NASDAQ: WAY

Our purpose-built software platform is designed to addresses these challenges and help optimize healthcare payments across all stages of the patient journey. Our clients utilize our software to manage pre-encounter workflows such as eligibility checks and prior authorization approvals, as well as mid-encounter workflows such as utilization management, coding and documentation accuracy, and back-end activities including co-pay collection, payer claims submission and monitoring, and denied claims appeals. Our software helps to avoid or reduce billing errors throughout the healthcare payment workflow, from pre-encounter eligibility verification to determine patient insurance benefits and benefits prior to rendering services, to mid- and post-encounter solutions such as our clinical integrity and revenue capture suite which identifies and resolves missing documentation, codes and charges and errors in claims submissions by providers, our claims management suite which helps ensure submissions are in accordance with payer contracts, and our denial recovery solution, which offers a root-cause reporting tool for denied claims to help reduce preventable denials in the future.

Our software is used daily by providers of all types and sizes across the continuum of care, including physician practices, clinics, surgical centers, and laboratories, as well as large hospitals and health systems. We currently serve over 30,000 clients of various sizes, representing over one million distinct providers practicing across a variety of care sites, including 16 of 20 U.S. News Best Hospitals list. Our client base is highly diversified, and for the year ended December 31, 2025, our top 10 clients accounted for only 10.8% of our total revenue for such period. Our business model aligns with our clients' growth; as they serve more patients, claims and transactional volumes increase, driving corresponding growth in our business. In addition, our clients frequently adopt a greater number of our solutions over time and introduce our solutions across new sites of care. In 2025, we facilitated over 7.5 billion healthcare payments transactions spanning approximately 60% of patients and one-in-three hospital discharges in the United States.

Our platform benefits from powerful network effects. Our cloud-based software is driven by a sophisticated, automated, and curated AI-powered engine to generate and incorporate real-time feedback from millions of network transactions processed through our platform each day. Every transaction we process provides additional data insights across providers, patients, and payers, which are embedded in updates that are deployed efficiently across our platform. This results in cumulative benefits to us over time. As we capture more data from each transaction we process, we leverage those insights to continuously improve the platform through Waystar AltitudeAI, our proprietary AI engine. Waystar AltitudeAI utilizes a multi-model approach that incorporates machine learning, large language models, and generative and

6

Table of Contents

agentic AI to automate complex workflows and deliver added value to our clients. In turn, the more value we create for our clients, the more likely it is that they will continue to use our products, allowing us to continue to capture additional data that results in tangible improvements to our platform. As a result, our clients benefit from faster and more efficient performance from software that is evolving to meet ever-changing regulatory and payer requirements, enabling accurate and timely reimbursement.

Industry Background

Healthcare is one of the largest and most complex vertical end-markets within the U.S. economy, accounting for 18.0% of the U.S. gross domestic product as of 2024. According to the Council for Affordable Quality Healthcare (CAQH), total U.S. healthcare spending was $4.9 trillion in 2024. National health expenditures are expected to grow 5.8% annually reaching 20.3% of GDP in 2033. According to the CAQH, the U.S. spends $440 billion on healthcare administrative costs per year.

The Waystar platform is purpose-built to address the administrative headwinds faced by healthcare providers, including:

•Antiquated legacy technology systems and data silos. The historically slow pace of digital adoption by healthcare organizations has led to a patchwork of disparate point-solutions. These software tools, most of which are hosted or installed on-premises, lack the interoperability and scalability of a modern cloud-based technology architecture, which enables the safe and efficient dissemination of critical information. This patchwork approach has also led to data silos, inhibiting transparency and data sharing and often resulting in denials or the inability to process claims efficiently.

•Reliance on inefficient, manual processes. Poorly integrated legacy systems have led many healthcare organizations to employ labor-dependent solutions to address the critical demands of their businesses, often resulting in suboptimal financial performance for providers and a substandard experience for patients.

•Increasing labor and administrative costs. According to an American Hospital Association report, labor constituted 56% of hospital expenses in 2024. Hospital labor costs increased by $51.0 billion from 2023 to 2024, reaching a total of $890 billion. Over the last four years, compensation for hospital employees has grown 26.6% faster than the rate of inflation. In addition to high labor costs, according to a Safe report, 63% of revenue cycle leaders say their teams are understaffed.

•Reimbursement complexity and collection challenges. Determining reimbursement to a provider from a payer or a patient depends on a myriad of factors that are both highly complex and constantly evolving. According to the Healthcare Financial Management Association (HFMA), approximately 25% of overall revenue cycle management spend is dedicated to error correction, compliance, and rework. Furthermore, according to a Premier national survey, healthcare providers spend approximately $20 billion annually just to contest denied claims, highlighting a significant unmet need for solutions that reduce denials and increase first-pass acceptance. Providers bear the burden of navigating reimbursement obstacles, and missteps can ultimately result in lost revenue or delayed cash flow. In addition, healthcare providers often struggle to convert patient bills (i.e., patient responsibility) to cash payments as patients are also tasked with navigating ever-changing benefits policies and interacting with outdated technology.

•Accelerating consumer demand for digital tools. Patients are bearing a greater burden of healthcare costs than ever before, with more than 50% of American private industry workers enrolling in high deductible health plans according to 2024 U.S. Bureau of Labor Statistics data. Out-of-pocket costs constituted 11% of total U.S. personal healthcare expenditures in 2024 according to CMS, and the estimated average patient lifetime spending is $1.4 million, based on a 2021 Health Management Academy Research report. Despite these trends, patients lack access to digital tools and accurate information for healthcare payments, such as transparency in insurance coverage and out-of-pocket cost estimates pre-service, as well as flexible payment arrangements to pay for care.

Our Market Opportunity

Over time, administrative workflows (e.g., human resources, information technology, accounting and finance, and customer service) that were traditionally insourced by healthcare providers have undergone a meaningful transformation.

7

Table of Contents

Seeking more effective solutions to address industry challenges, providers initially outsourced these functions to third-party specialized services vendors. However, with advances in technology infrastructure and cloud-based software, as well as increased interoperability between systems, providers are increasingly utilizing automated software solutions to further enhance efficiency. We believe the healthcare payments workflow is currently undergoing such an evolution, and that Waystar is well- positioned to benefit from providers gravitating towards more modern, software-oriented solutions.

We estimate that our TAM with respect to our current software solution set was $20 billion in 2025. To estimate our market opportunity, we categorized the United States healthcare provider market into tiers based on care setting and practice size. We then applied our average pricing by product, accounting for pricing differences at providers of varying sizes, and multiplied the average product price by the corresponding practice count per care setting to determine our TAM. Based on a third-party study commissioned by us, we believe our TAM has the potential to increase by 5% CAGR to almost $25 billion by 2030, driven by growth within healthcare payments (notably, in prior authorizations, patient payments, and revenue cycle management analytics), increased outsourcing in revenue cycle management, as well as secular technology tailwinds such as greater utilization of AI. We expect to expand our TAM further over time as we develop new solutions and address adjacent workflows. We believe we have consistently grown in excess of the market since 2016 and expect to continue growing our market share in the future by virtue of our differentiated platform and capabilities. We believe the market share of our solutions within the hospital segment and ambulatory practice segment is approximately 4% and 8%, respectively (calculated as a percentage of our revenue as compared to our TAM estimates by setting of care), respectively, demonstrating the ample white space in which we can continue to drive our growth.

The Waystar Platform

Our innovative cloud-based software platform is purpose-built to simplify our clients’ payment-related challenges. We believe our platform significantly outperforms those of our competitors, who lack either modern functionality or the ability to address the full end-to-end payments workflow.

