Vimala Devassy

Partner

Atlanta
T +1.404.256.8243
F +1.404.459.5734

Overview

Vimy Devassy, a partner in BakerHostetler’s national healthcare group, focuses her practice on transactions and regulatory matters for healthcare industry clients. She has a wealth of experience in structuring complex transactions among healthcare providers, negotiating a broad spectrum of industry relevant contracts, and advising clients on day-to-day regulatory and compliance matters, including fraud and abuse laws and health information laws.

Certified as a Health Care Information Security and Privacy Practitioner (HCISPP), as well as an Information Privacy Professional (CIPP) by the International Association of Privacy Professionals, Vimy serves as Co-Chair of the Healthcare Technology Team. She has extensive experience managing issues related to confidentiality, privacy and security of health information, including compliance with the rubric of state and federal healthcare privacy laws, such as the Health Insurance Portability and Accountability Act (HIPAA), digital health laws, the Telephone Consumer Protection Act (TCPA) and the 21st Century Cures Act requirements, including the information blocking regulations. Her work includes helping clients understand how to align their privacy and information security programs in compliance with applicable laws, respond to potential breach and security incidents, permissibly utilize and share their health data, and navigate complex privacy and security laws as they consider innovative new technologies and business opportunities.

Select Experience

  • Advises vast array of health industry clients on complex data use issues, negotiating health information technology agreements, responding to significant HIPAA breaches, developing robust compliance HIPAA programs, and advising on day-to-day privacy and security compliance matters.
  • Advises healthcare industry clients on understanding and implementing strategies to comply with the 21st Century Cures Act regulations, including the information blocking regulations.
  • Provides ongoing assistance to large hospital systems in negotiating and drafting wide variety of contracts, including physician-related agreements, technology agreements, business associate agreements and material vendor agreements.
More »

Experience

  • Advises vast array of health industry clients on complex data use issues, negotiating health information technology agreements, responding to significant HIPAA breaches, developing robust compliance HIPAA programs, and advising on day-to-day privacy and security compliance matters.
  • Advises healthcare industry clients on understanding and implementing strategies to comply with the 21st Century Cures Act regulations, including the information blocking regulations.
  • Provides ongoing assistance to large hospital systems in negotiating and drafting wide variety of contracts, including physician-related agreements, technology agreements, business associate agreements and material vendor agreements.
  • Advises multi-campus system regarding physician-hospital arrangements and provided transactional representation in connection with practice acquisitions, physician employment, medical director arrangements, and other professional services arrangements.
  • Advises private equity clients regarding potential investments involving healthcare providers, including due diligence review and analysis of fraud and abuse issues, licensure, and other regulatory considerations.
  • Represents several large hospital systems and various large physician practices in responding to significant HIPAA breaches that resulted in no sanctions.
  • Advises health systems on health data use and sharing arrangements and utilization of HIPAA-compliance organizational structures, such as organized healthcare arrangements or designation as hybrid entity.
  • Serves as lead regulatory counsel in acquisitions of digital health and telemedicine platform by Fortune 50 healthcare services and products company.
  • Advises healthcare providers in utilization of telehealth and unique digital health applications, including providing compliance assistance on novel technologies and issues related to monitoring and minimizing the impact of the COVID-19 pandemic.
  • Advises health industry companies on compliant marketing and patient engagement strategies.
  • Prepares HIPAA training materials and conducts HIPAA compliance training for healthcare industry clients.

Recognitions and Memberships

Recognitions

  • International Information System Security Certification Consortium (ISC2)
    • Certified Health Care Information Security and Privacy Practitioner (HCISPP)
  • International Association of Privacy Professionals
    • Certified Information and Privacy Professional (CIPP/US)
  • The Legal 500 United States 
    • Recommended in Media, Technology and Telecoms: Cyber law
    • Recommended in Media, Technology and Telecoms: Data protection and privacy

Memberships

  • American Health Lawyers Association
  • State Bar of Georgia, Health Law Section
  • International Association of Privacy Professionals
  • International Information System Security Certification Consortium

Prior Positions

  • McKenna Long & Aldridge: Of Counsel
  • Cadwalader, Wickersham & Taft: Associate

Admissions

  • New York
  • Georgia

Education

  • J.D., Boston University School of Law, 2001
  • M.B.A., Boston University School of Management, 2001
  • M.P.H., Emory University Rollins School of Public Health, 1998
  • B.S., Georgia Institute of Technology, 1997

Blog

In The Blogs

Previous Next
Data Counsel
Ransomware, COVID-19 and Regulations: Healthcare Entities Confront a Triple Threat
By Vimala Devassy, Courtney L. Litchfield, Eric A. Packel
July 1, 2021
Given what the healthcare industry faced in 2020, the seventh edition of our Data Security Incident Response (DSIR) Report, “Disruption and Transformation,” is aptly titled. As if fighting the COVID-19 pandemic weren’t enough for the...
Read More ->
Data Counsel
Compliance and Cybersecurity Best Practices Rewarded with HIPAA Safe Harbor
By Vimala Devassy, Sara M. Goldstein, Kyle R. Gregory
January 13, 2021
On January 5, 2021, H.R. 7898 was signed into law with little fanfare, thereby amending the Health Information Technology for Economic and Clinical Health Act.[1] As the healthcare industry continues to serve as one of the top targets for...
Read More ->
Data Counsel
ONC Announces Delay of Information Blocking Provisions
By Vimala Devassy
October 29, 2020
The Department of Health and Human Services’ (HHS)’ Office of the National Coordinator (ONC) published an interim final rule today delaying several key compliance deadlines in the ONC 21st Century Cures Act final rule – including that of...
Read More ->
Data Counsel
CARES Act Significantly Revises Part 2 Rules to Better Align with HIPAA
By Vimala Devassy, Kyle R. Gregory
April 2, 2020
On March 27, 2020, President Trump signed the Coronavirus Aid, Relief, and Economic Security Act (the “CARES Act”) into law. While the focus of the CARES Act has been on direct financial aid to Americans, the Act also contains a number of...
Read More ->
Data Counsel
HHS Issues Two Important Bulletins Waiving HIPAA Sanctions During the COVID-19 National Emergency
By Vimala Devassy
March 18, 2020
The HHS Office for Civil Rights (OCR) issued two important bulletins this week regarding the novel coronavirus disease (COVID-19) outbreak. On Mar. 16, OCR issued a limited waiver of HIPAA sanctions and penalties for noncompliance with...
Read More ->