Vimala Devassy

Counsel

Atlanta
T +1.404.256.8243
F +1.404.459.5734

Overview

With nearly 20 years of experience representing healthcare industry professionals and entities, Vimy Devassy provides her clients with an in-depth understanding of industry compliance and regulatory issues. She has broad experience structuring complex transactions among healthcare providers, negotiating a broad spectrum of industry relevant contracts, and advising clients on day-to-day regulatory and compliance matters, including fraud and abuse laws and health information laws.

Certified as a Health Care Information Security and Privacy Practitioner (HCISPP) as well as an Information Privacy Professional (CIPP) by the International Association of Privacy Professionals, Vimy has extensive experience managing issues related to confidentiality, privacy and security of health information, including compliance with the rubric of laws relating to health information privacy such as the Health Insurance Portability and Accountability Act (HIPAA). Her work includes helping clients understand how to align their privacy and information security programs in compliance with applicable laws, respond to potential breach and security incidents, permissibly utilize and share their health data, and navigate complex privacy and security laws as they consider innovative new technologies and business opportunities.

Select Experience

  • Advising vast array of health industry clients on complex data use issues, negotiating health information technology agreements, responding to significant HIPAA breaches, developing robust compliance HIPAA programs, and advising on day-to-day privacy and security compliance matters.
  • Providing ongoing assistance to large hospital system in negotiating and drafting wide variety of contracts, including physician-related agreements.
  • Advising multi-campus system regarding physician-hospital arrangements and provided transactional representation in connection with practice acquisitions, physician employment, medical director arrangements, and other professional services arrangements.
More »

Experience

  • Advising vast array of health industry clients on complex data use issues, negotiating health information technology agreements, responding to significant HIPAA breaches, developing robust compliance HIPAA programs, and advising on day-to-day privacy and security compliance matters.
  • Providing ongoing assistance to large hospital system in negotiating and drafting wide variety of contracts, including physician-related agreements.
  • Advising multi-campus system regarding physician-hospital arrangements and provided transactional representation in connection with practice acquisitions, physician employment, medical director arrangements, and other professional services arrangements.
  • Advising private equity clients regarding potential investments involving healthcare providers, including due diligence review and analysis of fraud and abuse issues, licensure, and other regulatory considerations.
  • Represented several large hospital systems and various large physician practices in responding to significant HIPAA breaches that resulted in no sanctions.

Recognitions and Memberships

Recognitions

  • International Information System Security Certification Consortium (ISC2)
    • Certified Health Care Information Security and Privacy Practitioner (HCISPP)
  • International Association of Privacy Professionals
    • Certified Information and Privacy Professional (CIPP/US)
  • The Legal 500 United States (2016)
    • Recommended in Media, Technology and Telecoms: Cyber law
    • Recommended in Media, Technology and Telecoms: Data protection and privacy

Memberships

  • American Health Lawyers Association
  • International Association of Privacy Professionals

Prior Positions

  • McKenna Long & Aldridge: Of Counsel

Admissions

  • New York
  • Georgia

Education

  • J.D., Boston University School of Law, 2001
  • M.B.A., Boston University School of Management, 2001
  • M.P.H., Emory University Rollins School of Public Health, 1998
  • B.S., Georgia Institute of Technology, 1997

Blog

In The Blogs

Previous Next
Data Counsel
ONC Announces Delay of Information Blocking Provisions
By Vimala Devassy
October 29, 2020
The Department of Health and Human Services’ (HHS)’ Office of the National Coordinator (ONC) published an interim final rule today delaying several key compliance deadlines in the ONC 21st Century Cures Act final rule – including that of...
Read More ->
Data Counsel
CARES Act Significantly Revises Part 2 Rules to Better Align with HIPAA
By Vimala Devassy, Kyle R. Gregory
April 2, 2020
On March 27, 2020, President Trump signed the Coronavirus Aid, Relief, and Economic Security Act (the “CARES Act”) into law. While the focus of the CARES Act has been on direct financial aid to Americans, the Act also contains a number of...
Read More ->
Data Counsel
HHS Issues Two Important Bulletins Waiving HIPAA Sanctions During the COVID-19 National Emergency
By Vimala Devassy
March 18, 2020
The HHS Office for Civil Rights (OCR) issued two important bulletins this week regarding the novel coronavirus disease (COVID-19) outbreak. On Mar. 16, OCR issued a limited waiver of HIPAA sanctions and penalties for noncompliance with...
Read More ->