The key components of our platform include:

•Modern, differentiated software. We provide modern, scalable healthcare payments software solutions. Our platform is aligned with best-in-class offerings in other industry verticals that include multi-tenancy, micro-services architecture, and robust data security. Our technology is cloud- native, allowing us to deploy it across any type and size of provider, from single-physician practices to the most sophisticated multi-site health systems. This single-instance, multi-tenant infrastructure is underpinned by an event-driven microservices architecture, all of which we have built in-house.

•A comprehensive solution set. Our software addresses the entire healthcare payments workflow, from pre-service patient onboarding and prior authorization through post-service payment collection. By providing a unified platform rather than disparate solutions for a client user, our solutions can meet the full demands of an entire organization, eliminating the need for point solutions, boosting productivity through a seamless end-user experience, and reducing the risk of data or information loss.

•Seamless integrations. Our solutions are integrated with a broad range of systems provided by over 500 channel partners, including ERP applications, as well as preventative maintenance ("PM") and electronic health record ("EHR") systems. This deep connectivity is an important point of differentiation and makes our solutions faster to implement, easier to use, and harder to replace.

•An expansive network. Our extensive network of clients and counterparties underpins our platform. Over more than two decades, we have built direct connectivity with healthcare payers from large health insurers to small third-party administrators to the benefit of our clients and partners. This network has allowed us to build a large database of information to generate insights and drive continuous improvements.

•Advanced AI capabilities driven by proprietary data asset. Waystar has been deploying AI for more than a decade, and today, approximately 50% of our solutions leverage AI. Our platform benefits from the industry's deepest data supply, processing 7.5 billion healthcare payments transactions annually representing over $2.4 trillion in gross claims. By combining this with clinical data from one in three U.S. hospital discharges, we have created a unique unified clinical and financial dataset that turns general AI into precise, reimbursement-driving recommendations. Our Waystar AltitudeAI capabilities utilizes a multi-modal approach - incorporating machine learning, large language models such as Google Cloud's Gemini, generative AI, and

8

Table of Contents

agentic AI - to ensure our technology is built to act rather than just analyze. This "closed-loop" architecture allows our models to continuously learn from every transaction, creating a compounding advantage that extends our competitive lead. For example, we leverage AI in our denial prevention and recovery platform, where it helps us predict the success of a claim appeal based on factors such as patient benefits, procedures performed, and specific payer behaviors. This enables providers to prioritize their workflow efforts and drive maximum recovery value. In addition, we use AI to discover missing charges and capture otherwise lost revenue by aligning claim status and escalation efforts with claim-specific expected remittance timeframes. Our agentic AI workflows further reduce administrative burden by analyzing full medical records to automatically pre-populate requests for correction with supporting clinical context, significantly reducing manual chart review and physician query time.

Our platform provides the following benefits to our clients:

•Increased revenue. Our software solutions simplify the payment process, allowing our clients to increase the share of revenue they collect.

•Quicker payments. Our software helps expedite payments by streamlining and automating cumbersome workflows that create excessive delays.

•Greater productivity. Our ability to automate portions of the payment cycle allows our clients to reduce operating costs and focus on their core mission of caring for their patients.

•Financial visibility. We deploy analytics, reporting, and forecasting tools that provide our clients with unprecedented visibility into areas where they can further improve their payment process and collections.

•Rapid time-to-value. Our architecture seamlessly integrates with our clients’ existing systems and technology. This ease of integration enables our clients to quickly realize value from our solutions while avoiding costly and distracting implementation processes associated with other types of software and support services.

Our platform enables us to provide industry-leading technology at scale to over 30,000 clients and processes over 7.5 billion healthcare payment transactions, representing more than $2.4 trillion in annual gross claims. The quality and innovation of our platform are validated by third-party recognition, including multiple Best in KLAS awards based on direct provider feedback, an Inc. Best in Business Award for AI implementation, and numerous MedTech Breakthrough Awards including Best Overall Healthcare Payments Solutions Provider.

Why Waystar Wins

Through decades of experience, we have honed our deep domain expertise, fostered long-standing client relationships, and built our library of rules and algorithms. We believe our modern, cloud-based platform combined with our subject matter expertise is extremely difficult to replicate and provides us with a meaningful competitive advantage. We believe these factors, together with the following additional strengths, position us well for continued success:

•Strong brand with attractive client ROI. The Waystar brand is synonymous with quality, reliability, robust analytics, exceptional customer service, and a deep and interconnected network. This strength is evidenced by our high NPS of 74 and #1 ranking among competitors for the percentage of clients indicating the highest level of satisfaction with our services, based on a third-party survey commissioned by us in 2023. Our brand, as well as the tangible ROI we deliver, drives strong client loyalty, as evidenced by our 112.0% Net Revenue Retention Rate for the year ended December 31, 2025. Many of our clients view us as a trusted vendor and support our success by recommending Waystar to other providers, further driving growth and adoption of our solutions. As a testament to this trust, Forbes named Waystar to its 2025 Most Trusted Companies in America list. Our award-winning brand attracts exceptional talent to help us further our mission.

•Differentiated client experience. We have a relentless focus on operational execution and deliver an outstanding client experience. According to a third-party survey commissioned by us in 2025, Waystar ranks #1 in client satisfaction with implementation time, 95% of clients are satisfied with our integrations with other systems, and 98% of clients say we deliver on trust very well or extremely well. We frequently receive client recognition and industry awards, including being named a top client- rated healthcare payments platform by

9

Table of Contents

BlackBook across 17 categories. For our larger clients, we deploy a client success team, which serves as both a dedicated resource and trusted strategic partner to help drive value. Our client success team provides day-to-day operational support, has regular update calls and account reviews, quarterly in-person reviews, and ongoing on-site training. From our consistently on-time implementations to our highly responsive client service, we seek to support our clients so they can maximize the benefits of our software.

•Mission-driven innovation culture. We have cultivated a company culture that is focused on helping our clients by developing and delivering industry-leading software solutions. This innovation-focused culture has been foundational in creating a modern technology platform that delivers a comprehensive end-to-end suite of solutions with an intuitive user interface. According to a third-party survey commissioned by us in 2025, Waystar ranks #1 in satisfaction for rate of product innovation and vision and 95% of clients are satisfied with our capabilities in automation.

•Experienced leadership and technology teams with a track record of execution. Our values-driven and award-winning leadership team brings together deep experience in the software and healthcare industries and strong relationships with our clients and key stakeholders. Several of our executives and team leaders have been with our predecessor companies since their founding, in multiple cases for more than 20 years. Our current management team has driven strategic and transformational initiatives across operations, product, engineering, and sales leading to best-in-class products, exceptional client service, and consistently profitable growth. We believe our team has the strategic vision, leadership qualities, technological expertise, and operational capabilities to continue to successfully drive our growth.

We believe our platform strengths and differentiation are most evident in our ability to win clients. We had an average 85% win rate against our competitors for fiscal years 2023 through 2025 in situations where the client ultimately elected to switch vendors or purchase a new solution.

We believe that the strengths of our platform and solutions provide us with a significant competitive advantage. In 2024 following a cybersecurity incident involving one of our competitors, more than 30,000 providers, including a significant number of large health systems and ambulatory providers, began adopting our solutions, and we were able to implement our solutions for many of these new clients in as little as 48 hours. This rapid adoption also enabled us to establish direct connectivity with large, national health plans, that had previously maintained exclusive portal connections with the competitor. We expect to build enduring relationships with these new clients, the vast majority of whom have signed contracts with initial terms of two to three years, with one-year automatic renewals.

