NASDAQ: TALKW

•
Direct-to-Enterprise (“DTE”), comprised of enterprises who offer their enterprise members access to our platform while their enterprise is under an active contract with Talkspace, and

•
Individual subscribers (“Consumer”) who subscribe directly to our platform.

Our vast nationwide network of 5,700+ licensed providers, located across all 50 U.S. states and the District of Columbia, include therapists and psychiatric providers with specialized knowledge of more than 150 conditions and treatment modalities. Our psychiatry clinicians, may at their discretion, refer the member to a primary care provider or in-person psychiatrist if the clinical need arises, including to address potential needs for controlled substances. In accordance with the Drug Enforcement Administration (“DEA”) Ryan Haight Act, Talkspace providers do not prescribe controlled substances.

Our network of fully-credentialed providers is sustained and enhanced by an attractive value proposition to providers, including flexibility, convenience, efficiency, professional development opportunities and compensation. We also believe that our platform provides other benefits to providers through expanded clinical reach, steady access to member referrals, reduced administrative burdens, more efficient time utilization and data-driven clinical insights. We designed our provider network to be scalable and to leverage a hybrid model of both employee providers and independently contracted providers to support multiple growth scenarios.

For the year ended December 31, 2025 our revenues were $228.9 million compared to $187.6 million for the year ended December 31, 2024. For the year ended December 31, 2025, our clinicians completed 1,617,000 sessions related to members covered under our Payor customers compared to 1,229,200 completed sessions for the year ended December 31, 2024. As of December 31, 2025, we had approximately 5,000 Consumer active members compared to 7,200 Consumer active members as of December 31, 2024.

Pending Merger with Universal Health Services, Inc.

On March 9, 2026, we entered into a definitive Agreement and Plan of Merger (the “Merger Agreement”) with Universal Health Services, Inc., a Delaware corporation ("UHS"), and UHS Merger Subsidiary, Inc., a Delaware corporation and an indirect wholly owned subsidiary of UHS ("Merger Subsidiary"), pursuant to which, among other things, Merger Subsidiary will merge with and into us (the “Merger”), with us continuing as the surviving corporation and a wholly-owned subsidiary of UHS.

2

Table of Contents

Under the terms of the Merger Agreement, at the effective time of the Merger, each issued and outstanding share of our common stock (subject to certain exceptions set forth in the Merger Agreement) will be cancelled and converted into the right to receive $5.25 per share in cash. Following completion of the Merger, we will be delisted from the NASDAQ Global Select Market and deregistered under the Securities Exchange Act of 1934.

We have made customary representations and warranties in the Merger Agreement and have agreed to customary covenants regarding the operation of our business prior to the consummation of the Merger.

Consummation of the Merger is subject to customary closing conditions, including termination or expiration of any waiting periods required under the Hart-Scott-Rodino ("HSR") Act and certain specified state healthcare laws, approval by our stockholders and other customary closing conditions. The transaction is expected to close in the third quarter of 2026.

The foregoing description of the Merger Agreement does not purport to be complete and is subject to, and qualified in its entirety by, the full text of the Merger Agreement, a copy of which is filed as Exhibit 2.1 to the Current Report on Form 8-K filed by us on March 9, 2026. For additional information related to the Merger Agreement, please also refer to the other relevant materials in connection with the transaction that we have filed and will file with the SEC and that will contain important information about us and the Merger.

Our Offerings

By seeking to eliminate barriers in accessing and utilizing mental healthcare and offering providers technology-enabled tools to provide high-quality clinical care with a data-driven approach to treatment, we offer our members a robust ecosystem for end-to-end behavioral healthcare which includes psychotherapy and psychiatry services.

Psychotherapy: In psychotherapy, or “talk therapy,” members work with a licensed therapist or counselor to treat specific mental health conditions like depression or anxiety, trauma and other human challenges, including development of positive thinking and coping skills. We offer text, audio and video-based psychotherapy from licensed therapists.

Psychiatry: In psychiatry, members receive personalized, expert care from a prescriber who specializes in mental healthcare and prescription management. Typical packages include an initial video consultation and follow-up video appointments as needed based on clinical need. Like the traditional in-person medication management models, Talkspace providers can prescribe medication they deem necessary with the exception of controlled substances. If, in the provider’s discretion, the member requires in-person care in order to be prescribed a controlled substance or because their needs are unable to be met in a virtual care setting, referrals and coordination of care can be made with local providers.

