NYSE: PHR

Revenue

We generate revenue through a diversified model that includes three revenue streams: subscription and related services; payment solutions (previously labeled payment processing fees), which include payment processing fees and financing fees; and Network Solutions, which provides a channel for life sciences companies and other organizations to deliver compliant, personalized engagement to patients and providers who use our solutions.

Our business model provides meaningful visibility into future revenue, as our revenue is primarily derived from recurring subscription fees and re-occurring payment processing fees and financing fees. Subscription and related services revenue is relatively consistent throughout the fiscal year due to the recurring nature of our contracts. Payment solutions revenue is typically higher during the first two to three months of the calendar year, driven in part by the resetting of patient deductibles. Network Solutions revenue is primarily generated through annual contracts priced on a per-engagement basis, supported by closed-loop reporting and third-party measurement, and is typically higher in the second half of our fiscal year, reflecting life sciences marketing budget cycles. Phreesia creates high-intent engagement opportunities delivered at critical moments in the care journey.

Our Platform and Solutions

Phreesia’s integrated platform is designed to address challenges patients and healthcare providers face in three core areas: Access, Affordability, and Outcomes.

Access

Phreesia’s solutions facilitate access to care by reducing friction in how patients find, schedule, and register for care, while enabling providers to improve capacity utilization and reduce administrative burden.

Key capabilities include care discovery and scheduling through MediFind, our online provider directory, and self-scheduling tools; appointment optimization and referral management using AI-enabled workflows; and our AI-based smart answering solution for patient communications supported by voice and messaging solutions.

Affordability

Phreesia’s solutions directly address affordability challenges and improve the patient experience while helping providers improve collections, accelerate cash flow, and reduce revenue cycle friction.

7

Table of Contents

Capabilities include eligibility and cost transparency tools, integrated payment solutions embedded in intake and post-visit workflows, and financing solutions that enable healthcare organizations to accelerate cash collections while offering flexible payment options to patients.

Outcomes

Phreesia’s solutions are designed to improve patient outcomes by promoting patient engagement, treatment adherence and satisfaction, while enabling healthcare stakeholders, including providers and life sciences organizations, to measure and influence patient behavior in a compliant and scalable manner.

Capabilities include digital intake and clinical data capture, patient engagement and activation tools, and measurement and analytics solutions.

Market Opportunity

We estimate our total addressable market at approximately $24 billion, consisting of the potential $6.3 billion of subscription and related services revenue generated from the approximately 1.4 million U.S.-based healthcare services organizations who take medical appointments in ambulatory care settings and healthcare service providers who work in hospital settings, (2) the estimated potential $9.1 billion of financing fees, consumer-related transaction and payment processing fees, which are based on a percentage of payments that we process through our platform and address approximately $95.0 billion of annual out of pocket patient spend in ambulatory healthcare related professional services, (3) an estimated potential $8.2 billion in Network solutions revenue, based on projections of healthcare provider marketing spend, direct-to-consumer point-of-care marketing spend and other digital, direct-to-consumer life sciences marketing spend. We believe several industry trends support continued growth in our addressable markets, including increased adoption of digital patient intake and administrative workflow solutions, the transition toward value-based care models that incentivize patient engagement, expanded use of technology solutions across healthcare specialties and provider settings, and increasing patient financial responsibility and related affordability challenges.

Technology and Artificial Intelligence

Our platform is built on a scalable, cloud-enabled architecture designed to support healthcare interoperability and security, and regulatory requirements. We integrate with most major electronic medical record and practice management systems.

We increasingly incorporate artificial intelligence (“AI”) into our solutions and leverage AI to support automation, personalization, analytics, and operational efficiency, including AI-enabled communications, data extraction, campaign forecasting, and software development productivity.