Our Growth Strategy

We plan to capitalize on our market opportunity by executing on the following growth strategies:

•Expand our relationships with existing clients. We believe we have a meaningful opportunity to continue driving growth within our current client base. We grow with existing clients in three ways- first, as they expand their businesses, provide more healthcare services, and see more patients; second, through cross-selling as they adopt additional Waystar offerings; and third, through up-selling as they leverage our solutions across additional providers and sites of care. We have a track record of building long-standing relationships with our clients, often growing from an initial solution to multi- solution adoption. Based on the estimated whitespace within our existing clients for the solutions we currently provide, we believe we have the opportunity to approximately double our revenue through cross-sell and up-sell of our solutions to existing clients.

•Grow our client base. We address a large and growing market that has a meaningful need for the solutions we provide. While we serve over one million providers today, there are over 7.5 million providers that we believe can benefit from our solutions. We pursue this opportunity through our high- performing sales team, which is organized by client segment to address the specific needs and sales cycles of that market.

•Deepen and expand our relationships with strategic channel partners. We are highly focused on furthering our strategic channel partnerships. Our channel partners accelerate our growth by providing us access to a larger client base and actively promoting Waystar. We have established strong relationships with the nation’s leading EHR and PM providers, which drives a significant competitive advantage. We will continue to invest in deepening our current relationships and building new ones to drive our growth.

10

Table of Contents

•Innovate and develop adjacent solutions. We will continue to invest heavily in the Waystar platform to expand our product breadth and depth, increase automation, strengthen system performance, and improve the user experience. Our product roadmap is informed by both continuous client feedback as well as our own assessments of opportunities to further streamline and simplify healthcare payments. Our innovation strategy is centered on accelerating the path to the autonomous revenue cycle, leverage agentic AI to move beyond task-specific automation toward a system that can independently navigate complex payment workflows, leveraging clinical, financial and administrative data. Unlike traditional software that requires constant human intervention, our agentic-led roadmap focuses on creating self-correcting cycles that proactively identify, reason through, and resolve bottlenecks across the payment continuum. By integrating generative and agentic AI with our proprietary datasets, we are building a "closed-loop" platform where every transaction allows the system to learn and improve its autonomous decision-making. Our product and engineering team, comprised of more than 340 full-time team members, delivers daily code updates that continuously refine these capabilities. Because of our modern architecture and purposeful lack of technical debt, we are uniquely positioned to transition providers from manual oversight to truly autonomous environment. This evaluation is designed to deliver compounding ROI for our clients, allowing healthcare organizations to refocus their human capital on patient care while our platform autonomously manages the complexities of the revenue cycle.

•Selectively pursue strategic acquisitions. Since 2018, we have completed and successfully integrated ten acquisitions, one of which closed in the fourth quarter of 2025. These acquisitions complement our organic product roadmap and have helped us enhance our platform, add new solutions, and expand our market reach. For example, we acquired Iodine in 2025, a trusted leader in AI-powered clinical intelligence, enhancing clinical documentation and accuracy, streamlining utilization management and preventing leakage before billing. This strategic move strengthens our AI leadership, automates manual work, and improves financial performance for providers. Our acquisitions are fully integrated with and consolidated into the Waystar platform, enabling a seamless user experience for our clients, and driving innovation on the combined platform. We will continue to evaluate acquisition opportunities that improve our offering and accelerate our growth.

Our Solutions

Our comprehensive solution set streamlines the complex and disparate processes relating to payments received by healthcare providers and addresses related pain points for providers, patients, and payers. Our solutions include:

•Financial clearance. Our platform automates insurance verification processes and validates that patients are eligible for care through the prior authorization process, helping eliminate downstream rejections and denials that lead to revenue delays and leakage. Based on a Company survey, 81% of patients would more actively pursue care if they knew the cost upfront. Our financial clearance solutions provide patients with price transparency tools and cost estimation data points that offer them better clarity around their expected costs.

•Patient financial care. Our platform enables digital interactions between the patient and provider, including delivery of electronic statements and processing of patient payments through our patient portal. We offer an omni-channel payment experience, with multiple ways for patients to pay, as well as flexible payment arrangements. These solutions deliver a better financial experience for patients, as well as faster collection times and higher collection rates for providers.

•Claims and payer payment management. Our platform streamlines the cumbersome reimbursement process that providers follow to submit claims and receive remittance information. Our solutions ensure submission of appropriate documentation and claim submission in accordance with payer contracts and automate workstreams that help our clients avoid denials and rejections, monitor in- process claims, and process payer remittances. In addition, we offer claim scrubbing capabilities to check for errors and verify accuracy to limit billing mistakes. Built upon over two decades of industry experience, we believe that our AI-powered rules engine drives an industry-leading first pass clean claims rate across both commercial and government (Medicare and Medicaid) claims.

•Denials prevention and recovery. Our platform leverages AI to prioritize denied claims based on the likelihood of claims appeal success. We utilize generative AI to autonomously draft tailored appeal letters by integrating specific claim data with a proprietary library of over 1,100 payer-specific appeal templates. This

11

Table of Contents

approach allows providers to resolve multiple denials with greater precision and consistency, reducing the heavy administrative burden of manual drafting. We also conduct root cause analysis to help providers reduce the chance of denials in future claims.

•Clinical integrity and revenue capture. Our platform integrates AI-powerd automation with clinical insight to transform mid-cycle performance, enabling providers to capture revenue accurately and prevent losses early. By unifying clinical and financial data, we help healthcare organizations protect revenue and reduce downstream rework while reflecting the true quality of care delivered. Our solutions identify coding mistakes, DRG underpayments, and missing charges, and leverage agentic AI to strengthen documentation integrity. This "closed-loop" approach validates that documentation meets clinical, regulatory, and financial standards before claim submission, accelerating reimbursement and increasing cash flow for our clients.

•Analytics and reporting. Our platform collects and collates vast amounts of healthcare data, and we organize and present this data in dashboards that can be customized to meet the needs of individual clients. We provide data visualization and business intelligence analytics to enable providers to manage payment and denial trends across their business. We drive increased workflow efficiency by eliminating manual spreadsheets and enabling performance optimization through real-time evaluation of key performance indicators.

Our Technology

The Waystar platform is built upon a modern, scalable, multi-tenant cloud-based architecture that delivers an exceptional client experience and allows us to process billions of transactions every year. Our solutions are deeply integrated into our clients’ workflows, providing an elegant and intuitive user experience. The architecture, design, deployment, and management of our platform are centered on the following areas:

•Modern, cloud-based architecture. We leverage a modern multi-tenant, event-driven micro-services architecture that enables a high degree of scalability and interoperability across the platform. We utilize resilient and fully-virtualized hosting architecture, with multiple layers of redundancy. Employing these and many other strategies, we have achieved greater than 99.9% uptime for the Waystar platform. Our solutions are designed to meet the needs of the largest hospitals and health systems but can also be scaled to cost-effectively serve the needs of smaller providers. Our modern web user applications utilize best practice software designs, allowing for high-velocity development and continual deployments.

•Ongoing innovation. Waystar has long-fostered an innovation-focused culture, with daily code update deployments and quarterly seasonal release campaigns delivering ongoing software enhancements to clients. Our tenured Product and Engineering teams consist of more than 340 full-time team members, all relentlessly focused on driving improvements in our platform. Our product roadmap balances new feature enrichment with continued backend integration of acquired solutions and methodical technology modernization.

•Enterprise-grade security. Our solutions provide clients with enterprise-grade security, data protection, and control that meet the healthcare industry’s strict security standards. Our highly secure application and infrastructure are validated by PCI, HITRUST, and SSAE-18 SOC 2 Type II audits and certifications.

