Elaine Zacharakis Loumbas

Health, Privacy & Technology Attorney

Zacharakis Loumbas Law LLC


Elaine Zacharakis Loumbas, founder and principal at Zacharakis Loumbas Law, LLC is an attorney who focuses her practice on corporate and regulatory health law and health technology matters. Elaine received her law degree from Notre Dame Law School and her undergraduate degree in industrial engineering from Columbia University’s School of Engineering & Applied Science.

Since 1994, Elaine has represented the full spectrum of health care entities, including health insurance companies, managed care organizations, hospitals, physicians, home health organizations, ambulatory surgery centers, pharmaceutical and medical device companies, pharmacy benefit managers, and disease management organizations.


Elaine Zacharakis Loumbas has focused her practice on corporate and regulatory health law, privacy, and information technology matters for over 20 years. Her prior work experience includes working for a top 5 national health care practice at a big law firm and for a Fortune 500 pharmaceutical company. Over the course of her legal career, Elaine has counseled the full spectrum of health care industry players including pharmacy, pharmaceutical, medical device, and biotech companies on a number of regulatory issues and has performed numerous health care transactions.

Elaine manages her own law practice at which she has counseled the full spectrum of health care entities from startups to Fortune 10 companies on a variety of corporate, health care regulatory, privacy and technology matters as described below.

Privacy Compliance:

  • Represented Fortune 500 Pharmaceutical/Medical Device Companies with their privacy compliance programs, drafted HIPAA policies and procedures, security policies and procedures, worked with the security and privacy teams to address various compliance issues
  • Represented a variety of health care providers on a variety of privacy related matters
  • Represented a Fortune 500 health care company on privacy compliance matters
  • Served as privacy counsel to establish policies and procedures, data use agreements and HIPAA business associate agreement templates for a computer analytics information technology and quality assurance programs.
  • Drafted policy documents for a business associate to numerous national health plans
  • Advised on data breach issues
  • Conducted numerous privacy and security training sessions to boards and various types of employees for a variety of different types of health care entities
  • Advised regarding cybersecurity risks and issues related to compliance programs
  • Developed a HIPAA compliance program for an IT vendor
  • Drafted privacy policies for a medical device manufacturer to comply with GDPR and the new California consumer privacy legislation
  • Advised another medical device manufacturer on HIPAA compliance issues

Technology Matters:

  • Negotiated health portal and health care exchange agreements, and information technology agreements
  • Worked closely with IT department personnel and security officers on a variety of technology contracting matters
  • Represented a telemedicine company on a variety of issues
  • Worked on digital/internet matters and information technology matters
  • Negotiated numerous health information technology agreements for hospital clients
  • Negotiated a vendor telemedicine platform and affiliation agreements for national hospital chain
  • Negotiated enterprise-wide health information technology agreements for a national hospital chain

Health Care Regulatory Matters:

  • Advised on Stark, Fraud & Abuse and the full array of health care regulatory issues
  • Supported a number of small law firms on health care regulatory matters that needed such expertise

Corporate Matters:

  • Incorporated start-up businesses
  • Drafted bylaws, operating agreements and other organizational documents for clients

Managed Care Contracting Negotiations:

  • Negotiated payor contracts with over 140 different health plans nation-wide
  • Negotiated Medicare & Medicaid agreements administered through health plans
  • Worked on downstream contracting and other regulatory issues associated
    with such arrangements

Health Care Contracting Negotiations:

Negotiated a variety of contracts for health industry clients including health portal agreements, biometric screening agreements, PBM contracts, Part D prescription drug agreements and preceptor agreements

Representative Projects:

  • Represented a Fortune 10 Company (health care company) since 2006, including representation of its pharmacy benefit management business and its
    retail health clinics.
  • Served as privacy counsel for computer analytics information technology and quality assurance programs
  • Served as privacy counsel in a shareholder derivative law suit against a tech giant.
  • Incorporated start-up businesses and conducted other legal and contracting work for a CT imaging business and a behavioral health care management company
  • Represented a business associate that developed a number of technology and administrative products for health plans on various compliance issues
  • Negotiated a “white label” PBM Agreement for an on-line pharmacy start-up company
  • Advised a startup medical product business on regulatory issues