Privacy and security

Privacy and security are our top priorities. We maintain a comprehensive security program designed to safeguard the confidentiality, integrity and availability of our clients’ data. In particular, we deploy physical, administrative and technical controls to appropriately safeguard patient information. We use external security auditors and industry-leading vendors to ensure we have the controls and procedures in place to protect our clients’ sensitive information. We have industry certifications, including HITRUST, PCI-DSS Level 1 Service Provider, Systems and Organization Controls 2 ("SOC 2") and PCI Point-to-Point Encryption. As a PCI-DSS Level 1 Service Provider, we are committed to upholding industry security standards to cardholder data.

We are committed to protecting and safeguarding the information and privacy of our clients and their patients. Our publicly available privacy policies provide detailed information regarding how we protect consumers’ data and the data subject rights of consumers. For more information regarding the privacy and security laws to which we are subject, and information about our cybersecurity risk management strategy and oversight, refer to “—Regulatory Matters” below and Item 1C. Cybersecurity in Part I of this Annual Report on Form 10-K.

Sales and Marketing

We market and sell our solutions using a direct sales organization, with dedicated sales and marketing teams for our healthcare services clients and our Network Solutions clients. Our go-to-market strategy focuses on maximizing total customer enterprise value through an integrated sales and customer success model. Incentives are aligned to overall customer value rather than individual product commissions, supporting land-and-expand growth across our customer base.

Most of our healthcare services customer contracts are structured as annual, auto-renewing agreements, while most of our Network Solutions campaigns have a term of one year and must be resold each year. Sales cycles vary

8

Table of Contents

by customer size and complexity. For healthcare services clients, sales cycles typically range from three to twelve months, and up to 18 months for financing contracts with large health systems. Network Solutions sales cycles align with annual life sciences marketing budget cycles, with contracts typically negotiated during the fourth quarter of the calendar year.

Competition

We operate in a competitive and evolving healthcare technology market that includes point solutions and broader platform providers. We face increasing competition from both established vendors and newer market entrants that are incorporating AI into patient access, intake, clinical support, and administrative workflow solutions. Some of these competitors may be able to develop or deploy AI-enabled products rapidly, which may increase competitive pressure in certain areas of our business. We believe we compete effectively based on the breadth of our platform, interoperability, scale of our provider and patient network, compliance-first engagement model, and ability to deliver measurable value.

Regulatory Matters

Our business is subject to extensive, complex and rapidly changing federal and state laws and regulations. Various federal and state agencies have discretion to issue regulations and interpret and enforce privacy and other laws applicable to businesses such as ours. While we routinely evaluate our legal positions under applicable healthcare, data privacy, security and other laws and regulations, these regulations can vary significantly from jurisdiction to jurisdiction, and interpretation and enforcement of existing laws and regulations can be uncertain or may change periodically. We cannot be assured that a review of our business by courts or regulatory authorities will not result in determinations that could adversely affect our operations or that the regulatory environment will not change in a way that restricts our operations. Federal and state legislatures also may enact various legislative proposals that could materially impact certain aspects of our business.

U.S. state and federal health information privacy and security laws

There are numerous U.S. federal and state laws and regulations related to the privacy and security of personally identifiable information, including protected health information. In particular, HIPAA establishes privacy and security standards that limit the use and disclosure of PHI, and requires the implementation of administrative, physical, and technical safeguards to ensure the confidentiality, integrity and availability of individually identifiable health information in electronic form. Many of our customers are regulated as covered entities under HIPAA. As a service provider that creates, receives, maintains or transmits PHI on behalf of our covered entity customers, Phreesia is a “business associate” as defined under HIPAA, and certain HIPAA requirements are directly applicable to business associates.

