PointClickCare, a corporation that controls the electronic health records of more than half of America’s nursing homes, deliberately deployed unsolvable digital puzzles to block a competitor’s access to patient data, cutting off life-saving early-warning alerts for hundreds of thousands of elderly and vulnerable nursing home residents.

The Company That Controls Nursing Home Data in America

There is a company you have probably never heard of that sits between your elderly parent’s nursing home and the data that could save their life. PointClickCare Technologies, a Canadian corporation, provides electronic health record services to more than half of all nursing homes in the United States. It hosts the medical records of 1.6 million patients across approximately 27,000 facilities and runs a platform used by roughly 6 million users. That is not a company; that is a chokepoint.

Into that landscape stepped Real Time Medical Systems, a Maryland health-analytics company founded by a physician who recognized a specific, deadly gap in nursing home care. Dr. Scott Rifkin built Real Time because nursing home staff know how to respond to obvious emergencies like vomiting or chest pain, but they lack the staff and tools to monitor the subtle, creeping warning signs, such as weight fluctuations or changes in bowel movements, that can signal an oncoming crisis like sepsis. Real Time’s software reads patient records in near-real-time and alerts medical staff at what Dr. Rifkin calls “interventional moments,” catching problems while they are still treatable and avoiding hospital admissions that carry a heightened risk of death.

The system worked. Academic research confirmed that hospital readmissions dropped significantly at nursing facilities where Real Time operated. Researchers calculated that if all skilled nursing facilities in the country reduced readmissions to Real Time-associated rates, Medicare and Medicaid would save approximately $2.8 billion annually ($2.8 billion, enough to cover a full year of Medicaid coverage for roughly 280,000 Americans who currently earn too little to afford private health insurance). Real Time’s customer list grew to include around 1,700 skilled nursing facilities, CVS Health, health insurers, and the entire state of Maryland.

To perform its analytics, Real Time needed access to patient records stored on PointClickCare’s system. The records legally belong to the patients, not to PointClickCare. Nursing homes contracted with both companies: with PointClickCare to host records, and with Real Time to analyze them. Real Time accessed those records using automated bots because the alternative, employing 450 human workers around the clock seven days a week just to pull data, was not financially viable. It had used this method since March 2014. For roughly eight years, PointClickCare raised no objection.

The Moment PointClickCare Decided Competition Was a Problem to Eliminate

Around 2020 or 2021, PointClickCare decided it wanted a piece of the health-analytics market that Real Time had built. It began acquiring Real Time’s competitors. Then, in November 2022, without warning, PointClickCare installed a CAPTCHA wall on its platform. A CAPTCHA is a digital test designed to distinguish human users from bots. The standard versions ask users to identify traffic lights in a grid of photos or type distorted letters. Real Time responded by reducing its data pulls from four to two times per day, and by assembling a team of humans to manually solve the CAPTCHAs so its bots could continue operating.

That should have been the end of it. Instead, in October 2023, PointClickCare escalated. It replaced its standard, solvable CAPTCHAs with deliberately indecipherable images: images that even human beings could not solve. By definition, a CAPTCHA is supposed to be solvable by a human. PointClickCare was no longer running a security tool. It was running a trap. Real Time’s human operators were “largely unsuccessful” at solving the new images, meaning they failed to log in, and PointClickCare immediately blocked the accounts that failed. The blocked accounts could only be reset by the nursing home itself, wasting the time of both Real Time and its customers, and the cycle repeated immediately: reset, attempt login, fail unsolvable CAPTCHA, get blocked again.

The consequences were immediate and severe. Access for at least seventy-five nursing facilities was “adversely impacted,” and access for twenty-one Maryland nursing facilities was “entirely severed.” By early November 2023, Real Time’s users at over 700 of its 1,400 PointClickCare-using facilities were fully locked out. Over 700 nursing homes lost their early-warning system for patients showing signs of deterioration.

The Non-Financial Ledger: What You Cannot Price

The legal filings in this case talk about bot policies, CAPTCHA protocols, and API access agreements. Courts must speak that language. But here is the translation into plain terms: real human beings, some of them your grandparents, lived inside a system where their early-warning alerts were switched off by a corporate power play. The people inside PointClickCare’s 27,000 facilities are not abstractions. They are older adults with limited mobility, compromised immune systems, and medical histories that require constant monitoring. They are in nursing homes precisely because they cannot advocate for themselves in a crisis.

When Real Time’s access was severed for twenty-one Maryland nursing facilities entirely, and disrupted for over seventy-five others, those facilities lost a system that had been specifically catching the “little signs” before they became emergencies. The court record contains affidavits and declarations from nursing home operators and medical providers stating plainly that without Real Time’s services, their facilities “are likely, over any substantial amount of time, to see an increase in resident hospitalizations and/or deaths.” That is not a legal argument. That is a medical prognosis. And PointClickCare triggered that prognosis deliberately, on purpose, for competitive advantage.