Our Customers

In pursuit of our mission to expand access to all individuals in need of behavioral healthcare services, we strive to deliver effective care to a diverse customer base, with members from all socioeconomic backgrounds, ages, genders, ethnicities, geographies and income level who are located across all 50 U.S. states and select international markets. Our customers include:

Payor: We contract with a number of health insurance plans from commercial and government institutions and employee assistance programs to provide virtual therapy to their members. Members receive care directly covered through their individual health insurance plan or employee assistance program where our providers are considered in-network or pay a flat rate per session or interaction.

DTE: We contract directly with enterprises to provide their enterprise members unlimited synchronous and asynchronous care primarily on a per-member-per-month (“PMPM”) or paid-per-use (“PPU”) basis or as a fixed monthly fee. Enterprises include employers, academic organizations, higher education, and government entities and their members include employees, military personnel, students, and teens.

Consumer: We offer monthly, quarterly, bi-annual and annual membership subscription as well as supplementary a la carte offerings to individual subscribers who subscribe directly to our platform through a subscription plan.

3

Table of Contents

Technology Platform

We believe that virtual therapy offers an attractive opportunity to improve behavioral health through data science and machine learning. Through digital phenotyping and predictive modeling, the data imprint left by interactions on our platform opens a new, quantitative viewpoint into the behavioral health condition of our members. By securely leveraging our unique dataset to identify patterns, which is augmented by advanced, data-driven tools to personalize care, we believe we are able to optimize clinical outcomes. We have designed our technology platform and information practices to achieve and maintain compliance with HIPAA and other legal requirements regarding the confidentiality of patient information. We maintain a written privacy and information security management program, led by designated subject matter experts, in order to (i) limit how we use and disclose protected health information of the members who utilize our technology platform or therapeutic services, (ii) implement reasonable administrative, physical, and technical safeguards to protect such information from misuse or cyber-attacks, and (iii) assist our customers with certain duties such as access to information under the privacy standards, among other program elements. We require our agents and subcontractors who have access to such information to enter into written agreements that require them to meet the same standards for security and privacy. We obtain third-party examinations of our controls relating to security and data privacy. In particular, we regularly obtain a Type II Service Organization Control SOC 2 report (Reporting on Controls at a Service Organization relevant to security, availability and privacy). We also retain outside consultants to regularly assess our vulnerability through penetration testing and analysis of our compliance with the HIPAA Security Rule.

The following table depicts the technology-enabled process flow that supports our platform:

Matching algorithm: We utilize machine learning to create a custom match for each new member. Our matching algorithm combines information from both structured and unstructured sources to predict which therapists have the greatest chance of success with each patient. Our matching model concurrently gathers member and historical outcomes and screens the therapists’ population to match the patient’s characteristics, clinical needs and preferences. Our machine learning technology also enables us to track the frequency and quality of clinical interactions, allowing us to provide a better therapist match should the patient request a new clinician.

Robust data ecosystem: We have a closed-loop data ecosystem providing a multi-dimensional view of the individuals who seek treatment on our platform. This data provides a holistic picture of each user – diagnoses, treatment plans, medical history, personal history, and clinical outcomes. Our data contains over 8.6 billion words sent by millions of users via approximately 153 million anonymized messages. We have over 7.3 million completed psychological assessments. Our data contains information about members collected by therapists, including approximately 1.6 million diagnoses and approximately 6.2 million progress and psychotherapy notes. Our data also contains information about therapists reported by members, including over 3.6 million therapist ratings. We believe the size and depth of our clinical data is vast relative to the industry and is a differentiating element of our digitally-native modality.

4

Table of Contents

Empowering providers to deliver enhanced care: Our providers are equipped with tools that allow them to optimize time utilization and improve clinical efficacy. One of the leading challenges in behavioral healthcare is a patient’s premature termination of engagement with the provider and, thus, a core focus of our machine learning strategy is to drive member engagement and increase care continuity, helping members to continue treatment long enough to reap its benefits. In order to extend the lifetime duration of our member base, we provide our providers insights on their patients’ needs and behaviors and offer techniques and suggestions that we believe are likely to maximize their patients’ satisfaction and engagement. These insights, delivered through our fully-integrated data intelligence platform, help providers to deliver effective treatments to their patients, and raise members’ awareness when tracking their own clinical progress.

Performance tracking and feedback: Our “Intro and Expectations” system detects whether providers have followed best practices in the crucial introductory phase of the therapy relationship and reminds them to do so if they have not. Our “Crisis Risk system” monitors all incoming members’ messages for linguistic features associated with potential danger or self-harm and draws providers’ attention to these cases. Our “Session Highlights system” provides a weekly digest of patient messages and helps therapists draft notes on clinical progress.