•Seamless user experience. We have built a unified user experience across our solutions. Users access our platform through a single login experience, providing convenience, saving time, and increasing productivity.

Search functionality, high-level vertical tabs for our solutions, and dropdown menus within each solution type deliver intuitive navigation for our clients. Comprehensive and customizable dashboards illustrate data using a variety of methods, enabling more efficient identification of outliers, trends, and other useful information.

We have built a comprehensive future-ready suite of enterprise-scale core system software, and we will continue to invest in our technology to further improve our platform infrastructure and capabilities. We are able to responsibly manage technical debt, allowing us to focus our investment on continuously innovating and advancing our platform for the benefit of our clients.

12

Table of Contents

Our Go-to-Market Strategy

We have built a go-to-market engine comprised of sales, marketing, and client success teams, focused on acquiring new clients, expanding use of our platform among existing clients, and strengthening and growing our relationships with channel partners.

We sell our platform through our sales team, which is comprised of over 100 representatives. Our sales teams are dedicated to either ambulatory providers or hospital and health system clients, reflecting the distinct needs, decision-makers, and sales cycles of these client types. Our approach to ambulatory provider clients generally employs a higher-velocity, direct enterprise go-to-market strategy with a shorter sales cycle, while our direct enterprise go-to-market strategy for hospital and health system clients typically involves a longer sales cycle. Our sales organization is further specialized, with certain individuals focused on acquiring new clients and others focused on expanding adoption within existing clients. We leverage data and analytics to monitor sales effectiveness and identify opportunities for improvement.

Our client success organization supports retention and expansion through ongoing engagement and value realization, including dedicated client success managers for clients that have generated almost half of our revenue. Client success teams help drive adoption of our capabilities, support onboarding and change management, and identify opportunities to expand the use of our platform over time.

In addition to our direct sales force, we have a team focused on strengthening and expanding our channel partner and alliance relationships. We have established partnerships with leading electronic health record (“EHR”) and practice management (“PM”) providers for integrations and joint go-to-market efforts. We also work with strategic partners that extend our reach and accelerate adoption of our solutions by referring and promoting our platform to their client bases, while our sales team remains responsible for selling to the end client. In addition, we partner with and sell to outsourced revenue cycle management and billing service providers, who leverage our technology to help providers manage administrative workflows and payments.

Our commercial organization is supported by commercial operations resources that drive planning and execution, including sales process and cadence, pipeline and forecasting discipline, performance analytics, and operational support designed to improve consistency and scalability across our go-to-market efforts.

Our marketing organization supports our growth strategy by strengthening brand awareness and trust, generating demand that drives new customer acquisition, and improving the effectiveness of our go-to-market execution. Marketing defines and communicates our value proposition and differentiated outcomes, advances segmentation and targeting to align our messaging and outreach to distinct customer needs, and gathers market and customer insights that inform product-market fit and go-to-market priorities. Our go-to-market teams are further supported by product and solution subject-matter experts, including individuals with prior experience in roles similar to those of our buyers, who help translate client needs into solution design and value realization.

Our Business Model

Over 99% of our revenue is either recurring subscription or based on highly predictable volumes. Our contracts with clients generally include a subscription fee component as well as a volume-based component, although some contracts include only one of these components. The subscription fee provides us with a fixed, recurring revenue stream while the volume-based component allows us to benefit from our clients’ growth. We generate greater revenue as our clients see more patients and greater utilization of their healthcare services. In addition, based on our contract structures, our proprietary data asset, our AI-powered capabilities, and our deep understanding of the healthcare market, we believe we have visibility into, and the ability to predict both subscription-based and volume-based revenue. For instance, 98% of revenue in 2025 was generated from clients already under contract as of the beginning of the year. Our client contracts are typically two or three years in length with automatic renewals for successive one-year terms that include standard price escalators. Client billing generally occurs monthly.

Our Clients

Our clients represent healthcare providers across all types of care settings, including physician practices, clinics, surgical centers, and laboratories, as well as large hospitals and health systems. Generally, one-third of our revenue comes from hospitals and health systems, while two-thirds comes from ambulatory and alternate sites of care. The over 30,000 clients we currently serve also vary significantly in size and represent over one million distinct providers in total, including

13

Table of Contents

16 of the top 20 U.S. News Best Hospitals. As a result of our broadly applicable model, our client base is highly diversified, and for the year ended December 31, 2025, our top 10 clients accounted for only 10.8% of our total revenue. The number of clients from whom we generate over $100,000 of revenue has grown from 1,203 in the year ended December 31, 2024 to 1,391 in the year ended December 31, 2025, primarily driven by large, new client wins and successful cross-selling and up-selling efforts.

Our clients have no obligation to renew their subscriptions for our platform solutions after the initial term expires, which is typically a two to three-year term. Our contracts generally provide for the automatic renewal for one-year subsequent terms, with the ability for our clients to terminate the contract with limited notice to us. However, we believe that due to the breadth, depth, and quality of our products, as well as the significant time and resources it takes to switch to a different healthcare payments provider, we will be able to retain our existing clients and upsell and cross-sell to them, as evidenced by our Net Revenue Retention Rate of 112.0% for the year ended December 31, 2025.

Our People, Values, and Culture

As of December 31, 2025, we employed over 1,700 full-time team members, all of whom are located in the United States. As of December 31, 2025, none of our team members were covered by a collective bargaining agreement or represented by a labor organization, and we have not experienced a labor-related work stoppage. We believe we have good relationships with our team members, as evidenced by our 2025 Great Place to Work Trust Index Survey results, in which 85% of participating team members indicated that they would recommend working at Waystar to friends and family.

Our Values and Culture

Our values, which are foundational to the Waystar culture, include the following:

•Honesty—This is where we start. With integrity as our core, we are transparent, do the right thing, and build trust by staying true to our commitments.

•Kindness—We are friendly and respectful of everyone. We recognize the power of inclusion and belonging.

•Passion—We are excited about what we do in our roles, as a company, and for our clients.

•Curiosity—We know that the best decisions are not always obvious or easy. We invest the time to understand and develop solutions.

•Fanatical Focus—We have obsessive zeal about people, promises, and innovative solutions.

•Best Work, Always—We bring our A-game. We work with facts, always communicating clearly and respectfully.

•Making It Happen—As individuals and as a team, we are agile with a bias toward speed, action, and automation. We are accountable for our results.

•Joyful, Optimistic, & Fun—We love and support our clients, team, and communities. We strive to create positive energy in everything we do.

We have received numerous workplace awards recognitions, including being named a Best Company to Work for by U.S. News & World Report, achieving a Great Place to Work recertification and being recognized as a Fast Company Best Workplace for Innovators. We are proud of our strong company culture and investment in long-term career growth for our people, which is evidenced by the long tenure of many of our team members with our organization. We believe it is important to put our team members first, and we provide all of our team members competitive health benefits, 401(k) investment options, employee stock purchase plan, and paid family leave. We also provide our team members with paid leave for volunteer time, as we believe it is important for Waystar and its team members to give back to the community. We regularly celebrate individuals and team members who exemplify Waystar’s values. We believe this helps us reinforce our values and creates a performance-focused culture that enables us to continue to attract, retain, and develop talent, which is critical to our long-term success.

14

Table of Contents

Training, Development, Leadership, and Engagement

To attract, develop, and retain a high-performing workforce, we invest in a comprehensive learning and development ecosystem designed to build leadership capability, strengthen core skills, and ensure organizational readiness for the future of work. Our training and development offerings span the full employee lifecycle and include Front Line Leadership training for people leaders, Emerging Leader programs for high-potential team members, and an annual Leadership Summit for senior leaders focused on enterprise leadership and strategic execution.