Violations of HIPAA may result in civil and criminal penalties and a single data breach can result in violations of multiple standards. We must also comply with HIPAA’s breach notification rule. Under the breach notification rule, business associates must notify covered entities of a breach, and those covered entities must notify affected individuals without unreasonable delay in the case of a breach of unsecured PHI, which may compromise the privacy, security or integrity of the PHI. In addition, notification must be provided to the U.S. Department of Health and Human Services (“HHS”), and, in cases where a breach affects more than 500 individuals, the local media. Breaches affecting fewer than 500 individuals must be reported to HHS on an annual basis. In the event of a breach, our covered entity customers may require that we provide assistance or request that we make these notifications on behalf of the covered entity in the breach notification process and may seek indemnification and other contractual remedies.

State attorneys general also have the right to prosecute HIPAA violations in their states. While HIPAA does not create a private right of action that would allow individuals to sue in civil court, its standards have been used as the basis for the duty of care in state civil suits, such as those for negligence or recklessness in misusing personal information. In addition, HIPAA tasks HHS with establishing a methodology whereby harmed individuals who were the victims of breaches of unsecured PHI may receive a percentage of the Civil Monetary Penalty fine paid by the violator. We expect a continued or increased level of federal and state HIPAA privacy and security enforcement efforts.

In recent years, federal and state regulators have increased their focus on the application of HIPAA and other privacy laws to the digital space and to technology companies, and states have adopted new statutes applicable to this area.

Beyond HIPAA, it is important to note that additional federal and state laws restrict the use and disclosure of personally identifiable information, particularly sensitive information such as individually identifiable health

9

Table of Contents

information. For example, the Federal Trade Commission (“FTC”) has advised that failing to take appropriate steps to keep consumers’ personal information private and secure may constitute an unfair act or practice in or affecting commerce in violation of Section 5(a) of the Federal Trade Commission Act (the “FTCA”). The FTC expects a company’s data privacy and security policies and practices to be reasonable and appropriate in light of the sensitivity and volume of consumer information it holds, the size and complexity of its business and the cost of available tools to improve security and reduce vulnerabilities. The FTC has initiated enforcement actions against entities in the health space that mislead consumers, make false or misleading statements in privacy policies, fail to limit third-party use of personal health information, fail to implement policies to protect personal health information or engage in other unfair practices that harm customers. We regularly review our privacy program in light of FTC guidance and enforcement actions and believe that our privacy standards are fair and transparent under the FTCA. However, in such an evolving regulatory space, there can be no assurances as to how future interpretations of law may affect our business.

Regulators and legislators in the United States are also increasingly scrutinizing and restricting certain personal data transfers and transactions involving foreign countries. For example, the Department of Justice’s January 8, 2025 rule, “Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons,” prohibits data brokerage transactions involving certain sensitive personal data categories, including health data, genetic data, and biospecimens, to countries of concern, including China. The regulations also restrict certain investment agreements, employment agreements and vendor agreements involving such data and countries of concern, absent specified cybersecurity controls. Actual or alleged violations of these regulations may be punishable by criminal and/or civil sanctions, and may result in exclusion from participation in federal and state programs.

Many states also have laws that protect the privacy and security of personal information, including health information, and are, in many cases, not preempted by HIPAA and may be subject to varying interpretations by courts and government agencies. For example, the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”), created individual privacy rights for California consumers (as defined in the law) and placed increased privacy and security obligations on entities handling personal data of consumers or households. The CCPA requires covered companies to provide certain disclosures to consumers about its data collection, use and sharing practices, and provides consumers with additional rights in their personal data, such as to have their data deleted and to opt-out of certain sales or transfers of personal information. While any information we maintain in our role as a business associate may be exempt from the CCPA, other records and information we maintain may be subject to the CCPA.

In addition to the CCPA, privacy and data security laws have been enacted in numerous other states, reflecting a trend toward more stringent privacy legislation in the U.S. Many of these laws are similarly comprehensive in scope to the CCPA, while other state laws, such as Washington’s My Health My Data Act or U.S. state biometric privacy laws, apply to distinct subsets of sensitive personal data. While these laws contain similarities, they may also impose additional and different requirements on businesses, and grant distinct privacy rights to consumers.