Competition

We view as competitors those companies whose primary business is developing and marketing telehealth and virtual behavioral health platforms and services. Key competitive factors include technology, breadth and depth of functionality, range of associated services, operational experience, customer support, extent of customer and member bases and reputation, among other factors. Our key competitors in the telehealth and teletherapy markets are Teladoc Health, Inc., Lyra Health, Inc., American Well Corp., and Spring Care, Inc., among other industry participants.

In addition, large, well-financed health systems and health plans have in some cases developed their own virtual behavioral health tools and may provide these solutions to their consumers at discounted prices. In the future we may face competition from large technology companies, such as Apple, Meta, Verizon, or Microsoft, who may wish to develop their own virtual behavioral health solutions, as well as from large retailers like Walmart. We believe that the breadth of our existing customer and member bases, the depth of our technology platform, and our business-to-business focus on integrating freely with multiple platforms increases the likelihood that stakeholders seeking to develop virtual behavioral healthcare solutions will choose instead to collaborate with Talkspace.

Therapists, Physicians and Healthcare Professionals

Talkspace LLC, our wholly-owned subsidiary, is party to various agreements including Management Services Agreements (“MSAs”) with Talkspace Provider Network, PA (“TPN”), a Texas professional association entity, which in turn contracts with our other affiliated professional entities ("PC entities"), physicians, therapists, and other licensed professionals for clinical and professional services provided to our members. Pursuant to the MSAs, Talkspace LLC is the managing entity (the “Manager”) and provides management and administrative resources and services essential to the operations of these entities and receives a management fee for these services and reimbursement of expenses incurred. TPN and the PC entities in turn have the obligation under the MSAs to engage all licensed physicians and other health professionals to provide behavioral healthcare services to our customers.

This structure in which we operate under various MSAs with professional associations and professional corporations authorized by state law to contract with affiliated professionals to deliver teletherapy services to our customers, helps ensure we are able to comply with all applicable regulatory requirements, including the corporate practice of medicine and fee-splitting laws, that are necessarily implicated by engaging in telehealth care that can only be delivered by physicians.

Refer to Note 13, “Variable Interest Entities” in the notes to consolidated financial statements included in Part II, Item 8 of this Form 10-K.

5

Table of Contents

Human Capital Overview

The Company’s workforce is critical to the creation and delivery of its services and the success of the Company. Our ability to attract, develop and retain talented employees and independent contractors with the skills and capabilities needed by our business is a key component of our long-term growth and our mission of providing more people with convenient access to quality, affordable behavioral healthcare. The Company views full-time employees and independently contracted providers as its total workforce, and each is eligible for the various formal and informal programs and resources to support, recruit, train and retain its team members. The Company's human capital network includes, but is not limited to, employee and independently contracted providers (licensed therapists, psychologists, psychiatrists), as well as employees in various support functions throughout the Company. The human capital needs and strategy of our business is overseen by the Company's Board of Directors and Chief Executive Officer and supported by the Company’s Human Resources Department, which reports directly to the Chief Executive Officer. As of December 31, 2025, we had 598 employees comprised of 349 providers and 249 professionals supporting the accounting, finance, technology, sales, marketing and other support functions and 5,396 independently contracted providers.

Culture and Values

Tone at the top is what drives us. We are committed to maintaining a respectful, secure and supportive workplace culture with open communication and accessible, safe channels for feedback. Our Company’s Core Values are Innovation, Quality and Kindness. In addition, all employees are required to complete training and affirm compliance with the Talkspace Code of Business Conduct and Ethics (the “Code”), which confirms the Company’s policy to conduct its affairs in compliance with all applicable laws and regulations and observe the highest standards of business ethics. The Code is reviewed regularly by the Audit Committee and approved by the Board of Directors and is complemented by other policies and training. Any violations of our Code are encouraged to be immediately reported and are kept anonymously.

Diversity and Inclusion

Talkspace is committed to creating and maintaining a workplace in which all employees have an opportunity to participate and contribute to the success of the business. Talkspace provides equal employment opportunities to all employees and applicants for employment without regard to race, color, ancestry, national origin, gender, sexual orientation, marital status, religion, age, disability, gender identity, results of genetic testing, or service in the military. Equal employment opportunity applies to all terms and conditions of employment, including hiring, placement, promotion, separation, transfers, compensation, and training. The Company is committed to cultivating diversity and broadening opportunities for inclusion across its business through its recruitment practices, employee development and mentoring and inclusivity programs.

