Careers

Diversity

With 18 offices, from New York to Los Angeles and Seattle to Orlando, we live and work in communities all over the U.S., collaborating across locations, disciplines and even borders. Our experienced, highly ranked lawyers serve businesses wherever they are and wherever they want to go.

Offices

About Us

Pages

Professionals

Thought leadership: blogs, podcasts, videos, publications, events and news

Insights

Services

Pro Bono

Am Law 100 firm with practices in Business, Digital Assets and Data Management, Intellectual Property, Labor & Employment, Litigation and Tax.

Home | BakerHostetler

Asim Grabowski-Shaikh Speaks at SPAC Conference 2025

John Hilten Comments on Design Patent Impact of LKQ After One Year

DOJ Criminal Division Announces Leniency and Potential Declination for Companies That Self-Disclose

Micah Smith Speaks at Process Safety Regional Workshop

Certified as a Health Care Information Security and Privacy Practitioner (HCISPP), as well as an Information Privacy Professional (CIPP) by the International Association of Privacy Professionals, Vimy serves as Co-Chair of the Healthcare Technology team. She has extensive experience managing issues related to confidentiality, privacy and security of health information, including compliance with the rubric of state and federal healthcare privacy laws, such as the Health Insurance Portability and Accountability Act (HIPAA), digital health laws, the Telephone Consumer Protection Act (TCPA) and the 21st Century Cures Act requirements, including the information blocking regulations. Her work includes helping clients understand how to align their privacy and information security programs in compliance with applicable laws, respond to potential breach and security incidents, permissibly utilize and share their health data, and navigate complex privacy and security laws as they consider innovative new technologies and business opportunities.

core/freeform

J.D., Boston University School of Law, 2001

MBA, Boston University School of Management, 2001

M.P.H., Emory University Rollins School of Public Health, 1998

B.S., Georgia Institute of Technology, 1997

<ul>
<li>International Information System Security Certification Consortium (ISC2)
<ul>
<li>Certified Health Care Information Security and Privacy Practitioner (HCISPP)</li>
</ul>
</li>
<li>International Association of Privacy Professionals
<ul>
<li>Certified Information and Privacy Professional (CIPP/US)</li>
</ul>
</li>
<li>The Legal 500 United States
<ul>
<li>Recommended in Media, Technology and Telecoms: Cyber law</li>
<li>Recommended in Media, Technology and Telecoms: Data protection and privacy</li>
</ul>
</li>
</ul>


Atlanta

No Longer on Edge of the Telehealth Cliff (For Now): Congress Extends Medicare Telehealth Flexibilities for Additional 6 Months

Health Law Update

New Year, New Administration and New Uncertainties for the Healthcare Technology Industry

Healthcare Industry Team 2024 Year in Review

BakerHostetler Atlanta Office Sponsors South Asian Bar Association of Georgia Gala

What’s Hot in Healthcare: Digital Health Regulatory Update

Let’s Get Physical-OCR Issues Reminder that HIPAA Security Isn’t Just Technical

Healthcare Providers Beware: Finalized Disincentives Sharpen the Teeth of Information Blocking Rule

Vimala Devassy Takes Part in Panel on Healthcare Contracting with Vendors and Suppliers

Healthcare Technology Regulatory Update

Healthcare Industry Team 2023 Year in Review

Federal Government Addresses AI Transparency and Safety in Healthcare

OCR’s October Initiatives: Strengthening Telehealth Security and HIPAA Compliance

Steep Penalties for Information Blocking Finalized

ONC’s Proposed Rule Updates to the 21st Century Cures Act Regulations

Vimy Devassy and Justin Chavez Author Article About COVID-19 Policy and Telehealth

HHS Proposes New Rule Aligning Part 2 Regulations with HIPAA

HHS Proposes Rule Strengthening Section 1557 Protections Against Nondiscrimination in Health Activities

HHS and DOJ Issue Joint Guidance on Nondiscriminatory Telehealth Practices

Vimala Devassy Speaks on Legal  Landscape of Telehealth

Vimala Devassy Moderates Panel on Cybersecurity in the Healthcare Industry

Eric Packel, Vimala Devassy, Courtney Litchfield Article Examines “Triple Threat” Facing Healthcare Industry

Data Counsel

Ransomware, COVID-19 and Regulations: Healthcare Entities Confront a Triple Threat

BakerHosts

Let it Flow: Breaking Down Information Blocking

Private Equity

Mergers and Acquisitions

Digital Assets and Data Management

Business

Compliance and Corporate Governance Oversight

Healthcare Transactions

Compliance

Healthcare Privacy and Compliance

Healthcare Technology

Telehealth

Industries

Healthcare

Healthcare Fraud and Abuse Enforcement

<ul>
<li>Advises vast array of health industry clients on complex data use issues, negotiating health information technology agreements, responding to significant HIPAA breaches, developing robust compliance HIPAA programs, and advising on day-to-day privacy and security compliance matters.</li>
<li>Advises healthcare industry clients on understanding and implementing strategies to comply with the 21st Century Cures Act regulations, including the information blocking regulations.</li>
<li>Provides ongoing assistance to large hospital systems in negotiating and drafting wide variety of contracts, including physician-related agreements, technology agreements, business associate agreements and material vendor agreements.</li>
<li>Advises multicampus system regarding physician-hospital arrangements and provided transactional representation in connection with practice acquisitions, physician employment, medical director arrangements, and other professional services arrangements.</li>
<li>Advises private equity clients regarding potential investments involving healthcare providers, including due diligence review and analysis of fraud and abuse issues, licensure, and other regulatory considerations.</li>
<li>Represents several large hospital systems and various large physician practices in responding to significant HIPAA breaches that resulted in no sanctions.</li>
<li>Advises health systems on health data use and sharing arrangements and utilization of HIPAA-compliance organizational structures, such as organized healthcare arrangements or designation as hybrid entity.</li>
<li>Serves as lead regulatory counsel in acquisitions of digital health and telemedicine platform by Fortune 50 healthcare services and products company.</li>
<li>Advises healthcare providers in utilization of telehealth and unique digital health applications, including providing compliance assistance on novel technologies and issues related to monitoring and minimizing the impact of the COVID-19 pandemic.</li>
<li>Advises health industry companies on compliant marketing and patient engagement strategies.</li>
<li>Prepares HIPAA training materials and conducts HIPAA compliance training for healthcare industry clients.</li>
</ul>


Vimala Devassy

Vimala Devassy

Experience

Recognitions and Memberships

Insights and News

Prior Positions

Credentials

Areas of Focus

Industries

Services

Featured Insights