We expect that there will continue to be new proposed and amended laws, regulations and industry standards concerning privacy, data protection and information security in the U.S. at the state and federal level. Already in the U.S. we have witnessed significant developments at the state level. These new laws and proposed legislation have added additional complexity, variation in requirements, restrictions and potential legal risk, and required additional investment of resources in compliance programs and impact strategies. While we continue to evaluate the potential impact of new and proposed laws on our business, the application of such laws and their potential impact on our business is difficult to predict. In certain cases, it may become necessary to modify our planned operations and procedures to comply with more stringent state laws. The existence of privacy laws in different states in the country has increasingly made compliance obligations more complex and costly and may increase the likelihood that we may be subject to enforcement actions or otherwise incur liability for noncompliance. Not only may some of these state laws impose fines and penalties upon violators, but also some state laws, unlike HIPAA, may afford private rights of action to individuals who believe their personal information has been misused. In addition, state laws are changing rapidly, and there is discussion of a new federal privacy law to which we may be subject.

All 50 states have enacted laws requiring holders of personal information to maintain safeguards and to take certain actions in response to a data breach, such as providing prompt notification of the breach to affected individuals and state officials. In addition, under HIPAA and pursuant to the related contracts with our business associates, we must report breaches of unsecured PHI to our contractual partners following discovery of the breach. Notification must also be made in certain circumstances to affected individuals, federal authorities and others.

U.S. federal and state telecommunications laws

10

Table of Contents

There are number of U.S. federal and state laws and regulations that concern telephone calls, text messages and other telephonic communications to patients, potential patients, clients and potential clients. For example, the Telephone Consumer Protection Act (“TCPA”) is a federal statute that restricts certain calls and text messages to individuals. Some states, including Florida and Oklahoma, have mini-TCPA laws that restrict certain calls and text messages to their residents and mini-TCPA laws have been proposed in other state legislatures. Our call and text communications are or may be (or may become) subject to these laws.

U.S. federal contracting laws

Our subsidiary, Insignia Health, receives a portion of its revenue from customers that are governmental agencies or funded by government programs. As a federal government contractor, Insignia’s government contracts and subcontracts subject Insignia to the Federal Acquisition Regulation (“FAR”) and, among other requirements, the following: (a) termination when appropriated funding for the current fiscal year is exhausted; (b) termination for the governmental customer’s convenience, subject to a negotiated settlement for costs incurred and profit on work completed, along with the right to place contracts out for bid before completion of the full contract term, as well as the right to make unilateral changes in contract requirements, subject to negotiated price adjustments; (c) compliance and reporting requirements related to, among other things, agency-specific policies and regulations, information security, subcontracting requirements, equal employment opportunity, affirmative action for veterans and workers with disabilities and accessibility for the disabled; (d) broad audit rights; (e) specialized remedies for breach and default, including setoff rights, retroactive price adjustments and civil or criminal fraud penalties under the False Claims Act (as described below), re-procurement expenses, as well as mandatory administrative dispute resolution procedures instead of state contract law remedies; and (f) requirements to calculate overhead rates in accordance with the accounting procedures and internal controls required under the FAR standards.

U.S. federal and state fraud and abuse laws

We are subject to additional healthcare regulation by the federal government and by authorities in the states and foreign jurisdictions in which we conduct our business that may constrain our financial arrangements with third parties. Such laws include, without limitation, state and federal anti-kickback, fraud and abuse, false claims, and transparency laws and regulations and other transfers of value made to physicians and other healthcare providers. If our operations are found to be in violation of any of such laws or any other governmental regulations that apply, we may be subject to penalties, including, without limitation, administrative, civil and criminal penalties, damages, fines, disgorgement, the curtailment or restructuring of operations, integrity oversight and reporting obligations, exclusion from participation in federal and state healthcare programs and responsible individuals may be subject to imprisonment. Such laws and regulations include:

