What is DeepSynopsis?

DeepSynopsis is an AI-driven evidence platform that scans new peer-reviewed studies, guidelines, and trial registries every day, scores each paper's methodological quality, and delivers concise, clinically-actionable synopses to your phone or desktop.

Who is DeepSynopsis designed for?

Practicing physicians, residents, pharmacists, nurse practitioners, medical educators, research teams, and hospital librarians who need fast, trustworthy evidence at the point of care or in teaching settings.

How quickly will I get an answer after I type a question?

Most clinical queries return a fully referenced, quality-scored synopsis in under 10 seconds; longer systematic-review style requests take 20-30 seconds.

Where do the references come from, and are they reliable?

We pull directly from PubMed, Embase, medRxiv, major guideline bodies, and leading journals. Each citation is linked to its source and tagged with our AI-assessed rigor score plus key study metadata.

Can I upload my institution's protocols or unpublished data?

Yes. The "My Library" feature lets you add PDFs, slide decks, or internal guidelines so the AI can search, summarize, and cite your private content alongside public literature.

How does DeepSynopsis keep me up-to-date without extra effort?

You choose specialties and keywords; we send weekly digest emails and real-time push alerts when practice-changing evidence appears—no more manual table-of-contents surfing.

Does the app remember my previous searches and notes?

Absolutely. Your query history, saved synopses, highlights, and annotations are securely synced across web and mobile so you can revisit or share them anytime.

Do I still need to open every cited paper manually?

Only if you want to dive deeper. Each synopsis includes one-click access to abstracts, full texts (when open-access), and our instant critical-appraisal snapshot.

How is my data protected?

All queries and uploads are encrypted in transit and at rest. We are HIPAA-ready, GDPR-compliant, and never share personal data or private documents with third parties.

Business Associate Agreement - DeepSynopsis

DeepSynopsis Health Insurance Portability and Accountability Act (HIPAA) Compliance

DeepSynopsis is fully compliant with the requirements of the Health Insurance Portability and Accountability Act (HIPAA). U.S. covered entities can securely input protected health information (PHI) in accordance with HIPAA’s privacy and security standards.

U.S. covered entities who choose to input PHI on DeepSynopsis agree that such information will be handled in accordance with our Business Associate Agreement (BAA) outlined below. All DeepSynopsis users are responsible for ensuring that their inputs comply with applicable laws, including HIPAA and other privacy regulations.

To protect sensitive information, user conversations on DeepSynopsis are private by default. Users have full control over access to their conversations by using the “Share” button, which gives users the ability to:

Securely share a conversation with others via email invitation
Make a conversation publicly accessible to anyone with the link (for conversations that do not contain PHI)

DeepSynopsis Business Associate Agreement (BAA)
Last updated: [June 10^th, 2025]

This Business Associate Agreement (“Agreement”) forms part of, and is incorporated by reference into, the DeepSynopsis Terms of Service (the “Service Agreement”). The Agreement is made between Gamma HealthTech FZ LLC, a company organized under the laws of the United Arab Emirates and doing business as DeepSynopsis (“Gamma HealthTech,” “DeepSynopsis,” “we,” or “Business Associate”), and the healthcare provider, health plan, or other covered entity that has accepted the Service Agreement (“Covered Entity,” “you”). Gamma HealthTech and the Covered Entity are each a “Party” and, together, the “Parties.”

Recitals

A. Relationship Under HIPAA.
The Parties acknowledge that, while delivering the Services described in the Service Agreement, DeepSynopsis may create, receive, maintain, or transmit Protected Health Information (“PHI”) on behalf of Covered Entity. When handling such information, DeepSynopsis serves as a “business associate,” and Covered Entity acts as a “covered entity,” as those terms are defined in the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its implementing regulations, including the Health Information Technology for Economic and Clinical Health Act (“HITECH”), each as amended.

B. Need for a Written Agreement.
HIPAA requires business associates and covered entities to enter into a written contract that sets forth the permitted uses and disclosures of PHI and the safeguards that must be in place. The Parties therefore enter into this Agreement to satisfy 45 C.F.R. §§ 164.502(e) and 164.504(e) and to allocate their respective obligations regarding PHI.

C. Intent of the Parties.
The Parties intend that this Agreement:

Compliment and supplement the Service Agreement.
Define DeepSynopsis’s responsibilities for protecting the confidentiality, integrity, and availability of PHI; and
Ensure that all PHI handled in connection with the Services is managed in full compliance with the administrative, physical, and technical safeguard requirements of HIPAA and HITECH.