Compensation and Benefits

The Company is committed to hiring the most qualified candidates to fill open positions. Whenever appropriate and possible, open positions are filled with internal candidates to help team members in their career development and enrich a culture of growth. Compensation and benefits programs are focused on attracting, retaining and motivating the top talent necessary to achieve the Company’s mission in ways that reflect its diverse workforce’s needs and priorities. In addition to competitive salaries, the Company and its businesses have established short and long-term incentive programs including stock-based compensation awards and cash-based performance bonus awards, which are designed to motivate and reward performance against key business objectives and facilitate retention. Performance bonus allocations are provided based on the organization meeting its financial goals, the employee achieving goals set by their supervisor, and per the employment agreements and/or any other written agreement. In addition, the Company provides retirement benefits and other comprehensive benefit options to meet the needs of its employees, including healthcare benefits, 401(k) Company match, tax advantaged savings vehicles, life and disability insurance, paid time off, flexible working arrangements, generous parental leave policies and access to wellness programs.

Training and Development

Our growth mindset culture begins with valuing learning over knowing – seeking out new ideas, driving innovation, embracing challenges, learning from failure, and improving over time. The Company strives to provide mentorship and career development to existing employees to help everyone on the team reach their full potential and employees are encouraged to reach out to their supervisors if further development training is needed.

6

Table of Contents

The Company provides people leader learning and development, including self-paced learning modules, regular People Leader sessions and asynchronous learning and communication opportunities. In addition, the Company provides ongoing training in areas related to HIPAA, Cybersecurity, Security and Privacy Controls, Fraud Waste, and Abuse and Anti-Harassment and Discrimination training, among others.

U.S. Government Regulation

Our operations are subject to comprehensive United States federal, state and local and international regulation in the jurisdictions in which we do business. Our ability to operate profitably will depend in part upon our ability, and that of our affiliated providers, to maintain all necessary licenses and to operate in compliance with applicable laws and rules. Those laws and rules continue to evolve and can become more restrictive, and we therefore devote significant resources to monitoring developments in healthcare and medical practice regulation. As the applicable laws and rules change, we are likely to make conforming modifications in our business processes from time to time. In some jurisdictions where we operate, neither our current nor our anticipated business model has been the subject of formal judicial or administrative interpretation. We cannot be assured that a review of our business by courts or regulatory authorities will not result in determinations that could adversely affect our operations or that the healthcare regulatory environment will not change in a way that impacts our operations.

For an additional discussion of our regulatory environment, see “Risk Factors—Risk Related to Our Legal and Regulatory Environment” included in Part I, Item 1A of this Form 10-K.

Telehealth and Teletherapy Provider Licensing, Medical Practice, Certification and Related Laws and Guidelines

The practice of medicine, including the provision of therapy services, is subject to various federal, state and local certification and licensing laws, regulations, approvals and standards, relating to, among other things, the adequacy of medical care, the practice of medicine and licensed professional services (including the provision of remote care), equipment, personnel, operating policies and procedures and the prerequisites for the prescription of medication and ordering of tests. The application of some of these laws to telehealth and teletherapy is evolving, and subject to ongoing rulemaking, regulatory guidance, and differing interpretations. Certain aspects of remote prescribing, including prescribing of controlled substances via telemedicine, are also subject to evolving federal requirements, including through agency rules and guidance, and state requirements.

Physicians, therapists and other licensed professionals who provide professional medical and therapy services to a patient via telehealth and teletherapy must, in most instances, hold a valid license to practice medicine or another licensed profession in the state in which the patient is located. We have established systems for ensuring that our affiliated professionals are appropriately licensed under applicable state law and that their provision of telehealth and teletherapy to our members occurs in each instance in compliance with applicable rules governing telehealth and teletherapy. Failure to comply with these laws and regulations could result in licensure actions against the professionals, our services being found to be non-reimbursable, or prior payments being subject to recoupments and can give rise to civil, criminal or administrative penalties.

Corporate Practice of Medicine Laws in the U.S.; Fee Splitting

We contract with therapists directly, or through their affiliated professional entities, as well as with professional associations and, professional corporations owned by affiliated physicians (collectively, “PCs”), to provide access to our platform and to provide therapy to their patients. We have entered into MSAs with TPN and the PC entities pursuant to which we provide billing, scheduling and a wide range of other administrative and management services in exchange for management and other service fees. These contractual relationships are subject to various state laws that prohibit fee splitting or the corporate practice of the applicable professional services by lay entities or persons and that are intended to prevent unlicensed persons from interfering with or influencing a licensed professional’s clinical judgment. Activities other than those directly related to the delivery of healthcare may be considered an element of the practice of the applicable profession in many states. Under the corporate practice of doctrines of certain states, decisions and activities such as contracting, setting rates and the hiring and management of personnel may fall under the restrictions on the corporate practice prohibition.