All team members participate in required annual training that reinforces our values, certifies proficiency in key business processes, and promotes a workplace culture grounded in respect, safety, and engagement. In addition, we continuously evolve our learning curriculum to align with business priorities and emerging capabilities critical to long-term success.

In 2025, we introduced a company-wide AI skills development initiative designed to responsibly and effectively equip team members with the knowledge and practical skills needed to leverage AI tools in their roles. This program focuses on responsible use, data security, and ethical considerations, while also building applied capability to enhance productivity, operational efficiency, decision-making, and innovation across the organization. Our approach to AI enablement supports organizational readiness by ensuring consistent baseline knowledge across the workforce, while enabling leaders to apply AI strategically within their teams and functions.

Employee engagement remains a critical driver of our performance and culture. We assess engagement and satisfaction annually through a third-party employee engagement survey. This process provides insight into team members' experiences related to training and development opportunities, benefits, well-being, and our ethical culture. We also gather feedback on people leader effectiveness, including their ability to foster inclusive, and high-performing teams. Survey insights are used to inform ongoing improvements to our leadership development, learning strategies, and employee experience initiatives.

Inclusion and Belonging

At Waystar, we aspire to create an environment where every team member, with their unique background, feels a sense of belonging. We believe that we rise by lifting others up and provide a safe, inclusive work environment where every team member can be their whole, authentic self-no matter their background. We also have a “Waystar Day” every quarter that focuses on different initiatives such as best work always, day of curiosity, practicing kindness, and volunteering. We provide education assistance opportunities in furtherance of self-advancement and development. In addition, we have five Affinity Groups (BIPOC, Families, LGBTQIA+, Military, and Women) which seek to foster a sense of shared community and empowerment for employees. These groups are open to all team members, including those who wish to participate as allies, and provide opportunities to network, discuss and exchange ideas, and enhance their professional development.

Research and Development

We believe that our research and development function and our AI-powered product portfolio provides us with a competitive advantage that enables us to innovate faster and more efficiently, while simultaneously delivering better solutions for our clients. Our research and development team is responsible for the design, development, testing, and enhancement of our products and software. As of December 31, 2025, we had more than 340 team members dedicated to product and research and development. For the years ended December 31, 2025, 2024, and 2023, our research and development expense was $54.6 million, $48.8 million, and $35.3 million, respectively.

Competition

We operate in a highly fragmented and competitive market that is characterized by rapidly evolving technology standards, evolving regulatory requirements, and frequent changes in client needs and introduction of new products and solutions. However, we believe we have a competitive advantage based on the breadth, depth, and quality of our solutions, our innovative AI-powered software platform, our deep domain expertise developed over two decades of industry experience, the differentiated client service we provide, and the ROI we deliver.

15

Table of Contents

Our current principal competitors include, but are not limited to:

•Revenue cycle technology vendors: vendors varying in scale that specialize in revenue cycle management. These vendors frequently utilize legacy technology, have a limited breadth of solutions or typically focus on providers in specific settings of care, such as hospitals or specific physician specialties.

•Point solution vendors: established and startup vendors that specialize or focus on point solutions for a specific healthcare payment workflow without addressing the entire healthcare payments workflow from pre-encounter to post-encounter.

•EHR and PM systems providers: certain electronic health record (EHR) and practice management (PM) systems, including certain of our strategic partners and those with which we integrate, offer, or may begin to offer, solutions such as claim management and patient management solutions, payment processing tools, and direct patient communication solutions.

•Internally developed software or manual processes: large healthcare providers may have sufficient IT resources to develop and maintain proprietary internal systems, or to consider developing new custom systems. Some may partner with established technology vendors to build custom solutions. Many healthcare providers may also rely on manual tasks and labor, without the use of technology enabled systems.

We believe the principal competitive factors in our market include the following:

•leading-edge technology and innovation, particularly the ability to leverage advanced AI and generative models driven by proprietary datasets to automate complex workflows and create an autonomous revenue cycle;

•breadth, depth, and quality of products and solutions, including the integration of clinical, financial and administrative data to provide a holistic view of the patient journey;

•ability to deliver financial and operational performance improvement through the use of AI-powered automation;

•quality and reliability of solutions, including the accuracy of AI-powered predictions and recommendations;

•ease of use and convenience, enhanced by agentic AI capabilities that automate manual tasks;

•brand recognition and reputation for technological leadership;

•price and total cost of ownership; and

•the ability to integrate our platform solutions with various EHR and PM systems and other healthcare technology.

We believe that we compete favorably with respect to each of these factors. However, we believe that our ability to remain competitive will depend on the continued success of our disciplined investments in research and development and sales and marketing programs. See Part I, Item 1A, “Risk Factors—Risks Related to our Business and our Industry—We operate in a highly competitive industry.”

Intellectual Property

We rely on a combination of trademark, patent, trade secret, copyright, and other intellectual property laws, as well as contractual provisions, including in employment, confidentiality, and inventions assignment agreements to protect our intellectual property, intangible assets, and associated proprietary rights. Our intellectual property, particularly our know-how is material to the conduct of our business. The success of our business depends in part on our ability to use our trademarks, service marks, and other intellectual property in the operation of our business and platform. In the United States, we have 34 trademark registrations, 35 issued patents, and 24 copyright registrations. In addition, we have registered the www.waystar.com domain name, which we use in connection with our platform.

16

Table of Contents

We have procedures in place to monitor for potential infringement of our intellectual property, and it is our policy to take appropriate action to enforce our intellectual property, taking into account the strength of our claim, likelihood of success, cost, and overall business priorities. See Part I, Item 1A, “Risk Factors—Risks Related to Information Technology Systems, Cybersecurity, Data Privacy, and Intellectual Property.”

Security and Compliance

Security and compliance are our top priorities. We maintain a comprehensive security program designed to safeguard the confidentiality, integrity, and availability of our clients’ data. In particular, we deploy physical, administrative, and technical controls to protect the security and privacy of patient information.

We operate a cloud-based platform that is designed to offer reliability, performance, security, and privacy for our clients. We have infrastructure in place with co-located data centers, and within Microsoft Azure, Amazon Web Services, and Google Cloud Platform environments, to securely manage and maintain our clients’ patient information.

We use external security auditors and industry-leading vendors to access the controls and procedures we have in place to protect our clients’ sensitive information. We have industry certifications, including HITRUST R2, PCI-DSS Level 1 Service Provider, SSAE 18 SOC 2, and validated PCI Point-to-Point Encryption. As a PCI-DSS Level 1 Service Provider, we are committed to upholding industry security standards to cardholder data. We received our HITRUST CSF certification in 2021.

We are committed to protecting the information and privacy of our clients and their patients. We are both a “covered entity” when we provide our clearinghouse services and a “business associate” as defined under HIPAA or subcontractor to a business associate to healthcare providers or revenue cycle management companies. We sign business associate agreements (“BAA”) that govern our uses and disclosures of protected health information (“PHI”) to our own business associates and on behalf of our covered entity clients that engage us to provide our software solutions. Such BAAs must, among other things, provide adequate written assurances as to how we will use and disclose PHI; that we will implement reasonable administrative, physical, and technical safeguards to protect such PHI from misuse; that we will enter into similar agreements with our agents and subcontractors that have access to the information; that we will report security incidents and other inappropriate uses or disclosures of PHI; and that we will assist the client with certain of its duties under HIPAA.