Agreement

NOW, THEREFORE, to the extent HIPAA applies to each Party, and for other good and valuable consideration, the receipt and adequacy of which are acknowledged, DeepSynopsis (“Business Associate”) and the Covered Entity agree as follows:

Definitions

For purposes of this Agreement, the capitalized terms below have the meanings set out in HIPAA (45 C.F.R. Parts 160 & 164); any term not defined here but capitalized in HIPAA carries the meaning given in the regulation.

Term	Meaning (as applied in this Agreement)
Electronic Protected Health Information (“ePHI”)	PHI that is transmitted or maintained in electronic media and that is created, received, maintained, or transmitted by Business Associate on behalf of Covered Entity (45 C.F.R. § 160.103).
Individual	A natural person who is the subject of PHI, including any personal representative recognized under 45 C.F.R. § 164.502(g).
Protected Health Information (“PHI”)	Individually identifiable health information, whether electronic or not, that Business Associate creates, receives, maintains, or transmits for Covered Entity. ePHI is included within PHI.
Subcontractor	Any person or entity (other than in the workforce of Business Associate) to whom Business Associate delegates a function, activity, or service involving PHI, consistent with 45 C.F.R. § 160.103.

The verbs use, disclose, and discover, whether capitalized or not, carry the meanings assigned under HIPAA.

Business Associate Responsibilities
1. Permitted Uses/Disclosures. Business Associate will not use or disclose PHI except (a) as allowed by the Service Agreement; (b) as expressly permitted in Section 3 of this Agreement; or (c) as otherwise required by applicable law.
2. Safeguards. Business Associate will implement administrative, physical, and technical safeguards—consistent with Subpart C of 45 C.F.R. Part 164—to protect ePHI from unauthorized use or disclosure.
3. Incident & Breach Reporting.

Business Associate will promptly report to Covered Entity any use or disclosure of PHI not permitted by this Agreement, any Breach of Unsecured PHI, and any Security Incident that it becomes aware of, as required by 45 C.F.R. § 164.410.
The Parties acknowledge this notice constitutes ongoing, routine reporting of unsuccessful Security Incidents (e.g., port scans, failed log-ins, denial-of-service probes) that do not result in known unauthorized access to ePHI.
Because of the nature of the Services, Business Associate may not always be able to identify the specific Individuals or data elements involved in a Breach or Security Incident.
1. Subcontractors. Business Associate will ensure that any Subcontractor with access to PHI signs a written agreement imposing the same restrictions and safeguards required of Business Associate under this Agreement (45 C.F.R. §§ 164.502(e)(1)(ii), 164.308(b)(2)).
2. Access to PHI. Upon request, Business Associate will make PHI contained in a Designated Record Set available to Covered Entity to enable compliance with 45 C.F.R. § 164.524.
3. Amendment of PHI. Business Associate will amend PHI in a Designated Record Set as directed by Covered Entity, consistent with 45 C.F.R. § 164.526.
4. Accounting of Disclosures. Business Associate will maintain and provide the information necessary for an accounting of disclosures under 45 C.F.R. § 164.528.
5. Compliance with Subpart E. To the extent Business Associate performs Covered Entity’s obligations under Subpart E of 45 C.F.R. Part 164, Business Associate will comply with the same requirements that apply to Covered Entity.
6. Government Access. Business Associate will make its internal policies, procedures, books, and records relating to PHI available to the Secretary of Health and Human Services for HIPAA compliance review.

Permitted Uses and Disclosures by Business Associate

Service Delivery. Business Associate may use or disclose PHI solely to perform its duties under the Service Agreement. Business Associate may de-identify PHI in accordance with 45 C.F.R. §§ 164.502(d) and 164.514(a)–(c); once de-identified, such information is no longer PHI.
Legal Requirements. Business Associate may use or disclose PHI to the extent required by law.
Minimum Necessary. All uses, disclosures, and requests for PHI must adhere to Covered Entity’s minimum-necessary standards.
Prohibited Uses/Disclosures. Business Associate will not use or disclose PHI in any way that would violate Subpart E of 45 C.F.R. Part 164 if done directly by Covered Entity, except as specifically permitted below.
Management and Administration. Business Associate may use PHI for its own management, administration, or legal responsibilities.
Third-Party Disclosures for Administration. Business Associate may disclose PHI for its management or legal responsibilities if (i) the disclosure is required by law, or (ii) the recipient provides reasonable written assurances that the information will remain confidential, be used only as permitted, and that any breaches will be reported to Business Associate.
Data Aggregation. Business Associate may provide Data Aggregation services relating to the Covered Entity’s Health Care Operations.

