Close X
Attorney Spotlight

How does Jessie Zeigler anticipate the intersection of privacy and smart technology will impact the future of litigation? Find out more>

Search

Close X

Experience

Search our Experience

Experience Spotlight

Primary Care Providers Win Challenge of CMS Interpretation of Enhanced Payment Law

With the help and support of the Tennessee Medical Association, 21 Tennessee physicians of underserved communities joined together and retained Bass, Berry & Sims to file suit against the Centers for Medicare & Medicaid Services to stop improper collection efforts. Our team, led by David King, was successful in halting efforts to recoup TennCare payments that were used legitimately to expand services in communities that needed them. Read more

Tennessee Medical Association & Bass, Berry & Sims

Close X

Thought Leadership

Enter your search terms in the relevant box(es) below to search for specific Thought Leadership.
To see a recent listing of Thought Leadership, click the blue Search button below.

Thought Leadership Spotlight

Healthcare Private Equity Compliance Checklist

The complex and ever-changing healthcare regulatory and enforcement environment, including increased focus on the role of private equity firms in their portfolio companies, make compliance a top priority for private equity firms investing in healthcare companies. The best way to limit your exposure as a private equity firm is to avoid a compliance misstep in the first place. Additionally, an effective and robust compliance program for your portfolio healthcare company makes it much more attractive to potential buyers and helps you avoid an unexpected and costly investigation or valuation hit down the road. Download the Healthcare Private Equity Compliance Checklist to assess whether your portfolio company's compliance program is up-to-date.

Click here to download the checklist.

GovCon Blog: GSA Announces New FedRAMP Category to Speed Up Approval Process

Publications

October 27, 2014

If a cloud services provider (CSP) wishes to provide their services to a federal agency they must obtain authorization and approval from the Federal Risk and Authorization Management Program (FedRAMP). As more and more CSPs have entered the FedRAMP assessment process, there has been a push to help agencies and CSPs achieve FedRAMP authorization faster. Moreover, the Office of Management and Budget mandated starting June 5, 2014, that all CSPs must be FedRAMP approved or at least in the process of getting an authority to operate prior to contracting with federal agencies. In order to assist with these efforts, GSA recently unveiled a new category to its program for cloud systems proven "FedRAMP Ready."

FedRAMP, administered by the General Services Administration (GSA), is a government-wide screening program that provides a standardized approach for assessing and monitoring the security of contractor cloud products and services. FedRAMP was first launched back in 2012 as a follow-on to the government's "Cloud First" strategy, which sought to save money by consolidating agencies' servers and mandating data storage to the cloud. The goal of FedRAMP is to reduce time and money that individual agencies would otherwise have to spend on assessing a cloud provider's security. Prior to FedRAMP, each agency conducted its own risk assessment for each procured cloud service, which led to multiple and redundant security assessments for identical services. The lead agencies for FedRAMP are the GSA, Department of Defense, and Department of Homeland Security. Representatives from those three agencies make up the FedRAMP Joint Authorization Board, which performs risk authorizations and grants the provisional FedRAMP authorization for specific cloud services and products. Once a vendor has demonstrated compliance with FedRAMP standards, they can provide their cloud services to any federal government agency. Upon receipt of a provisional authorization to operate, the FedRAMP Project Management Office will add the vendor to the list of authorized cloud service providers on www.FedRAMP.gov.

GSA recently unveiled its newest category for FedRAMP showcasing CSPs ready to perform assessments and authorizations with potential agency customers. This new category was created to enable contractors to get their security systems certified and for federal agencies to achieve FedRAMP compliancy more quickly. "FedRAMP Ready" designations will be granted to systems that have had their documentation reviewed by the FedRAMP program management office and at a minimum have gone through the PMO readiness review process. According to the cloud.cio.gov website, "FedRAMP Ready systems allow potential agency customers and authorizing officials a starting point to initiate an authorization. Systems with more complete documentation or assessments by an accredited 3PAO will allow potential agency customers and authorizing officials to go through the assessment and authorization process more rapidly to become FedRAMP compliant." Not all systems in this category will be a CSP, the FedRAMP Ready system will also accommodate open source code agencies deploy for their cloud solutions.

For more Government Contracts information, visit www.BassBerryGovCon.com.


Related Professionals

Related Services

Notice

Visiting, or interacting with, this website does not constitute an attorney-client relationship. Although we are always interested in hearing from visitors to our website, we cannot accept representation on a new matter from either existing clients or new clients until we know that we do not have a conflict of interest that would prevent us from doing so. Therefore, please do not send us any information about any new matter that may involve a potential legal representation until we have confirmed that a conflict of interest does not exist and we have expressly agreed in writing to the representation. Until there is such an agreement, we will not be deemed to have given you any advice, any information you send may not be deemed privileged and confidential, and we may be able to represent adverse parties.