Vimala Devassy

Partner

Atlanta
T +1.404.256.8243
F +1.404.459.5734

Overview

Vimy Devassy, a partner in BakerHostetler’s national healthcare group, focuses her practice on transactions and regulatory matters for healthcare industry clients. She has a wealth of experience in structuring complex transactions among healthcare providers, negotiating a broad spectrum of industry relevant contracts and advising clients on day-to-day regulatory and compliance matters, including fraud and abuse laws and health information laws.

Certified as a Health Care Information Security and Privacy Practitioner (HCISPP), as well as an Information Privacy Professional (CIPP) by the International Association of Privacy Professionals, Vimy serves as Co-Chair of the Healthcare Technology Team. She has extensive experience managing issues related to confidentiality, privacy and security of health information, including compliance with the rubric of state and federal healthcare privacy laws, such as the Health Insurance Portability and Accountability Act (HIPAA), digital health laws, the Telephone Consumer Protection Act (TCPA) and the 21st Century Cures Act requirements, including the information blocking regulations. Her work includes helping clients understand how to align their privacy and information security programs in compliance with applicable laws, respond to potential breach and security incidents, permissibly utilize and share their health data, and navigate complex privacy and security laws as they consider innovative new technologies and business opportunities.

Select Experience

  • Advises vast array of health industry clients on complex data use issues, negotiating health information technology agreements, responding to significant HIPAA breaches, developing robust compliance HIPAA programs, and advising on day-to-day privacy and security compliance matters.
  • Advises healthcare industry clients on understanding and implementing strategies to comply with the 21st Century Cures Act regulations, including the information blocking regulations.
  • Provides ongoing assistance to large hospital systems in negotiating and drafting wide variety of contracts, including physician-related agreements, technology agreements, business associate agreements and material vendor agreements.
More »

Experience

  • Advises vast array of health industry clients on complex data use issues, negotiating health information technology agreements, responding to significant HIPAA breaches, developing robust compliance HIPAA programs, and advising on day-to-day privacy and security compliance matters.
  • Advises healthcare industry clients on understanding and implementing strategies to comply with the 21st Century Cures Act regulations, including the information blocking regulations.
  • Provides ongoing assistance to large hospital systems in negotiating and drafting wide variety of contracts, including physician-related agreements, technology agreements, business associate agreements and material vendor agreements.
  • Advises multi-campus system regarding physician-hospital arrangements and provided transactional representation in connection with practice acquisitions, physician employment, medical director arrangements, and other professional services arrangements.
  • Advises private equity clients regarding potential investments involving healthcare providers, including due diligence review and analysis of fraud and abuse issues, licensure, and other regulatory considerations.
  • Represents several large hospital systems and various large physician practices in responding to significant HIPAA breaches that resulted in no sanctions.
  • Advises health systems on health data use and sharing arrangements and utilization of HIPAA-compliance organizational structures, such as organized healthcare arrangements or designation as hybrid entity.
  • Serves as lead regulatory counsel in acquisitions of digital health and telemedicine platform by Fortune 50 healthcare services and products company.
  • Advises healthcare providers in utilization of telehealth and unique digital health applications, including providing compliance assistance on novel technologies and issues related to monitoring and minimizing the impact of the COVID-19 pandemic.
  • Advises health industry companies on compliant marketing and patient engagement strategies.
  • Prepares HIPAA training materials and conducts HIPAA compliance training for healthcare industry clients.

Recognitions and Memberships

Recognitions

  • International Information System Security Certification Consortium (ISC2)
    • Certified Health Care Information Security and Privacy Practitioner (HCISPP)
  • International Association of Privacy Professionals
    • Certified Information and Privacy Professional (CIPP/US)
  • The Legal 500 United States 
    • Recommended in Media, Technology and Telecoms: Cyber law
    • Recommended in Media, Technology and Telecoms: Data protection and privacy

Memberships

  • American Health Lawyers Association
  • State Bar of Georgia, Health Law Section
  • International Association of Privacy Professionals
  • International Information System Security Certification Consortium

Prior Positions

  • McKenna Long & Aldridge: Of Counsel
  • Cadwalader, Wickersham & Taft: Associate

Admissions

  • New York
  • Georgia

Education

  • J.D., Boston University School of Law, 2001
  • M.B.A., Boston University School of Management, 2001
  • M.P.H., Emory University Rollins School of Public Health, 1998
  • B.S., Georgia Institute of Technology, 1997

Blog

In The Blogs

Previous Next
Health Law Update
HHS Proposes Rule Strengthening Section 1557 Protections Against Nondiscrimination in Health Activities
By Justin Chavez, Vimala Devassy
August 8, 2022
On Aug. 4, the Department of Health and Human Services (HHS) published its proposed rule, Nondiscrimination in Health Care and Activities (Proposed Rule), to revise its regulations pertaining to Section 1557 of the Affordable Care Act...
Read More ->
Health Law Update
HHS and DOJ Issue Joint Guidance on Nondiscriminatory Telehealth Practices
By Justin Chavez, Vimala Devassy
August 3, 2022
To coincide with the 32nd anniversary of the Americans with Disabilities Act (ADA), the Department of Health and Human Services Office for Civil Rights (OCR) and the Department of Justice’s Civil Rights Division (CRT) jointly issued...
Read More ->
Data Counsel
Ransomware, COVID-19 and Regulations: Healthcare Entities Confront a Triple Threat
By Vimala Devassy, Courtney L. Litchfield, Eric A. Packel
July 1, 2021
Given what the healthcare industry faced in 2020, the seventh edition of our Data Security Incident Response (DSIR) Report, “Disruption and Transformation,” is aptly titled. As if fighting the COVID-19 pandemic weren’t enough for the...
Read More ->
Data Counsel
Compliance and Cybersecurity Best Practices Rewarded with HIPAA Safe Harbor
By Vimala Devassy, Sara M. Goldstein, Kyle R. Gregory
January 13, 2021
On January 5, 2021, H.R. 7898 was signed into law with little fanfare, thereby amending the Health Information Technology for Economic and Clinical Health Act.[1] As the healthcare industry continues to serve as one of the top targets for...
Read More ->
Data Counsel
ONC Announces Delay of Information Blocking Provisions
By Vimala Devassy
October 29, 2020
The Department of Health and Human Services’ (HHS)’ Office of the National Coordinator (ONC) published an interim final rule today delaying several key compliance deadlines in the ONC 21st Century Cures Act final rule – including that of...
Read More ->