State corporate practice doctrines and fee splitting laws and rules vary from state to state. In addition, these requirements are subject to broad interpretation and enforcement by state regulators. Some of these requirements may apply to us even if we do not have a physical presence in the state, based solely on our engagement of a provider licensed in the state or the provision of telehealth and teletherapy to a resident of the state. Thus, regulatory authorities or other parties, including our providers, may assert that, despite these arrangements, we are engaged in the corporate practice of medicine or a licensed profession or that our contractual arrangements with affiliated providers constitute unlawful fee splitting.

7

Table of Contents

In such event, failure to comply could lead to adverse judicial or administrative action against us and/or our affiliated providers, civil, criminal or administrative penalties, receipt of cease and desist orders from state regulators, loss of provider licenses, the need to make changes to the terms of engagement of our providers that interfere with our business, and other materially adverse consequences.

U.S. Federal and State Fraud and Abuse Laws

With the enrollment in Medicare, some services are currently reimbursed by government healthcare programs, which could expose our business to broadly applicable fraud and abuse laws and other healthcare laws and regulations that would regulate the business. Applicable and potentially applicable U.S. federal and state healthcare laws and regulations include, but are not limited to, those discussed below.

Federal Stark Law

We are subject to the federal self-referral prohibitions, commonly known as the Stark Law. Where applicable, this law prohibits a physician from referring Medicare patients to an entity providing “designated health services” such as laboratory and other diagnostic services and prescription drugs that are furnished at an entity if the physician or a member of such physician’s immediate family has a “financial relationship” with the entity, unless an exception applies. Sanctions for violating the Stark Law include denial of payment, civil monetary penalties of up to $26,125 per claim submitted and twice the value of each such service and exclusion from the federal healthcare programs.

Failure to refund amounts received as a result of a prohibited referral on a timely basis may constitute a false or fraudulent claim and may result in civil penalties and additional penalties under the federal False Claims Act (“FCA”). The statute also provides for a penalty of up to $174,172 for a circumvention scheme. The Stark Law is a strict liability statute, which means proof of specific intent to violate the law is not required. In addition, the government and some courts have taken the position that claims presented in violation of the various statutes, including the Stark Law, can be considered a violation of the FCA (described below) based on the contention that a provider impliedly certifies compliance with all applicable laws, regulations and other rules when submitting claims for reimbursement. A determination of liability under the Stark Law for TPN, the PC entities or our affiliated physicians could have a material adverse effect on our business, financial condition and results of operations.

Federal Anti-Kickback Statute

We are subject to the federal Anti-Kickback Statute for services reimbursable by government healthcare programs. The Anti-Kickback Statute is broadly worded and prohibits the knowing and willful offer, payment, solicitation or receipt of any form of remuneration in return for, or to induce, (i) the referral of a person covered by Medicare, Medicaid or other governmental programs, (ii) the furnishing or arranging for the furnishing of items or services reimbursable under Medicare, Medicaid or other governmental programs or (iii) the purchasing, leasing or ordering or arranging or recommending purchasing, leasing or ordering of any item or service reimbursable under Medicare, Medicaid or other governmental programs. Certain federal courts have held that the Anti-Kickback Statute can be violated if “one purpose” of a payment is to induce referrals. In addition, a person or entity does not need to have actual knowledge of this statute or specific intent to violate it to have committed a violation, making it easier for the government to prove that a defendant had the requisite state of mind or “scienter” required for a violation. Moreover, the government may assert that a claim including items or services resulting from a violation of the Anti-Kickback Statute constitutes a false or fraudulent claim for purposes of the FCA, as discussed below. Violations of the federal Anti-Kickback Statute may result in civil monetary penalties up to $105,563 for each violation, plus up to three times the remuneration involved. Civil penalties for such conduct can further be assessed under the FCA. Violations of the federal Anti-Kickback Statute can also result in criminal penalties, including criminal fines of more than $100,000 and imprisonment of up to 10 years. Similarly, violations can result in exclusion from participation in government healthcare programs, including Medicare and Medicaid. Imposition of any of these remedies could have a material adverse effect on our business, financial condition and results of operations, if in the future we provide services reimbursable by government healthcare programs. In addition to a few statutory exceptions, the Office of Inspector General (“OIG”) has published safe-harbor regulations that outline categories of activities that are deemed protected from prosecution under the Anti-Kickback Statute provided all applicable criteria are met. The failure of a financial relationship to meet all of the applicable safe harbor criteria does not necessarily mean that the particular arrangement violates the Anti-Kickback Statute. However, conduct and business arrangements that do not fully satisfy each applicable safe harbor may result in increased scrutiny by government enforcement authorities, such as the OIG.