Consider the texture of what PointClickCare’s obstruction actually looked like in practice for nursing home staff. A Real Time user account gets blocked. The facility’s staff must stop their clinical duties to contact Real Time, then contact PointClickCare, to reset an account, only to have the cycle repeat when the same account hits an unsolvable CAPTCHA again and gets blocked again within days. Meanwhile, a patient’s weight has been quietly declining, or their bowel movements have shifted in a pattern that signals early-stage infection. That monitoring gap does not appear in any spreadsheet. It lands on the body of the person in Room 14B.

Dr. Rifkin testified that Real Time “will be out of business within weeks” if cut off from PointClickCare’s data. That is a statement about a company. But embedded inside it is a statement about patients. Real Time’s entire value proposition was catching the kind of slow-moving crisis that nursing home staff lack the time and bandwidth to catch manually. PointClickCare’s strategy was not merely to outcompete Real Time in the marketplace. It was to make Real Time operationally impossible, forcing its customers to choose between accepting PointClickCare’s own analytics product on PointClickCare’s own terms, or going without monitoring entirely. For patients, that is not a business decision. That is a health outcome.

The non-disclosure agreement chapter of this story deserves its own reckoning. In May 2023, while PointClickCare was already running its CAPTCHA campaign, the two companies entered merger and acquisition talks. Real Time, apparently in good faith, “pretty much shared everything with PointClickCare” about its data-analytics methodology, its customer relationships, and its finances. It gave PointClickCare a full product demonstration. PointClickCare used the NDA process to extract Real Time’s most sensitive competitive intelligence, including exactly how its product worked and who its customers were, and then walked away from the acquisition without explanation, without responding to Real Time’s contract proposals, and without giving Real Time a demonstration of PointClickCare’s own product as the NDA contemplated. The court’s own words on this point are exact: “Acquisition talks appear to have continued long enough for PointClickCare to learn of Real Time’s business details without sharing any of its own.”

This is the part that should make you furious. There was a negotiated solution available. Real Time’s engineers and PointClickCare’s engineers were actively building a connector to the API that would have resolved the whole conflict. They were one-third of the way through building it. PointClickCare’s leadership ordered that work stopped, refused to respond to Real Time’s proposed contract redlines, refused to respond to Real Time’s fee proposal, and then told Real Time it would not consider any changes to its marketplace agreement, while simultaneously admitting in testimony that it routinely negotiated changes to that exact agreement with other companies. PointClickCare held the door open for competitors it was not threatened by, and slammed it shut for the one it wanted to destroy.

Legal Receipts: Straight From the Court Record

These are direct, verbatim passages from the published Fourth Circuit opinion. No paraphrasing. No softening. Read them as the judges wrote them.

“Acquisition talks appear to have continued long enough for PointClickCare to learn of Real Time’s business details without sharing any of its own.”

— U.S. District Court findings, cited with approval by the Fourth Circuit, describing PointClickCare’s use of the NDA process.

“PointClickCare appears more unwilling than unable to reach a mutually agreeable solution. PointClickCare cannot take cover under the manner exception.”

— U.S. District Court, affirmed by the Fourth Circuit, on PointClickCare’s claimed inability to negotiate data access terms with Real Time.

“The timing of the introduction, escalation, de-escalation, and re-escalation of the CAPTCHAs and blocking policy, corresponding with PointClickCare’s entrance into the field as a competitor and various discussions with Real Time, including receiving significant sensitive information from Real Time under the NDA, is highly suggestive that these actions were targeted at Real Time.”

— Fourth Circuit Court of Appeals, No. 24-1773, March 12, 2025, on the discriminatory nature of PointClickCare’s bot-blocking policy.

“PointClickCare baldly argues that the notion ‘that third-party bots are a systemic security risk to its platform’ is ‘an obvious point that should not require documentation.’ But any access to any electronic system poses security risks, so that kind of vague assertion is not enough to evade the statutory ban on information blocking.”

— Fourth Circuit Court of Appeals, No. 24-1773, March 12, 2025, rejecting PointClickCare’s security justification.

“Real Time ‘will be out of business within weeks if shut off from the data.'” And: “PointClickCare’s actions threaten exactly that: every time Real Time must reach out to a customer to ask them to reset an account, it wastes the customer’s time and looks incompetent to the customer. And every time Real Time’s access to the records for a given nursing home is disrupted, that is ‘a 100% business interruption’ with that facility.”

— Fourth Circuit Court of Appeals, No. 24-1773, March 12, 2025, on irreparable harm, citing Dr. Rifkin’s testimony and the district court’s findings.