•the federal Anti-Kickback Statute, which prohibits, among other things, persons or entities from knowingly and willfully soliciting, receiving, offering or paying any remuneration (including any kickback, bribe or rebate), directly or indirectly, overtly or covertly, in cash or in kind, to induce, or in return for, the purchase, lease, order, arrangement, or recommendation of any good, facility, item or service for which payment may be made, in whole or in part, under a federal healthcare program, such as the Medicare and Medicaid programs. A person or entity does not need to have actual knowledge of this statute or specific intent to violate it to have committed a violation. In addition to statutory exceptions, the U.S. Department of Health and Human Services Office of Inspector General, or OIG, has enacted safe-harbor regulations that outline categories of activities that are deemed protected from prosecution under the Anti-Kickback Statute provided all applicable criteria are met. The failure of a financial relationship to meet all of the applicable safe harbor criteria does not necessarily mean that the particular arrangement violates the Anti-Kickback Statute. Violations are subject to civil and criminal fines and penalties for each violation, imprisonment, and exclusion from government healthcare programs. Moreover, the government may assert that a claim including items or services resulting from a violation of the Anti-Kickback Statute constitutes a false or fraudulent claim for purposes of the False Claims Act or federal civil monetary penalty laws;

•the federal civil and criminal false claims laws and civil monetary penalty laws, such as the federal False Claims Act, which impose criminal and civil penalties and authorize civil whistleblower or qui tam actions, against individuals or entities for, among other things: knowingly presenting, or causing to be presented, to the federal government, claims for payment that are false or fraudulent; knowingly making, using or causing to be made or used, a false statement or record material to a false or fraudulent claim or obligation to pay or transmit money or property to the federal government or knowingly concealing or knowingly and improperly avoiding or decreasing an obligation to pay money to the federal government. Companies can be held liable under the federal False Claims Act even when they do not submit claims directly to government payors if they are deemed to “cause” the submission of false or fraudulent claims. The federal False Claims Act also

11

Table of Contents

permits a private individual acting as a “whistleblower” to bring actions on behalf of the federal government alleging violations of the federal False Claims Act and to share in any monetary recovery;

•HIPAA, which created new federal criminal statutes that prohibit a person from knowingly and willfully executing, or attempting to execute, a scheme to defraud any healthcare benefit program or obtain, by means of false or fraudulent pretenses, representations or promises, any of the money or property owned by, or under the custody or control of, any healthcare benefit program, regardless of the payor (e.g., public or private) and knowingly and willfully falsifying, concealing or covering up by any trick or device a material fact or making any materially false, fictitious, or fraudulent statements or representations in connection with the delivery of, or payment for, healthcare benefits, items or services relating to healthcare matters; similar to the federal Anti-Kickback Statute, a person or entity does not need to have actual knowledge of the statute or specific intent to violate it in order to have committed a violation; and

•federal consumer protection and unfair competition laws, which broadly regulate marketplace activities and activities that potentially harm consumers.

Additionally, we are subject to state and foreign equivalents of each of the healthcare laws and regulations described above, among others, some of which may be broader in scope and may apply regardless of the payor. Many U.S. states have adopted laws similar to the federal Anti-Kickback Statute and False Claims Act, and may apply to our business practices, including, but not limited to, arrangements involving healthcare items or services reimbursed by non-governmental payors, including private insurers. There are ambiguities as to what is required to comply with these state requirements and if we fail to comply with an applicable state law requirement we could be subject to penalties.

U.S. federal and state financial services laws

Our payment solutions are subject to certain financial services laws, regulations and rules, as well as self-regulatory standards such as the Payment Card Industry Data Security Standards. We also must comply with card network rules set by the various card networks with which we are registered as a service provider (payment facilitator or the equivalent) for acquiring member institutions. If we or a client fail to comply with the applicable requirements of card networks, we could be subject to a variety of fines or penalties that may be levied by card networks. A violation of the network rules may result in the termination or suspension of our registration with the affected network. The termination of our registration, including a card network barring us from acting as a payment facilitator, or any changes in card network rules that would impair our registration, could require us to stop providing payment processing services relating to the affected card network.