8

Table of Contents

False Claims Act

Both federal and state government agencies have continued civil and criminal enforcement efforts as part of numerous ongoing investigations of healthcare companies and their executives and managers. Although there are a number of civil and criminal statutes that can be applied to healthcare providers, a significant number of these investigations involve the FCA. These investigations can be initiated not only by the government but also by a private party asserting direct knowledge of fraud. These “qui tam” whistleblower lawsuits may be initiated against any person or entity alleging such person or entity has knowingly or recklessly presented, or caused to be presented, a false or fraudulent request for payment from the federal government or has made a false statement or used a false record to get a claim approved. In addition, the improper retention of an overpayment for 60 days or more is also a basis for an FCA action, even if the claim was originally submitted appropriately. Penalties for FCA violations include fines ranging from $13,508 to $27,018 for each false claim, plus up to three times the amount of damages sustained by the federal government. An FCA violation may provide the basis for exclusion from the federally funded healthcare programs.

State Fraud and Abuse Laws

Several states in which we operate have also adopted or may adopt similar self-referral, anti-kickback, fraud, whistleblower and false claims laws as described above. The scope of these laws and the interpretations of them vary by jurisdiction and are enforced by local courts and regulatory authorities, each with broad discretion. Some state fraud and abuse laws apply to items or services reimbursed by Medicaid programs and any third-party payer, including commercial insurers or to any payer, including to funds paid out of pocket by a patient. A determination of liability under such state fraud and abuse laws could result in fines and penalties and restrictions on our ability to operate in these jurisdictions.

Other Healthcare Laws

FCA established several separate criminal penalties for making false or fraudulent claims to insurance companies and other non-governmental payers of healthcare services. Under FCA, these two additional federal crimes are: “Healthcare Fraud” and “False Statements Relating to Healthcare Matters.” The Healthcare Fraud statute prohibits knowingly and recklessly executing a scheme or artifice to defraud any healthcare benefit program, including private payers. A violation of this statute is a felony and may result in fines, imprisonment, or exclusion from government sponsored programs. The False Statements Relating to Healthcare Matters statute prohibits knowingly and willfully falsifying, concealing, or covering up a material fact by any trick, scheme or device or making any materially false, fictitious, or fraudulent statement in connection with the delivery of or payment for healthcare benefits, items, or services. A violation of this statute is a felony and may result in fines or imprisonment. This statute could be used by the government to assert criminal liability if a healthcare provider knowingly fails to refund an overpayment. These provisions are intended to punish some of the same conduct in the submission of claims to private payers as the federal False Claims Act covers in connection with governmental health programs. In addition, the Civil Monetary Penalties Law imposes civil administrative sanctions for, among other violations, inappropriate billing of services to federally funded healthcare programs and employing or contracting with individuals or entities who are excluded from participation in federally funded healthcare programs. Moreover, a person who offers or transfers to a Medicare or Medicaid beneficiary any remuneration, including waivers of copayments and deductible amounts (or any part thereof), that the person knows or should know is likely to influence the beneficiary’s selection of a particular provider, practitioner or supplier of Medicare or Medicaid payable items or services may be liable for civil monetary penalties of up to $10,000 for each wrongful act. Furthermore, in certain cases, providers who routinely waive copayments and deductibles for Medicare and Medicaid beneficiaries can also be held liable under the Anti-Kickback Statute and civil False Claims Act, which can impose additional penalties associated with the wrongful act. One of the statutory exceptions to the prohibition is non-routine, unadvertised waivers of copayments or deductible amounts based on individualized determinations of financial need or exhaustion of reasonable collection efforts. The OIG emphasizes, however, that this exception should only be used occasionally to address special financial needs of a particular patient. Although this prohibition applies only to federal healthcare program beneficiaries, the routine waivers of copayments and deductibles offered to patients covered by commercial payers may implicate applicable state laws related to, among other things, unlawful schemes to defraud, excessive fees for services, tortious interference with patient contracts, and statutory or common law fraud.

U.S. State and Federal Health Information Privacy and Security Laws

There are numerous U.S. federal and state laws and regulations related to the privacy and security of personal information, including health information. In particular, HIPAA imposes a number of requirements on covered entities and their business associates relating to the use, disclosure and safeguarding of protected health information.