Duties of the Covered Entity

Covered Entity agrees to:

Privacy-Notice Limits. Tell Business Associate without undue delay if a limitation in Covered Entity’s notice of privacy practices (45 C.F.R. § 164.520) may restrict Business Associate’s ability to use or disclose PHI.
Revocations & Permission Changes. Inform Business Associate, before the change becomes effective, whenever an Individual revokes or modifies an authorization that would affect Business Associate’s permitted uses or disclosures of that Individual’s PHI.
Additional Restrictions. Notify Business Associate, in advance, of any restriction on use or disclosure of PHI that Covered Entity has accepted under 45 C.F.R. § 164.522 if the restriction limits Business Associate’s activities.
Authorizations & Consents. Obtain any authorizations, consents, or other permissions required by law to enable the uses and disclosures of PHI contemplated by this Agreement or the Service Agreement.
Permissible Requests. Refrain from asking Business Associate to use or disclose PHI in a way that would violate Subpart E of 45 C.F.R. Part 164 if performed directly by Covered Entity.

Term and Termination
1. Term.
  This Agreement begins on the date Covered Entity first opens a DeepSynopsis account (the “Effective Date”) and continues until (a) Covered Entity deactivates that account, thereby ending the Service Agreement, or (b) either Party terminates this Agreement as provided in Section 5.2—whichever occurs first.
2. Termination for Cause.
  Either Party may terminate this Agreement by giving written notice if the other Party materially breaches the Agreement and fails to cure the breach within 30 days after receiving notice of it.

Business Associate Obligations at Termination.

When this Agreement ends for any reason, Business Associate will:

Retain only the PHI it reasonably needs for its own management, administration, or legal obligations;
If feasible, return to (or, if Covered Entity directs, destroy) all other PHI still in its possession or control;
Continue applying the safeguards required by Subpart C of 45 C.F.R. Part 164 to any PHI it must keep;
Use or disclose retained PHI only for the limited purposes that justified its retention, and subject to the same conditions stated in Section 3(e) and 3(f); and
Return or (if Covered Entity agrees) securely destroy the retained PHI once it is no longer needed for the purposes listed in subsection (a).

Survival.
The obligations in this Section 5, and any other provisions that by their nature should survive remain in effect after termination.

Notices

Any notice, request, or other communication under this Agreement must be in writing and delivered in the manner specified for notices in the Service Agreement.

Miscellaneous
1. Regulatory Citations
  Any reference in this Agreement to a provision of HIPAA (or its implementing regulations) means the provision as it exists on the Effective Date and as it may be amended, superseded, or renumbered in the future.
2. Amendment
  If a change in HIPAA or other applicable law requires modification of this Agreement, the Parties will cooperate in good faith to execute an amendment that brings the Agreement into compliance. Such an amendment will become effective on the date required by law (or any later date the Parties specify).
3. Interpretation
  This Agreement must be interpreted to achieve—and not to hinder—full compliance with HIPAA. Any ambiguity will be resolved with that objective in mind.
4. Governing Law; Dispute Resolution

Choice of Law. This Agreement is governed by the laws of the State of Delaware, excluding its conflict-of-laws rules, except where federal law (including HIPAA) preempts Delaware law.
Mandatory Arbitration. Any dispute arising from or relating to this Agreement will be resolved exclusively by binding arbitration administered by JAMS under its then-current rules, as modified below:

The arbitration will be conducted by a single arbitrator.
If the Parties cannot agree on an arbitrator within 30 days after the respondent receives the arbitration demand, JAMS will appoint one.
The hearing will take place at a location the Parties agree upon (or, absent agreement, as set by the arbitrator).
The arbitrator’s award will be final and may be entered in any court of competent jurisdiction.
Except to enforce an award or as otherwise required by law, neither Party may disclose the existence, content, or outcome of the arbitration without the other Party’s written consent.
1. No Third-Party Beneficiaries
  Nothing in this Agreement—express or implied—confers any rights, remedies, or obligations on any person or entity other than DeepSynopsis and Covered Entity and their respective successors and permitted assigns.
2. Priority over Conflicting Terms
  If a direct conflict exists between this Agreement and the Service Agreement, the conflicting terms of this Agreement control solely with respect to HIPAA-related matters. This Agreement replaces any prior business associate agreement between the Parties concerning actions taken on or after the Effective Date.
3. Successors and Assigns
  This Agreement binds and benefits the Parties and their respective successors and permitted assigns.
4. Severability
  If any provision of this Agreement is held invalid or unenforceable by a court of competent jurisdiction, that provision will be deemed severed, and the remainder of the Agreement will remain in full force if the essential purpose of the Agreement can still be fulfilled.
5. Counterparts
  The Parties may execute this Agreement in multiple counterparts (including electronic signatures); each counterpart is deemed an original, and all counterparts together constitute one instrument.

Our Address

Contact