Our payment solutions must comply with certain laws, including the U.S. Bank Secrecy Act (“BSA”), as amended by the USA PATRIOT Act of 2001 (“PATRIOT Act”), the Customer Due Diligence Rule, and the Anti-Money Laundering Act of 2020 (“AMLA”), which, among other things, contain anti-money laundering and financial transparency laws and mandate the implementation of various regulations applicable to all financial institutions, including standards for verifying client identification at account opening, and obligations to monitor client transactions and report suspicious activities.

Additionally, our subsidiary, AccessOne MedCard, offers medical financing products, which are subject to extensive and evolving federal and state consumer protection, fair lending and other laws and regulations, including the Truth in Lending Act, the Equal Credit Opportunity Act, the Fair Credit Billing Act, the Military Lending Act and the Servicemembers’ Civil Relief Act, among others, and rules promulgated by the Consumer Financial Protection Bureau (the “CFPB”). AccessOne MedCard is licensed or registered to engage in consumer lending in multiple states in the United States, subjecting it to extensive state regulatory oversight. For example, AccessOne MedCard must comply with consumer lending laws and regulations governing aspects of its operations, including disclosures, interest and fee limitations, and reporting obligations in each relevant state, creating significant compliance complexity and costs. AccessOne MedCard is also subject to certain federal and state regulations applicable to financial institutions related to cybersecurity and privacy, including the New York Department of Financial Services 23 NYCRR Part 500 Cybersecurity Requirements for Financial Services Companies (the “NYDFS Part 500 Requirements”) and the Graham-Leach-Bliley Act (the “GLBA”) and its implementing regulations, including Regulation P and the FTC Safeguards Rule, as well as the FTC’s Identity Theft Red Flags Rule under the Fair Credit Reporting Act. These regulations, among other things, require financial institutions to explain their information sharing practices to their customers, safeguard sensitive data and maintain an identity theft prevention program. Failure to comply with applicable state or federal requirements could result in regulatory investigations, enforcement actions, civil or criminal penalties, license suspension or revocation. State attorneys general may also exercise enforcement authority under both state and federal law.

Intellectual property

12

Table of Contents

Our continued growth and success depend, in part, on our ability to protect our intellectual property and proprietary technology. We primarily protect our intellectual property through a combination of trademarks, trade secrets and other contractual rights, including confidentiality, non-disclosure and assignment-of-invention agreements with our employees, independent contractors, consultants and companies with which we conduct business.

However, these intellectual property rights and procedures may not prevent others from creating a competitive SaaS solution or otherwise competing with us. We may be unable to obtain, maintain and enforce the intellectual property rights on which our business depends, and assertions by third parties that we violate their intellectual property rights could have a material adverse effect on our business, financial condition and results of operations.

Human Capital Resources

As of January 31, 2026, we had 1,789 full-time employees, including 502 in sales and marketing, 542 in research and development, 551 in services and support and 194 in general and administrative. As of January 31, 2026, we had 756 full-time employees in the United States and 1,033 full-time employees internationally. We also supplement our workforce with contractors and consultants, including a number of contractors and consultants in international locations. None of our employees are represented by labor unions or covered by collective bargaining agreements. We consider our relationship with our employees to be good, and we have not experienced any work stoppages.