9

Table of Contents

These requirements include uniform standards of common electronic healthcare transactions; privacy and security regulations; and unique identifier rules for employers, health plans and providers. In addition, the Health Information Technology for Economic and Clinical Health Act, or HITECH, provisions of the American Recovery and Reinvestment Act of 2009 and corresponding implementing regulations have imposed additional requirements on the use and disclosure of protected health information such as additional breach notification and reporting requirements, contracting requirements for HIPAA business associate agreements, strengthened enforcement mechanisms and increased penalties for HIPAA violations. Federal consumer protection laws may also apply in some instances to privacy and security practices related to personal information.

Regulatory expectations regarding administrative, technical, and physical safeguards continue to evolve, including through regulatory guidance and proposed updates to HIPAA security requirements.

Violations of HIPAA may result in civil and criminal penalties. However, a single breach incident can result in violations of multiple standards, including privacy, security, and breach notification requirements. Our management responsibilities to TPN and the PC entities include assisting it with its obligations under HIPAA’s breach notification rule. Under the breach notification rule, covered entities must notify affected individuals without unreasonable delay and no later than 60 days following the discovery of a breach of unsecured protected health information (“PHI”), which may compromise the privacy, security or integrity of the PHI. In addition, notification must be provided to the U.S. Department of Health and Human Services (“HHS”) and the local media in cases where a breach affects more than 500 individuals. Breaches affecting fewer than 500 individuals must be reported to HHS on an annual basis. HIPAA also requires a business associate to notify its covered entity customers of breaches by the business associate. State attorneys general may also enforce HIPAA violations, and overlapping state laws may impose additional obligations.

State attorneys general also have the right to prosecute HIPAA violations committed against residents of their states. While HIPAA does not create a private right of action that would allow individuals to sue in civil court for a HIPAA violation, its standards have been used as the basis for the duty of care in state civil suits, such as those for negligence or recklessness in misusing personal information. In addition, HIPAA mandates that HHS conduct periodic compliance audits of HIPAA covered entities and their business associates for compliance. It also tasks HHS with establishing a methodology whereby harmed individuals who were the victims of breaches of unsecured PHI may receive a percentage of the civil monetary penalty fine paid by the violator. In light of the HIPAA Omnibus Final Rule, recent enforcement activity, and statements from HHS, we expect increased federal and state HIPAA privacy and security enforcement efforts.

Many states in which we operate and in which our patients reside also have laws that protect the privacy and security of sensitive and personal information, including health information. Moreover, state laws may be similar to or even more protective than HIPAA and other federal privacy laws. For example, the laws of the State of California, in which we operate, are more restrictive than HIPAA. Where state laws are more protective/restrictive than HIPAA, we must comply with the state laws we are subject to, in addition to HIPAA. In certain cases, it may be necessary to modify our existing or planned operations and procedures to comply with these more stringent state laws. Not only may some of these state laws impose fines and penalties upon violators, but, unlike HIPAA, some may afford private rights of action to individuals who believe their personal information has been misused. In addition, state laws could change rapidly, and there is currently a new federal privacy law or federal breach notification law under consideration to which we may be subject.

In addition to HIPAA and state health information privacy laws, we may be subject to other state and federal privacy laws, including laws that prohibit unfair privacy and security acts or practices and deceptive statements about privacy and security and laws that place specific requirements on certain types of activities, such as data security and texting. The FTC and states’ attorneys general have brought enforcement actions and prosecuted some data breach cases as unfair and/or deceptive acts or practices under the FTC Act and similar state laws. Further, the California Consumer Protection Act of 2018 (the “CCPA”), which took effect in 2020 and to which we are subject, imposes obligations and restrictions on businesses regarding their collection, use, and sharing of personal information and provides new and enhanced data privacy rights to California residents, such as affording them the right to access and delete their personal information and to opt out of certain sharing of personal information. Additionally, the California Privacy Rights Act (“CPRA”), which came into effect on January 1, 2023, significantly amends and expands the CCPA, including by providing consumers with additional rights with respect to their personal information. The CPRA also creates a new state agency that will be vested with authority to implement and enforce the CCPA and the CPRA. Laws similar to the CCPA and CPRA have passed in Colorado, Connecticut, Iowa, Indiana, Montana, Tennessee, Texas, Oregon, Utah, Virginia, and Washington and are expected in other states and at the federal level, reflecting a trend toward more stringent privacy legislation in the United States.

