Use caution when entering personal health information into a convenient app on your mobile device, because not all apps are created equal when it comes to protecting your privacy, warns McLean Hospital and Harvard Medical School clinicians.

In a recent paper, a team of McLean Hospital researchers reported that many health apps designed to assist dementia patients and their caregivers have inadequate security policies or lack security policies altogether. The paper, "Data Security and Privacy in Apps for Dementia: An Analysis of Existing Privacy Policies," was published in the August issue of The American Journal of Geriatric Psychiatry.

The paper's senior author, Ipsit Vahia, MD, medical director of Geriatric Psychiatry Outpatient Services at McLean, said the research "represents a note of caution to researchers, clinicians, as well as patients and their families" who may be turning to health apps for assistance in managing conditions like dementia. Vahia, who co-authored the study with Lisa C. Rosenfeld, MD, a resident in the MGH/McLean Adult Psychiatry Residency Training Program, and John B. Torous, MD, of Beth Israel Deaconess Medical Center, believes the research "also points to a role for professional organizations and advocacy groups in helping educate mobile health consumers on how to best make decisions about using this technology."

For the paper, Vahia and his colleagues analyzed privacy polices of iPhone apps matching the search terms "medical + dementia" or "health & fitness + dementia." Focusing on apps that collect user-generated content, the researchers evaluated privacy policies based on criteria for how user-provided data were handled.

Of the 125 apps Vahia and his team reviewed, 72 collected user-generated content, but only 33 had privacy policies available. Through a review of policies detailing individual-level protections, the researchers found "a preponderance of missing information, the majority acknowledged collecting individual data for internal purposes, and most named instances in which user data would be shared with outside parties."

Based on the findings, Vahia said, "no one using an app for a mental health-related reason should assume that privacy and security measures are in place." He called on patients and caregivers to "pay attention to the type of information that they provide to the app, and try to understand what can be done with that information." This is particularly important for those with conditions such as dementia, he said, "where the persons using the app may be suffering from the disease and not fully understand privacy policies, even when they exist."

Vahia believes that health apps have tremendous potential for helping individuals with mental health concerns and their caregivers, but "in order for technology to realize its full potential in mental health, users need to feel confident about the security and privacy of the information that is collected." He said that "clinicians should educate themselves and their patients about issues related to the data collected" before recommending an app. Not doing so, he explained, "could be akin to prescribing a medication without being aware of or disclosing risks and side effects."