Talent and Culture: The success and continued evolution of our company has been due in large part to the talent and engagement of our entire team. Our team members are key pillars of our success and fostering and developing their talent is central to our culture. Attracting and retaining top talent is a high priority for us, and we look to hire smart, passionate and driven individuals who want to be a part of our mission. Our strong company culture and investment in long-term career growth for our people is evidenced by the long tenure of many of our team members with our organization. During our fiscal year ended January 31, 2026, Phreesia was named to the 2025 Deloitte Technology Fast 500TM. Phreesia was also recognized on TIME’s 2025 World’s Top HealthTech Companies list. Additionally, Phreesia was named to G2’s 2025 Best Software Awards. Phreesia was also named one of Becker’s 2026 Top Places to Work in Healthcare. Phreesia was named to the list of "The Top 50 Software Companies of 2025" by The Software Report, our fourth year in a row on the list. Phreesia has also had representation on The Software Report's Top 50 Women Leaders in Software for the past eight years. All of these achievements optimally position us to continue to attract top healthcare and technology talent.

Access and Equal Opportunity: We are committed to hiring, developing and supporting an inclusive workplace. We seek to recruit employees of all backgrounds and support their professional development. We strive to make career paths, career development opportunities and mentorships available to all employees. We are also committed to supporting gender equality in our organization, including through our inclusive culture, board representation, pathways to leadership for women, pay equity and strong family-leave policies.

Remote Workforce: We have operated as a fully remote company since 2020, as we believe this arrangement allows us access to the best talent and creates optimal flexibility for our employees. We are intentional about building a remote-only culture that gives our employees a sense of meaning, connection and belonging, including through our mentorship program, town halls, regular in-person offsites and virtual activities.

Corporate Information

We are a fully remote company and do not maintain principal executive offices. Our mailing address is 1521 Concord Pike, Suite 301, PMB 221, Wilmington, DE 19803, and our telephone number is (888) 654-7473. Our website address is http://www.phreesia.com. We do not incorporate the information on or accessible through our website into this report, and you should not consider any information on, or that can be accessed through, our website as part of this report.

Available Information

Our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and all amendments to these filings, are available free of charge from our investor relations website at https://ir.phreesia.com as soon as reasonably practicable following our filing with or furnishing to the Securities and Exchange Commission, or SEC, of any of these reports. The SEC maintains an Internet website at https://www.sec.gov that contains reports, proxy and information statements, and other information regarding issuers that file electronically with the SEC.

Phreesia investors and others should note that we announce material information to the public about our company, products and services and other issues through a variety of means, including our website at https://www.phreesia.com, our investor relations website at https://ir.phreesia.com, press releases, SEC filings and public

13

Table of Contents

conference calls, in order to achieve broad, non-exclusionary distribution of information to the public. We also use the following social media channels as a means of disclosing information about the company, our solutions, our planned financial and other announcements and attendance at upcoming investor and industry conferences, and other matters and for complying with our disclosure obligations under Regulation FD:

PHREESIA X Account (https://x.com/phreesia)

PHREESIA Facebook Page (https://www.facebook.com/phreesia/)

PHREESIA LinkedIn Page (https://www.linkedin.com/company/phreesia)

PHREESIA Instagram Account (https://www.instagram.com/phreesia.co)

PHREESIA News Page (https://www.phreesia.com/news/)

PHREESIA Network Solutions X Account (https://x.com/phreesianetwork)

PHREESIA Network Solutions Facebook Page (https://www.facebook.com/phreesianetworksolutions/)

PHREESIA Network Solutions LinkedIn Page (https://www.linkedin.com/company/phreesia-network-solutions/)

PHREESIA Network Solutions Page (https://networksolutions.phreesia.com)

INSIGNIA Health website (https://www.insigniahealth.com/)

MEDIFIND website (https://www.medifind.com/)

ACCESSONE website (https://accessonepay.com/)

ACCESSONE LinkedIn Page (https://www.linkedin.com/company/accessone/)

We encourage our investors and others to review the information we make public in these locations as such information could be deemed to be material information. Please note that this list may be updated from time to time.

The contents of any website or social media channel referred to in this Annual Report on Form 10-K are not intended to be incorporated into this Annual Report on Form 10-K or in any other report or document we file with the SEC, and any references to our websites are intended to be inactive textual references only.