As in-house counsel for Baxter Health care Corporation, Elaine established the initial enterprise-wide HIPAA compliance program as part of the global privacy team and she developed the enterprise-wide fraud and abuse policies utilizing guidance from the PhRMA code and the Advamed Codes. For this work, Elaine received an extra achievement award from the company. She also negotiated numerous business contracts and licensing agreements while at Baxter and counseled the business
teams on a variety of regulatory issues.

In addition, Elaine has a technology background with an engineering degree and work experience as a management information systems consultant. This background enables her to consult with her clients and interact with their privacy, cybersecurity and information technology teams in a valuable way. Since 1999 (when the HIPAA regulations were first introduced), Elaine has counseled clients extensively on privacy compliance matters. She also has worked on a panoply of health information technology agreements, data sharing agreements and digital health business models. Elaine’s experience also extends to medical devices, pharma and the biotech industries where she advises on regulatory and intellectual property licensing matters and has
negotiated a variety of contracts.


Elaine Zacharakis Loumbas has extensive teaching experience having served as an adjunct professor for over a decade for a number of universities including: Loyola Law School for the Beazley Institute for Health Law & Policy, the John Marshall for the Center for Information Technology and Privacy Law, the University of Illinois – Chicago (UIC) for the School of Public Health and at Yeshiva University’s Biotechnology, Management and Entrepreneurship Program.

Elaine is currently a professor at the Biotechnology Management and Entrepreneurship Program at Yeshiva University. Please see the attached link to learn more information about this program and its faculty: https://www.yu.edu/katz/programs/graduate/biotechnology/faculty.

From 2004 to 2016, Elaine served as an adjunct professor at two Chicago law schools: the Beazley Institute for Health Law at Loyola Law School and the Center for Information Technology and Privacy Law at John Marshall Law School.

At Loyola, Elaine has taught a number of courses in the health care law area including "Corporate Transactions in Health Law;" "HIPAA & Health Care Privacy;" "Regulation of Pharmaceuticals and Medical Devices"; and "Life Sciences, Research, and the FDA."

At the John Marshall Law School, Elaine has taught a number of courses in the technology and privacy law areas including "Computers and the Law," "Health Privacy," "HIPAA & Privacy, and Privacy Rights" and "Cyberlaw."

In 2010, Elaine received an award from the School recognizing her for innovation and excellence in teaching. In the fall semester of 2008, 2009 and 2010, Elaine also taught an online seminar for the University of Illinois at Chicago School of Public Health entitled "Legal and Ethical Issues in Health Informatics."


Elaine received her law degree from Notre Dame Law School and her undergraduate degree in Industrial Engineering from Columbia University’s School of Engineering & Applied Science. She is admitted to practice law in Illinois and New York.


