3) software and hardware errors,
failures or crashes and (4) computer viruses, hacking and similar disruptive problems. We attempt to mitigate these
risks through various means including disaster recovery plans, separate test systems and change control and system
security measures, but our precautions may not protect against all problems. If customers’ access is interrupted
because of problems in the operation of our facilities, we could be exposed to significant claims, particularly if the
access interruption is associated with problems in the timely delivery of medical care. We must maintain disaster
recovery and business continuity plans that rely upon third-party providers of related services and if those vendors
fail us at a time that our center is not operating correctly, we could incur a loss of revenue and liability for failure to
fulfill our contractual service commitments. Any significant instances of system downtime could negatively affect
our reputation and ability to sell our remote hosting services.
Regulation of our distribution businesses and regulation of our computer-related products could impose
increased costs, delay the introduction of new products and negatively impact our business.
The healthcare industry is highly regulated. We are subject to various local, state, federal, foreign and
transnational laws and regulations, which include the operating and security standards of the Drug Enforcement
Administration (the “DEA”), the FDA, various state boards of pharmacy, state health departments, the HHS, CMS
and other comparable agencies. Certain of our subsidiaries may be required to register for permits and/or licenses
with, and comply with operating and security standards of the DEA, the FDA, HHS, various state boards of
pharmacy, state health departments and/or comparable state agencies as well as foreign agencies and certain
accrediting bodies depending upon the type of operations and location of product distribution, manufacturing and
sale.
In addition, the FDA has increasingly focused on the regulation of computer products and computer-assisted
products as medical devices under the federal Food, Drug and Cosmetic Act. If the FDA chooses to regulate any of
our products as medical devices, it can impose extensive requirements upon us. If we fail to comply with the
applicable requirements, the FDA could respond by imposing fines, injunctions or civil penalties, requiring recalls
or product corrections, suspending production, refusing to grant pre-market clearance of products, withdrawing
clearances and initiating criminal prosecution. Any final FDA policy governing computer products, once issued,
may increase the cost and time to market new or existing products or may prevent us from marketing our products.
We regularly receive requests for information and occasionally subpoenas from government authorities.
Although we believe that we are in compliance, in all material respects, with applicable laws and regulations, there
can be no assurance that a regulatory agency or tribunal would not reach a different conclusion concerning the
compliance of our operations with applicable laws and regulations. In addition, there can be no assurance that we
will be able to maintain or renew existing permits, licenses or any other regulatory approvals or obtain without
significant delay future permits, licenses or other approvals needed for the operation of our businesses. Any
noncompliance by us with applicable laws and regulations or the failure to maintain, renew or obtain necessary
permits and licenses could have an adverse impact on our results of operations.