Regulation

Our business is subject to extensive, complex, and rapidly changing federal and state laws, regulations, and industry standards. These laws and regulations can vary significantly from jurisdiction to jurisdiction, and interpretation and enforcement of existing laws and regulations by governmental and regulatory authorities may change periodically. We cannot be assured that a review of our business by courts or governmental or regulatory authorities will not result in determinations that could adversely affect our operations or that the healthcare regulatory environment will not change in a way that restricts our operations. Federal and state legislatures also may enact various legislative proposals that could materially impact certain aspects of our business.

Federal and State Health Information Privacy and Security Laws

There are numerous U.S. federal and state laws and regulations related to the privacy and security of personal information, including individually identifiable health information. In particular, HIPAA established privacy and security standards that limit the use and disclosure of PHI, and required the implementation of administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of individually identifiable health information in both paper and electronic form. HIPAA also required the U.S. Department of Health and Human Services (“HHS”) to adopt national standards establishing electronic transaction standards that all healthcare providers must use when submitting or receiving certain healthcare transactions electronically. For example, claims for reimbursement that are transmitted electronically to payors must comply with specific formatting standards, and these standards apply whether the payor is a government or a private entity. We are contractually required to structure and provide our solutions in a way that supports our clients’ HIPAA compliance obligations to use prescribed electronic formats.

HIPAA requires us to enter into written agreements with covered entities, business associates, and subcontractors with respect to uses and disclosures of PHI. Covered entities, such as us and our clients, may be subject to penalties for, among other activities, failing to enter into a BAA where required by law or as a result of a business associate violating

17

Table of Contents

HIPAA, if the business associate is found to be an agent of the covered entity and acting within the scope of the agency. Business associates are also directly subject to liability under HIPAA. In instances where we act as a business associate to a covered entity, there is the potential for additional liability beyond our status as a covered entity. Violations of HIPAA may result in significant civil and criminal penalties, as well as monitoring or resolution agreements. A single breach incident can result in violations of multiple standards.

We must also comply with HIPAA’s breach notification rule and equivalent state breach notification laws. Under the breach notification rule, covered entities must notify affected individuals without unreasonable delay in the case of a breach of unsecured PHI, which compromises the privacy or security of the PHI, but no later than 60 days after discovery of the breach by a covered entity or its agents. Many state laws and regulations require affected individuals to be notified in the event of a data breach involving PHI within a shorter timeframe. Under HIPAA, all impermissible uses or disclosures of unsecured PHI are presumed to be breaches unless an exception to the definition of breach applies or the covered entity or business associate establishes that there is a low probability the PHI has been compromised based on a risk assessment of at least four regulatory factors. In addition, notification must be provided to HHS and the local media in cases where a breach affects 500 or more individuals. Breaches affecting fewer than 500 individuals must be reported to HHS on an annual basis. There can be no assurance that we will not be the subject of an investigation (arising out of a reportable breach incident, audit, or otherwise) alleging non-compliance with HIPAA in our maintenance of PHI. Violations of HIPAA by providers like us, including, but not limited to, failing to implement appropriate administrative, physical, and technical safeguards, have resulted in enforcement actions and in some cases triggered settlement payments or civil monetary penalties.

State attorneys general also have the right to prosecute HIPAA violations committed against residents of their states. While HIPAA does not create a private right of action that would allow individuals to sue in civil court for a HIPAA violation, its standards have been used as the basis for the duty of care in state civil suits, such as those for negligence or recklessness in misusing personal information. In addition, the HITECH Act mandated that HHS conduct periodic compliance audits of HIPAA covered entities and their business associates for compliance. It also tasks HHS with establishing a methodology whereby harmed individuals who were the victims of breaches of unsecured PHI may receive a percentage of the civil monetary penalty fine paid by the violator.

HHS has also issued new final and proposed regulations and guidance on cybersecurity of electronic PHI (“ePHI”) uses and disclosures of substance use information, reproductive health information, and online tracking technologies that access individually identifiable health information. For example, in April 2024, a new HHS final rule amending substance use confidentiality regulations (42 C.F.R. Part 2 or Part 2) took effect. The final rule included changes to better facilitate care coordination, updates to the fine structure for Part 2 violations to align with the civil and criminal enforcement authorities that apply to HIPAA violations, and increases in penalties for Part 2 violations to a $50,000 maximum penalty for failure to comply with the Part 2 requirements and a $250,000 maximum penalty for the wrongful disclosure of individually identifiable health information.

In December 2024, HHS Office for Civil Rights (“OCR”) issued a notice of proposed rulemaking to better protect the confidentiality, integrity, and availability of ePHI. The proposed rule would, among other requirements, remove the distinction between “required” and “addressable” implementation specifications and make all implementation specifications required with specific, limited exceptions; require written documentation of all HIPAA Security Rule policies, procedures, plans, and analyses; require regulated entities to conduct compliance audits at least once every 12 months to ensure their compliance with the HIPAA Security Rule requirements; require encryption of ePHI at rest and in transit; require the use of multi-factor authentication, with limited exceptions; and require network segmentation and separate technical controls.

In April 2024, HHS OCR issued a final rule that amended HIPAA privacy regulations to prohibit the disclosure of PHI related to lawful reproductive health care in certain circumstances. The final rule prohibits the use or disclosure of PHI when PHI is sought for certain investigations or to impose liability on individuals, health care providers, or others who seek, obtain, provide, or facilitate reproductive health care that is lawful under the circumstances in which such health care is provided. It also requires a health care provider, health plan, clearinghouse, or their business associates, to obtain a signed attestation that certain requests for PHI potentially related to reproductive health care are not made for these prohibited purposes. The final rule took effect on June 25, 2024.

Additionally, in a 2023 guidance document, HHS OCR took the position that entities regulated under HIPAA are not permitted to use tracking technologies in a manner that would result in an impermissible disclosure of PHI. Such tracking technologies have been used to collect and analyze information about user behavior and enhance the user

18

Table of Contents

experience. In March 2024, HHS OCR updated its 2023 guidance on the use of online tracking technologies on webpages and applications by HIPAA covered entities and business associates to address the disclosure of individually identifiable health information through unauthenticated, public-facing webpages. There have been several class action lawsuits asserting that HIPAA covered entities and business associates improperly used or disclosed PHI through tracking technologies.

Other Data Privacy Laws, Regulations, and Industry Standards

In addition, because our business and platform involve the Processing of personal information and other confidential and regulated information, we are also subject to numerous additional laws, regulations, and industry standards. For example, the California Consumer Privacy Act of 2018 (“CCPA”), which was subsequently amended by the California Privacy Rights and Enforcement Act of 2020 (“CPRA”), originally took effect in 2020, and provides California residents expanded privacy rights and protections, and provides for civil penalties for certain violations. Many additional jurisdictions around the world, including many additional U.S. states, have adopted or are proposing to adopt laws and regulations relating to privacy, data protection, and data security, and we may become subject to additional requirements and obligations as we expand the scope of our business and operations. Further, we are also subject to industry standards such as PCI-DSS as a result of the credit card payments initiated by patients and provider staff members. For a discussion of the risks and uncertainties affecting our business related to compliance with data privacy laws and regulations, please see Part I, Item 1A, “Risk Factors—Risks Related to Information Technology Systems, Cybersecurity, Data Privacy, and Intellectual Property.”

Healthcare Fraud and Abuse Provisions

A number of federal and state laws, generally referred to as fraud and abuse laws, apply to healthcare providers, physicians and others that make, offer, seek or receive referrals or payments for products or services that may be paid for through any federal or state healthcare program and in some instances any private program. Given the breadth of these laws and regulations, they may affect our business, either directly or because they apply to our clients.