10

Table of Contents

In addition, certain states have adopted or may adopt laws that regulate consumer health data specifically and may impose requirements beyond those applicable to other categories of personal information. In recent years, there have been a number of well publicized data breaches involving the improper use and disclosure of personal information and PHI. Many states have responded to these incidents by enacting laws requiring holders of personal information to maintain safeguards and to take certain actions in response to a data breach, such as providing prompt notification of the breach to affected individuals and state officials and providing credit monitoring services and/or other relevant services to impacted individuals. In addition, under HIPAA, breach notification laws and pursuant to the related contracts that we enter into with our customers who are covered entities, we must report breaches of unsecured PHI to our customers following discovery of the breach. Notification must also be made in certain circumstances to affected individuals, federal authorities and others.

Intellectual Property

It is important to our business that we establish intellectual property and maintain, protect and enforce our intellectual property rights. We rely on a combination of patent, copyright, trademark and trade secret laws, as well as confidentiality procedures and contractual provisions and other legal rights to establish and enforce our brand, proprietary technology and other intellectual property rights.

Through March 13, 2026, the Company has been approved for one patent in the United States related to “System and Method in Monitoring Engagement” which relates to the tracking of therapeutic progress between therapist and customer. We also have one patent that is pending and several other provisional applications in the United States. We intend to continue to apply for additional patents relating to our software and technology. We cannot assure whether any of our patent applications will result in the issuance of a patent or whether the examination process will require us to narrow our claims.

Sentia AI, LLC is Talkspace’s wholly-owned subsidiary dedicated to proprietary AI development. “Sentia” refers to Talkspace’s behavioral-health-focused large language model (“LLM”) that Talkspace intends to utilize in future products, primarily where a member has a conversation with an agent. Other products that may use the LLM could be using the model in other healthcare systems, creating a special condition-based agent, or other use cases. Sentia is also the name of the user-facing product, currently in beta testing, that enables people to chat with the Sentia LLM about their mental health and well-being (the “Sentia Project”). The Sentia Project incorporates several other subsystems, including risk models, quality models, and the quality management system. Talkspace has developed a proprietary Clinical Quality Model to evaluate the quality of the content the Sentia LLM produces. More specifically, we use this algorithm to assess the Sentia LLM’s alignment with what a well-trained, skilled, and licensed therapist would say in a given clinical setting — recognizing that the Sentia Project is not therapy and is not intended to diagnose, treat, cure, or prevent any disease. The Sentia Project instead utilizes five distinct risk algorithms to automatically assess the potential presence of clinical risk based on the user’s asynchronous communications with the model. At this point, the system can flag chat sessions needing elevated therapy service.

We own and use trademarks and service marks on or in connection with our business and services, including both registered marks and unregistered trademarks in the United States. In addition, we rely on other forms of intellectual property protection including trade secrets, know-how and other unpatented proprietary processes, in each case in support of our business. We make efforts to maintain and protect our intellectual property and the proprietary aspects of our products and technologies, including through the use of nondisclosure agreements and the monitoring of our competitors. Although we take steps to protect our trade secrets and know-how, third parties may independently develop or otherwise gain access to our trade secrets and know-how by lawful means. We require our employees, consultants and certain of our contractors to execute confidentiality agreements in connection with their employment or consulting relationships with us but we cannot guarantee that we have executed such agreements with all applicable counterparties. Furthermore, these agreements may be breached, and we may not have an adequate remedy for any such breach. We also require our employees and consultants to disclose and assign to us inventions conceived during the term of their employment or engagement while using our property or which relate to our business. We also license certain intellectual property rights that are used in our business from third parties.

From time to time, we may become involved in legal proceedings relating to intellectual property arising in the ordinary course of our business, including opposition to our applications for patents, trademarks, challenges to the validity of our intellectual property rights, and claims of intellectual property infringement. We are not presently a party to any such legal proceedings that, in the opinion of our management, would individually or taken together have a material adverse effect on our business, financial condition, results of operations or cash flows.

11

Table of Contents

Additional Information

The Company's principal place of business is at 622 Third Avenue, New York, NY 10017 and its telephone number is (212) 284-7206. The Company's website address is talkspace.com. The Company makes available free of charge on the investors section of its website the Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, Proxy Statements and other SEC filings and all amendments to those reports filed or furnished to the SEC pursuant to Section 13(a), 14 or 15(d) of the Exchange Act, as soon as reasonably practicable after we file or furnish such materials to the SEC. The SEC also maintains a website (www.sec.gov) that contains these reports, proxy, information statements and other information. The information on our website is not, and will not be deemed to be, a part of this Annual Report on Form 10-K or incorporated into any of our other filings with the SEC, except where we expressly incorporated such information.

12

Table of Contents