Cybersecurity Risk Management, Strategy, and Governance	12 Months Ended
Cybersecurity Risk Management, Strategy, and Governance	Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	ITEM 1C. CYBERSECURITY Cybersecurity Risk Management and Strategy We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity and availability of our critical systems and information. As part of this program, we have processes in place that are designed to assess, identify and manage material risks from cybersecurity threats, which are part of the Company’s overall enterprise risk management process and have been embedded in the Company’s operating procedures, internal controls and information systems. We design and assess our program based on various cybersecurity frameworks, such as the National Institute of Standards and Technology (“NIST”) 800-53, including derivatives such as NIST Cybersecurity Framework (“CSF”) and HITRUST, as well as NIST 800-66 and the Center for Internet Security (“CIS”). Recently we have obtained HITRUST certification for one of our core clinical applications, however this does not mean that overall we meet any particular technical standards, specifications, or requirements, but only that we use these standards as a guide to help us design and assess our program. We rely on a multidisciplinary team, including our information security organization, legal department, management, and third-party service providers, as described further below, to assess, identify, and manage cybersecurity threats and risks. Our cybersecurity risk management program includes: • risk assessments designed to help identify material cybersecurity risks to our critical systems, information, services, and our broader enterprise information technology (“IT”) environment, including monitoring and evaluating our threat environment and our risk profile; • a security governance council principally responsible for management’s oversight of our IT security; • the use of external service providers, where appropriate, to assess, test, or otherwise assist with aspects of our cybersecurity controls; • a third-party risk management process for service providers, suppliers and vendors covering compliance and technical controls; • cybersecurity awareness training for our employees, incident response personnel and senior management; and • a cybersecurity incident response plan with established procedures for assessing and responding to cybersecurity incidents, and that includes having an experienced incident response firm on retainer. For information on the Company’s cybersecurity-related risks, see “Information Systems, Cybersecurity and Data Privacy Risks” in Item 1A. Risk Factors in this Form 10-K. While to date we have not identified any breaches from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition, the sophistication of cybersecurity threats continues to increase, and the preventive actions we take to reduce the risk of cybersecurity incidents and protect our systems and information may be insufficient. Accordingly, no matter how well our program is designed or implemented, we will not be able to anticipate all security breaches, and we may not be able to implement effective preventive measures against such security breaches in a timely manner. Cybersecurity Governance Our Board of Directors considers cybersecurity risk as part of its risk oversight function and oversees management’s implementation of our cybersecurity risk management program. Our Board of Directors has elected to exercise direct oversight over this area, rather than acting through one of its committees, given the increasing importance of cybersecurity matters and the cross-functional impacts of technology on our business. Our Board of Directors receives reports at least twice per year from members of senior management, including our Chief Information Security Officer (“CISO”) and Chief Compliance Officer, regarding the Company’s information systems and technology and associated policies, processes, and practices for managing and mitigating cybersecurity and technology-related risks. Our Board of Directors also meets with external advisors to discuss technology and cybersecurity risks applicable to the Company and obtains perspectives which inform senior management’s discussions with our Board of Directors. Our Board of Directors has delegated oversight of the process for determining disclosure required with respect to cybersecurity incidents to its Audit Committee. At the management level, our information security organization is led by our CISO, who is responsible for cybersecurity risk management, with oversight by our Board of Directors. Our CISO has more than 20 years of experience in information security and IT risk management. He has specific experience in the following information security areas: security governance and policy, information security strategy and planning, penetration testing, vulnerability management, cybersecurity threat intelligence, incident response, third party risk management, cloud security, application security, identity and access management, data loss prevention, and security awareness. Our CISO is informed about and monitors prevention, detection, mitigation, and remediation efforts through regular communication and reporting from professionals in the information security organization, many of whom hold cybersecurity certifications such as a Certified Information Systems Security Professional ("CISSP"), Certified Data Privacy Solutions Engineer ("CDPSE"), or Security+ and through the use of technological tools and software and results from third-party audits. Our cybersecurity incident response framework is governed by a cybersecurity incident response plan, which sets out our approach for categorizing, responding to, and mitigating cybersecurity incidents. We have an incident response team comprised of our CISO, executive leaders, management and internal and external legal counsel, whose primary responsibilities include: • Evaluating and validating the impact of an incident; • Approving certain incident response countermeasures and remediation actions; • Escalating incidents and response countermeasures for approval; and • Acting in an advisory capacity in support of cybersecurity incident remediation, as appropriate. We have also established a security governance council (the “Council”) to further strengthen our cybersecurity risk management activities across the Company. The Council includes our Chief Executive Officer, Executive Vice President, Chief Financial Officer and Treasurer, Executive Vice President, General Counsel, Chief Administrative Officer and Secretary, Senior Vice President, Operations, Senior Vice President and Chief Information Officer, Senior Vice President, People Services, Vice President and Chief Information Security Officer, Vice President, Chief Compliance Officer, and Associate Vice President, Internal Audit. The Council meets quarterly and is responsible for management’s oversight of our IT security in a cohesive and holistic manner that is designed to enable optimal decision-making.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity and availability of our critical systems and information. As part of this program, we have processes in place that are designed to assess, identify and manage material risks from cybersecurity threats, which are part of the Company’s overall enterprise risk management process and have been embedded in the Company’s operating procedures, internal controls and information systems