“PointClickCare did not know which users belonged to Real Time (unless the username explicitly referred to Real Time) until Real Time provided a list of users in May 2024. So, even if other users’ bots were caught up in the same net as Real Time’s, that does not mean the net was not aimed at Real Time.”

— Fourth Circuit Court of Appeals, No. 24-1773, March 12, 2025, on the targeted and discriminatory character of PointClickCare’s watch-list system.

“[W]hen asked whether the two graphs from April 2023 were ‘all that’s in your affidavit as far as Real Time,’ Fourati responded, ‘Yeah, that’s fair.'” [The two April 2023 graphs were the only concrete data PointClickCare provided regarding Real Time’s bots’ effect on its systems.]

— Fourth Circuit Court of Appeals, No. 24-1773, March 12, 2025, exposing the near-total absence of documented evidence for PointClickCare’s claimed performance concerns.

Societal Impact Mapping

Public Health: Elderly Lives Used as Leverage

The court record does not mince words about what Real Time’s software actually does in clinical terms. Medical providers and nursing facility operators submitted sworn affidavits stating that without Real Time’s analytics services, their facilities “are likely, over any substantial amount of time, to see an increase in resident hospitalizations and/or deaths.” PointClickCare’s CAPTCHA escalation campaign severed access entirely for twenty-one Maryland nursing facilities and adversely impacted at least seventy-five others. These were not abstract data points. These were the facilities where Real Time’s software was scanning patient charts in near-real-time, looking for the quiet warning signs of sepsis, infection, and organ failure that nursing home staff cannot monitor manually without significant additional resources.

The consequences of losing that monitoring are not speculative. The academic research cited in the court record showed that Real Time-associated facilities achieved meaningfully lower hospital readmission rates. Researchers calculated that if all skilled nursing facilities nationwide matched those rates, Medicare and Medicaid would save approximately $2.8 billion per year ($2.8 billion, enough to pay for roughly 140,000 Americans to receive a full year of inpatient hospital care at average costs). Hospital readmissions in elderly nursing home populations carry serious mortality risk. Every unnecessary readmission is a roll of the dice with someone’s life. PointClickCare’s data blockade increased those odds.

The company’s own performance data makes the irony complete. PointClickCare claimed Real Time’s bots were degrading its system performance, yet PointClickCare’s own Senior Vice President conceded he was not aware of any security breach caused by Real Time’s activity. PointClickCare pushes out 1.2 million medication administrations per day through its own automated processes. The company that cried “bot danger” was itself one of the most automated healthcare systems in the country. The threat it manufactured to justify its blockade was designed to be uncheckable, because there was nothing real behind it.

Economic Inequality: A Monopoly Power Play in Healthcare Infrastructure

PointClickCare controls the electronic health records for more than half of all nursing homes in the United States. That is not a market position; it is a toll booth. Any company that wants to provide services to nursing home patients, from analytics to pharmacy integration to early-warning systems, must pass through PointClickCare’s infrastructure. PointClickCare sets the terms, controls the access, and now, as of 2020 or 2021, directly competes in the same analytics market as the companies that depend on its platform. This is a structural conflict of interest that the court found overwhelmingly likely to have driven PointClickCare’s behavior.

The marketplace agreement PointClickCare demanded Real Time sign in order to access even 30% of the data it needed contained a clause that would have placed Real Time in immediate, automatic breach. The agreement required Real Time not to develop or commercialize any product that PointClickCare deemed, in its “sole discretion,” to be “directly competitive” with PointClickCare’s own products. Since PointClickCare was by that point an active competitor in the analytics market, Real Time’s core product would have constituted a breach from day one. PointClickCare was not offering a business deal. It was offering a surrender document.

The court record shows that PointClickCare negotiated contract modifications with other companies it considered competitors. It modified the standard marketplace agreement for at least three companies that its own vice president of partnerships identified as competitors. For Real Time alone, PointClickCare refused to negotiate, refused to respond to redlines, refused to respond to fee proposals, and ultimately refused to continue building the technical solution that Real Time’s and PointClickCare’s own engineers had been constructing together. The pattern is clear: PointClickCare reserved maximum flexibility for companies that posed less of a competitive threat to its newly entered analytics market, and deployed maximum obstruction against the one competitor that had the track record, the customer base, and the government contracts to genuinely challenge it.

Related posts:

The FDA said that Novo Nordisk is using illegal monopoly tactics to keep prices of medications sky-high Prestige Healthcare doesn’t pay its home health aides employees. Blue Cross Blue Shield Profited From Its Own Errors (At Our Expense) How OptumRx Allegedly Rigged the Game Against Your Local Pharmacy