The federal Anti-Kickback Statute (the “AKS”) is broadly worded and prohibits, among other things, knowingly and willfully offering, paying, soliciting, or receiving remuneration, directly or indirectly, in cash or in kind, in return for or to induce (1) the referral of an individual covered by federal healthcare programs, such as Medicare and Medicaid, to a person for the furnishing or arranging for the furnishing of any item or service for which payment may be made in whole or in part under a federal healthcare program, or (2) the purchasing, leasing, or ordering, or arranging for or recommending the purchasing, leasing, or ordering of any good, facility, service, or item for which payment may be made in whole or in part under a federal healthcare program. Court decisions have held that the AKS can be violated even if only “one purpose” of remuneration is to induce or reward referrals or other business generated between the parties. Further, a person or entity does not need to have actual knowledge of this statute or specific intent to violate it in order to have committed a violation. Violations of the AKS include imprisonment for up to ten years, exclusion from participation in federal healthcare programs, including Medicare and Medicaid, potential liability under the federal civil False Claims Act, 31 U.S.C. § 3729 et seq. (the “FCA”) (as discussed below), and significant civil and criminal fines and monetary penalties, plus a civil assessment of up to three times the total payments between the parties to the arrangement. Larger fines can be imposed upon corporations under the provisions of the U.S. Sentencing Guidelines and the Alternate Fines Statute. Individuals and entities convicted of violating the AKS are subject to mandatory exclusion from participation in Medicare, Medicaid, and other federal healthcare programs for a minimum of five years in the case of criminal conviction.

In addition to a few statutory exceptions, the HHS, Office of Inspector General has promulgated safe harbor regulations that outline categories of activities that are deemed not to be in violation of the AKS, provided all applicable criteria are met. The failure of a financial relationship to meet all of the applicable safe harbor criteria does not necessarily mean that particular arrangement violates the AKS, but instead will be reviewed on a case-by-case basis in light of the parties’ intent and the arrangement’s potential for abuse. Arrangements that do not satisfy a safe harbor may be subject to greater scrutiny by enforcement agencies.

Under HIPAA, there are additional provisions regarding healthcare fraud and false statements relating to healthcare matters, which if not complied with, could have an impact on our business. The healthcare fraud provision prohibits knowingly and willfully executing, or attempting to execute, a scheme to defraud any healthcare benefit program, including private payors. Similar to the AKS, a person or entity no longer needs to have actual knowledge of the healthcare fraud provision or specific intent to violate it in order to have committed a violation. The false statements provision prohibits knowingly and willfully falsifying, concealing, or covering up a material fact or making any materially false,

19

Table of Contents

fictitious, or fraudulent statement in connection with the delivery of or payment for healthcare benefits, items, or services. Violations of these provisions are felonies and may result in fines or imprisonment, or, in the case of the healthcare fraud provision, exclusion from government programs.

Additionally, the Civil Monetary Penalties Law, 42 U.S.C. § 1320a-7a, authorizes the imposition of civil monetary penalties, assessments, and exclusion against an individual or entity based on a variety of prohibited conduct, including, but not limited to:

•presenting, or causing to be presented, claims, reports, or records relating to payment by Medicare, Medicaid or other government payors that the individual or entity knows or should know are for an item or service that was not provided as claimed, is false or fraudulent, or was presented for a physician’s service by a person who knows or should know that the individual providing the service is not a licensed physician, obtained licensure through misrepresentation or represented certification in a medical specialty without in fact possessing such certification;

•offering remuneration to a federal healthcare program beneficiary that the individual or entity knows or should know is likely to influence the beneficiary to order or receive healthcare items or services from a particular provider;

•arranging contracts with or making payments to an entity or individual excluded from participation in the federal healthcare programs or included on CMS’ preclusion list;

•violating the AKS;

•making, using, or causing to be made or used a false record or statement material to a false or fraudulent claim for payment for items and services furnished under a federal healthcare program;

•making, using, or causing to be made any false statement, omission, or misrepresentation of a material fact in any application, bid, or contract to participate or enroll as a provider of services or a supplier under a federal healthcare program; and

•failing to report and return an overpayment owed to the federal government.

Violations of applicable fraud and abuse laws could result in substantial civil monetary penalties that may be imposed under the federal Civil Monetary Penalties Law and may vary depending on the underlying violation. In addition, an assessment of not more than three times the total amount claimed for each item or service may also apply and a violator may be subject to exclusion from federal and state healthcare programs. In addition, should an individual providing services under our client contracts become excluded, we may be in violation of our agreements with clients and required to refund amounts attributable to services performed or sufficiently linked to an excluded individual.

False and Fraudulent Claims Laws

There are numerous federal and state laws that forbid (i) submitting a false claim, (ii) causing the submission of a false claim, (iii) retaining a known overpayment, or (iv) engaging in similar types of conduct. The FCA, among other things, prohibits an individual or entity from knowingly presenting or causing to be presented a false or fraudulent claim for payment to the government, including but not limited to the Medicare and Medicaid programs and related managed care programs. Many states have their own false claims laws prohibiting similar conduct to the extent the claim seeks payment from state funds, including Medicaid, and states are becoming increasingly active in using such laws to police false bills, false requests for payment, and other activities. The standard for “knowledge” under the FCA includes “reckless disregard” or “deliberate ignorance” of the truth or falsity of the information. There are a number of other potential bases for liability under the FCA, including knowingly and improperly avoiding an obligation to repay money to the government (often called the “reverse false claims” provision). The government has used the FCA to bring civil claims for Medicare and other government program fraud based on allegations including but not limited to those involving coding issues (including up-coding), the submission of false cost or other reports, and billing for services at a higher payment rate than appropriate. Violations of other laws, such as the AKS and the Stark Law, can serve as a basis for liability under the FCA.

The Patient Protection and Affordable Care Act, as amended, provides that claims for payment that are tainted by a violation of the AKS (which could include, for example, illegal incentives, or remuneration) are false for purposes of the

20

Table of Contents

FCA. In addition, amendments to the FCA and Social Security Act impose severe penalties for the knowing and improper retention of overpayments from government payors. The FCA may be enforced by the federal government directly or by a private qui tam plaintiff (a “relator”) on the government’s behalf. In the latter circumstance, the government is required to investigate the allegations brought by the relator, and then must decide whether or not to intervene. Even if the government declines to intervene, the relator may continue to proceed with the lawsuit on the government’s behalf. When a relator brings a qui tam action under the FCA, the defendant often will not be made aware of the lawsuit until the government commences its own investigation or makes a determination whether or not it will intervene.

If a defendant is found liable under the FCA, the defendant is subject to penalties for each separate false claim, plus up to three times the amount of damages caused by each false claim, which can be as much as the amounts received directly or indirectly from the government for each such false claim. These penalties are adjusted annually. A successful qui tam relator is entitled to receive a share of any settlement of judgment. In addition to civil enforcement under the FCA, the federal government can use several criminal statutes to prosecute persons who are alleged to have submitted false or fraudulent claims for payment to the federal government. It is difficult to predict how future enforcement initiatives may impact our business.

Stark Law and Similar State Laws

The Ethics in Patient Referrals Act, known as the Stark Law, prohibits certain types of referral arrangements between physicians and healthcare entities and thus potentially applies to our clients. The law prohibits a physician who has (or whose immediate family member has) a financial relationship with a provider from making referrals to that entity for “designated health services” if payment for the services may be made under Medicare or Medicaid. If such a financial relationship exists, referrals are prohibited unless a statutory or regulatory exception is available. Further, an entity that furnishes designated health services pursuant to a prohibited referral may not present or cause to be presented a claim or bill for such services to the Medicare program or to any other individual or entity. Violations of the Stark Law can result in civil monetary penalties and exclusion from federal healthcare programs and form the basis for liability under the FCA. Laws in many states similarly forbid billing based on referrals between individuals and entities that have various financial, ownership, or other business relationships. Any such violations by, and penalties and exclusions imposed upon, our clients could adversely affect their financial condition and, in turn, could adversely affect our own financial condition.