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	Our Board of Directors considers cybersecurity risk as part of its risk oversight function and oversees management’s implementation of our cybersecurity risk management program. Our Board of Directors has elected to exercise direct oversight over this area, rather than acting through one of its committees, given the increasing importance of cybersecurity matters and the cross-functional impacts of technology on our business. Our Board of Directors receives reports at least twice per year from members of senior management, including our Chief Information Security Officer (“CISO”) and Chief Compliance Officer, regarding the Company’s information systems and technology and associated policies, processes, and practices for managing and mitigating cybersecurity and technology-related risks. Our Board of Directors also meets with external advisors to discuss technology and cybersecurity risks applicable to the Company and obtains perspectives which inform senior management’s discussions with our Board of Directors. Our Board of Directors has delegated oversight of the process for determining disclosure required with respect to cybersecurity incidents to its Audit Committee.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	Our Board of Directors has elected to exercise direct oversight over this area, rather than acting through one of its committees, given the increasing importance of cybersecurity matters and the cross-functional impacts of technology on our business. Our Board of Directors receives reports at least twice per year from members of senior management, including our Chief Information Security Officer (“CISO”) and Chief Compliance Officer, regarding the Company’s information systems and technology and associated policies, processes, and practices for managing and mitigating cybersecurity and technology-related risks. Our Board of Directors also meets with external advisors to discuss technology and cybersecurity risks applicable to the Company and obtains perspectives which inform senior management’s discussions with our Board of Directors. Our Board of Directors has delegated oversight of the process for determining disclosure required with respect to cybersecurity incidents to its Audit Committee.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	Our Board of Directors receives reports at least twice per year from members of senior management, including our Chief Information Security Officer (“CISO”) and Chief Compliance Officer
Cybersecurity Risk Role of Management [Text Block]	At the management level, our information security organization is led by our CISO, who is responsible for cybersecurity risk management, with oversight by our Board of Directors. Our CISO has more than 20 years of experience in information security and IT risk management. He has specific experience in the following information security areas: security governance and policy, information security strategy and planning, penetration testing, vulnerability management, cybersecurity threat intelligence, incident response, third party risk management, cloud security, application security, identity and access management, data loss prevention, and security awareness. Our CISO is informed about and monitors prevention, detection, mitigation, and remediation efforts through regular communication and reporting from professionals in the information security organization, many of whom hold cybersecurity certifications such as a Certified Information Systems Security Professional ("CISSP"), Certified Data Privacy Solutions Engineer ("CDPSE"), or Security+ and through the use of technological tools and software and results from third-party audits. Our cybersecurity incident response framework is governed by a cybersecurity incident response plan, which sets out our approach for categorizing, responding to, and mitigating cybersecurity incidents. We have an incident response team comprised of our CISO, executive leaders, management and internal and external legal counsel, whose primary responsibilities include: • Evaluating and validating the impact of an incident; • Approving certain incident response countermeasures and remediation actions; • Escalating incidents and response countermeasures for approval; and • Acting in an advisory capacity in support of cybersecurity incident remediation, as appropriate. We have also established a security governance council (the “Council”) to further strengthen our cybersecurity risk management activities across the Company. The Council includes our Chief Executive Officer, Executive Vice President, Chief Financial Officer and Treasurer, Executive Vice President, General Counsel, Chief Administrative Officer and Secretary, Senior Vice President, Operations, Senior Vice President and Chief Information Officer, Senior Vice President, People Services, Vice President and Chief Information Security Officer, Vice President, Chief Compliance Officer, and Associate Vice President, Internal Audit. The Council meets quarterly and is responsible for management’s oversight of our IT security in a cohesive and holistic manner that is designed to enable optimal decision-making.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	We have an incident response team comprised of our CISO, executive leaders, management and internal and external legal counsel, whose primary responsibilities include: • Evaluating and validating the impact of an incident; • Approving certain incident response countermeasures and remediation actions; • Escalating incidents and response countermeasures for approval; and Acting in an advisory capacity in support of cybersecurity incident remediation, as appropriate
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	Our CISO has more than 20 years of experience in information security and IT risk management. He has specific experience in the following information security areas: security governance and policy, information security strategy and planning, penetration testing, vulnerability management, cybersecurity threat intelligence, incident response, third party risk management, cloud security, application security, identity and access management, data loss prevention, and security awareness.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	Our CISO is informed about and monitors prevention, detection, mitigation, and remediation efforts through regular communication and reporting from professionals in the information security organization, many of whom hold cybersecurity certifications such as a Certified Information Systems Security Professional ("CISSP"), Certified Data Privacy Solutions Engineer ("CDPSE"), or Security+ and through the use of technological tools and software and results from third-party audits.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true