  • COVID-19 Regulatory Modification: Potential Gamechanger for the Healthcare Industry, HIMSS webinar, May 15, 2020.
  • Health Privacy Fundamentals, PLI Privacy Fundamentals Program,
    December 16, 2019.
  • HHS Proposed Regulations –Are We Ready to Move the Health Care Ecosystem in the Direction of Interoperability? AHLA Connections, August 2019.
  • Health Privacy Fundamentals, PLI Privacy Fundamentals Program,
    December 21, 2018.
  • New York State Bar Association (NYSBA) Health Law Section Fall Meeting – Transformation of the Health Care Delivery Model: Practical Legal Guidance
    October 26, 2018.
  • Healthcare on the Blockchain, Moderator and Organizer, NYSBE, July 12, 2018.
  • Quoted in Inside Cybersecurity, Guidance Anxiously Awaited as EU’s tough new data rule comes into effect, May 21, 2018.
  • What Healthcare Organizations Need to Know about the European Union’s General Data Protection Regulation (GDPR), HIMSS webinar, March 22, 2018.
  • Cutting Edge Health Technology Compliance Issues: the Double-edged Sword, HIMSS18, March 5, 2018.
  • Artificial Intelligence in Healthcare, ABA Emerging Issues Conference,
    February 23, 2018.
  • Anatomy of a Business Associate Agreement, ABA Webinar, January 19, 2018.
  • Digital Internet Privacy, Privacy Fundamentals Program, PLI December 20, 2017.
  • 21st Century Cures Act – Summary of this New Bipartisan Legislation, The Health Lawyer, June 2017.
  • Mobile Devices, Cloud Computing---the new frontier in health information technology, ABA Emerging Issues Conference, March 2017.
  • HIPAA Fundamentals – Perspectives from Different Industry Perspectives, ABA Webinar, October 13, 2016.
  • Big Data: Big Benefits, Big Burdens, ABA Webinar, March 16, 2016.
  • ABA HIPAA and HITECH Act Fundamentals, June 18, 2015.
  • ABA HIPAA and HITECH Fundamentals, June 14, 2014.
  • National Health Privacy: Foundational, Legal & Ethical Considerations, Lawline
    - March 30, 2014.
  • ABA HIPAA and HITECH Fundamentals Webinar, June 13, 2013.
  • Moderated "League of Women Voters" Health Educational Session entitled Getting Ready for the Affordable Care Act: Health Care in 2014, March 2, 2013.
  • Quoted in Crain’s Chicago Business article by Kristen Schorsch entitled “Painkiller Gives Hospira a Nagging Headache,” January 28, 2013.
  • ABA HIPAA and HITECH Act Fundamentals: What You Need to Know Now About the Privacy and Security Rules, HIPAA and HITECH Fundamentals Webinar, June 7th, 2012.
  • HIPAA and HITECH: Which Direction Should We Go?, IAHA 29th Annual Health Law Symposium, October 25, 2011.
  • Moderated the Data Breach Panel for a Healthcare Financial Management Association (HFMA) program entitled “Dancing with the Feds,” First Illinois HFMA Compliance Program, February 10, 2011.
  • Privacy and Data Security Relating to Medical Records, American Bar Association Antitrust Section’s Health Care and Pharmaceuticals Committee and Loyola University School of Law Brown Bag Session, January 2010.
  • Quoted in Chicago Lawyer article by Sherry Karabin entitled “Health Care Law: A Practice That Has a Far Reach,” January 2010.
  • Ethical Issues in the Medical Device, Life Science & Pharmaceutical Industries, Chicago Bar Association, 2009.
  • Disease Management Contracting, AHLA Managed Care Seminar April 7, 2002.
  • Health Care Corporate Compliance Programs, Loriman Education Services - September 7, 2000.
  • Computer Security Statutes and Regulations, ABA/Second Annual Physician Law Conference, June 9-10, 2000.
  • Privacy and Security Regulations under HIPAA, AHLA Health Info Technology Conference - May 5, 2000.
  • CCH Cyber Strategies Journal - “Health Care Privacy” - Spring 2000.
  • Symposium on Healthcare Internet and E-Commerce - HIPAA and Beyond: The Regulation of Privacy and Confidentiality in Cyberspace - March 26, 2000.
  • AHLA Teleconference - “Recent Developments in Health Information Privacy: The Proposed HIPAA Regulations” - December 14, 1999.
  • QuadraMed and American Hospital Association - “Legal Issues Involved with Electronic Patient Data” - November 10, 1999.
  • GCC HIMSS and the Illinois Health Information Management Association - “Legal Issues Involved with Electronic Patient Data” - October 22, 1999.
  • Chicago Bar Association Computer Law Committee - “Administrative Simplification for Electronic Transactions and Health Information Privacy under HIPAA”
    - September 21, 1999.
  • Blue Cross/Blue Shield Plans - “Administrative Simplification for Electronic Transactions and Health Information.