State Fraud and Abuse Laws

Many states, including certain states in which we conduct our business, have adopted fraud and abuse laws similar to the federal laws described above. These laws are enforced by state courts and regulatory authorities, each with broad discretion, and the scope of these laws and the interpretations of them vary by jurisdiction. Some state fraud and abuse laws apply to items and services reimbursed by any third-party payor, including commercial insurers. For example, several states have anti-kickback and self-referral prohibitions, which may apply regardless of whether the payor for such claims is Medicare or Medicaid and which may affect our ability to enter into financial relationships with certain entities or individuals. A determination of liability under state fraud and abuse laws could result in fines, penalties, and restrictions on our ability to operate in these jurisdictions, administrative sanctions, exclusions from governmental healthcare programs, refund requirements, and disciplinary action by the applicable governmental authority, and could have a material adverse effect on our business, financial condition, results of operations, cash flows, and reputation.

Corporate Practice of Medicine; Fee Splitting

We enter into contracts with healthcare providers pursuant to which we provide them with software solutions, and may be subject to regulatory oversight, including corporate practice of medicine and fee- splitting prohibitions. Some states have enacted laws and regulations prohibiting business corporations from practicing medicine and limiting the extent to which physicians and certain other healthcare professionals may be employed by non-physicians or business corporations. These laws are intended to prevent interference in the medical decision-making process by anyone who is not a licensed physician. In addition, various state laws also generally prohibit the sharing or splitting professional services income or fees with lay entities or persons. Activities other than those directly related to the delivery of healthcare may be considered an element of the practice of medicine in many states. The scope and enforcement of such corporate practice of medicine and fee-splitting laws varies from state to state. Violations of these laws could require us to restructure our operations and arrangements and may result in penalties or other adverse action.

Some of these requirements may apply to us even if we do not have a physical presence in the state, based solely on our agreements with healthcare providers licensed in the state. Governmental or regulatory authorities or other parties

21

Table of Contents

may assert that we are engaged in the corporate practice of medicine or that our contractual arrangements with healthcare providers constitute unlawful fee splitting. In this event, failure to comply could lead to adverse judicial or administrative action against us and/or our healthcare provider clients, civil or criminal penalties, receipt of cease and desist orders from state regulators, the need to make changes to our contracts, and other materially adverse consequences.

Government Regulation of Reimbursement

Our clients are subject to regulation by a number of governmental agencies, including those that administer the Medicare and Medicaid programs. Accordingly, our clients are sensitive to legislative and regulatory changes in, and limitations on, the government healthcare programs and changes in reimbursement policies, processes, and payment rates. Our clients may also be impacted by recent or future federal government cost-cutting and efficiency measures and any actual or potential reduction in the federal workforce that administers federal healthcare programs. During recent years, there have been numerous federal legislative and administrative actions that have affected government programs, including adjustments that have reduced or increased payments to physicians and other healthcare providers. It is possible that the federal or state governments will implement additional reductions, increases or changes in reimbursement or that there will be substantial changes to federal healthcare programs or other government programs or spending that adversely affect our clients, or our cost of providing our solutions. Any such changes could adversely affect our own financial condition by reducing the reimbursement rates of our clients or otherwise materially impacting our clients.

Consumer Protection Laws

We may also be subject to both federal and state regulatory agencies who have the authority to investigate consumer complaints relating to a variety of consumer protection laws, including but not limited to the Fair Debt Collections Practices Act (the “FDCPA”), the Telephone Consumer Protection Act (the “TCPA”), the Controlling the Assault of Non- Solicited Pornography and Marketing Act of 2003 (the “CAN-SPAM Act”), and any state equivalent(s) of the foregoing. Our business practices involve assisting clients in collecting non-defaulted amounts owed by patients for current and prior services activities, which may subject us to the FDCPA. The FDCPA restricts the methods we may use to contact and seek payment from patients regarding past due accounts. Many states impose additional requirements on debt collection practices, and some of those requirements may be more stringent than the federal requirements. Moreover, regulations governing debt collection are subject to changing interpretations that may be inconsistent among different jurisdictions. Such laws and regulations, if deemed to apply to us, are continually evolving and any enforcement actions under such laws could result in fines, penalties, litigation, and increased expenses associated with compliance.

Indemnification and Insurance

Our business exposes us to potential liability including, but not limited to, potential liability for breach of contract or negligence claims by our clients, non-compliance with applicable laws and regulations, and employment-related claims. In certain circumstances, we may also be liable for the acts or omissions of others, such as our vendors or suppliers. On occasion, we enter into standard indemnification arrangements in the ordinary course of business. Pursuant to these arrangements, we indemnify, hold harmless, and agree to reimburse the indemnified parties for losses suffered or incurred by the indemnified party, in connection with any trade secret, copyright, patent, or other intellectual property infringement claim by any third party with respect to its technology. The terms of these indemnification agreements are generally perpetual. Maximum potential future payments we could be required to make under these agreements is not determinable because it involves claims that may be made against us in the future but have not yet been made. We have not incurred costs to defend lawsuits or settle claims related to these indemnification agreements.

We attempt to manage our potential liability to third parties through contractual protection (such as indemnification and limitation of liability provisions) in our contracts with clients and others, and through insurance. The contractual indemnification provisions vary in scope and may not protect us against all potential liabilities, such as liability arising out of our gross negligence or willful misconduct. In addition, in the event that we seek to enforce such an indemnification provision, the indemnifying party may not have sufficient resources to fully satisfy its indemnification obligations or may otherwise not comply with its contractual obligations.

We may require our clients and other counterparties to maintain adequate insurance, and we currently maintain errors, omissions, and professional liability insurance coverage with limits we believe to be appropriate. The coverage provided by such insurance may not be adequate for all claims made and such claims may be contested by applicable insurance carriers.

22

Table of Contents

Corporate and Available Information

We were originally incorporated in Delaware on August 13, 2019 and subsequently changed our name to Waystar Holding Corp. on August 11, 2023. Our principal basecamps are located at 1550 Digital Drive, #300, Lehi, Utah 84043 and 9901 Linn Station Road Suite 550, Louisville, Kentucky 40223. Our telephone number is (844) 492-9782. We maintain a website at waystar.com. We completed our initial public offering (“IPO”) in June 2024, and our common stock is listed on the Nasdaq Global Select Market (“Nasdaq”) under the symbol “WAY”.

Waystar’s Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K and all amendments to those reports filed with or furnished to the SEC pursuant to Section 13(a) or 15(d) of the Exchange Act, are publicly available free of charge on the Investor Relations section of our website at investors.waystar.com or at www.sec.gov as soon as reasonably practicable after these materials are filed with or furnished to the SEC. We also make available through the Investor Relations section of our website other reports filed with or furnished to the SEC under the Exchange Act, including our proxy statements and reports filed by officers and directors under Section 16(a) of the Exchange Act, as well as our Code of Conduct, Corporate Governance Guidelines and Board committee charters.

Investors and others should note that we routinely announce financial and other material information using our Investor Relations website, SEC filings, press releases, public conference calls and webcasts. We use these channels of distribution to communicate with our investors and members of the public about our Company, our services and other items of interest. Information contained on our website is not part of this report or our other filings with the SEC. The information on our website (or any webpages referenced in this Annual Report on Form 10-K) is not part of this or any other report Waystar files with, or furnishes to, the SEC.

23

Table of Contents