Study: Most dementia apps lack a privacy policy

phone iPhone
Harvard researchers found less than half of dementia apps that collect user data have a privacy policy.

Mobile health apps targeting dementia patients lack appropriate privacy policies, according to researchers, highlighting concerns about the possibility of privacy breaches within a particularly vulnerable population.

Researchers with Harvard Medical School reviewed 125 iPhone apps built for dementia patients and found that 72 collected user data. Of those apps that collected data, just 33 had an available privacy policy, according to results published in the American Journal of Geriatric Psychiatry.

Many of those mobile apps that had an accessible privacy policy lacked clarity, often failing to address the specific functions of the app, describe safeguards or differentiate between individual protections versus aggregate data protection.

The authors said the findings of the study highlighted a significant concern for patients with cognitive impairment and their caregivers, eroding trust among users.


In March, three mHealth general wellness apps agreed to a settlement in which New York Attorney General Eric Schneiderman indicated his office would pursue mobile app developers that make misleading claims or fail to protect user information.

RELATED: mHealth settlement raises concerns about future state-based enforcement

Attorneys with the Federal Trade Commission (FTC) and the Department of Health and Human Services’ Office for Civil Rights (OCR) have said privacy policies are generally the first place regulators look when evaluating potential privacy violations.

In addition to complying with HIPAA regulations, digital health companies face “literally thousands” of state medical privacy laws, according to one D.C. privacy attorney.