Healthcare executive and governance leader. 15+ years building compliance programs that protect organizations, inform governance, and enable growth — from the C-suite and the boardroom.
Andrew B. Heineman is a healthcare compliance, risk, and governance executive with more than 15 years of experience advising Boards of Directors, audit and compliance committees, and executive leadership teams across complex, highly regulated healthcare organizations. His experience spans payer, provider, value-based care, and healthcare services companies, with deep expertise in enterprise risk management, regulatory oversight, privacy, and ethical culture.
He builds and leads compliance programs that protect patients, providers, and the organization, navigate regulations effectively, and give the board confidence that risk is being managed — not just reported. That dual orientation, facing both the executive team and the governance layer, is precisely what he brings to a board seat.
His career spans enterprise risk management at Cincinnati Children's Hospital Medical Center, Chief Compliance and Privacy Officer at Peak Health, eight years across progressive compliance, risk management, data governance, and litigation roles at Humana, and foundational legal experience at regional law firms and a local county prosecutor's office. He holds the Certified in Healthcare Compliance (CHC) credential and currently serves as Chair of the Trinity High School Alumni Board of Directors. He is a paid member of HCCA, with professional affiliations including ASHRM, IAPP, and SCCE.
Andrew brings a pragmatic, business-aligned approach to compliance and governance that protects enterprise value while enabling innovation and long-term growth — and a governance orientation that extends naturally to board service in PE-backed healthcare, value-based care, and health technology.
The same knowledge that makes an effective CCO makes a distinctive board director: deep regulatory fluency, governance structure experience, and the practitioner judgment to know when a risk is theoretical and when it is real. The OIG's 2023 General Compliance Program Guidance (GCPG) makes this expectation explicit — directing healthcare boards to evaluate the compliance resources and expertise they need to fulfill their oversight obligations, and recommending that large entities establish a dedicated Board Compliance Committee separate from audit and finance. Beyond the guidance, the strategic advantage of a compliance expert in this regulatory environment is clear. Andrew fills that gap.
Regulators across industries have arrived at the same conclusion: boards need directors who can evaluate compliance programs and advise on strategic oversight, not just receive reports about them. The landmark Delaware decision In re Caremark International Inc. Derivative Litigation (698 A.2d 959, Del. Ch. 1996) established that boards bear a fiduciary duty of oversight, with the court holding that failure to implement reasonable compliance information and reporting systems can constitute bad faith and a breach of the duty of loyalty. Delaware courts have since extended that duty to executive officers as well. The governance skills involved — risk program evaluation, regulatory interpretation, audit committee engagement, and the ability to distinguish genuine compliance from performed compliance — are not sector-specific. They transfer. What Andrew brings is both the healthcare-specific regulatory depth and the governance orientation that makes compliance expertise durable across industries and board contexts.
Designing and running enterprise compliance programs across health plans, academic medical centers, and PE-backed growth companies. As a board director, this translates directly: the ability to assess whether a company's program is genuinely effective or merely performing compliance.
Deep fluency across CMS, OIG, and state regulatory landscapes, including Medicare Advantage FDR requirements and ACO program rules. In the boardroom, this means converting regulatory complexity into risk posture a board can actually act on — not just receive as a report.
Operational experience with HIPAA program design, data governance frameworks, and AI deployment in clinical and administrative settings. Boards increasingly face AI-related oversight obligations with no practitioner on the governance team to evaluate them honestly.
Building compliance infrastructure under private equity ownership — acquisition integration, new service line expansion, and investor timeline pressures — without sacrificing regulatory integrity. As a board director, this is an uncommon combination of operational credibility and governance judgment.
Compliance expertise at the board level is not a defensive posture — it is a financial asset. Proactive compliance programs protect enterprise value, accelerate M&A due diligence, improve deal terms, and unlock market access that non-compliant organizations cannot reach. A 2019 Diligent Institute study of S&P 500 companies found that companies experiencing corporate crises fueled by governance deficits underperformed their sectors by 35% on average in the year following the incident, and that top-quintile governance performers outperformed bottom-quintile peers by 15% over a two-year period. A board director who can evaluate compliance program maturity — not just receive reports about it — is a direct input to long-term financial performance and exit readiness.
A track record built across three distinct healthcare verticals. Each role deepened the operating expertise that now informs the governance perspective he brings to board service.
Leading compliance and ethics across a PE-backed ACO and value-based care enablement company — partnering with the Board, Compliance Committee, and executive leadership on program maturation, risk governance, and strategic alignment.
Built and led the compliance and privacy program for a provider-owned health plan — including CMS and state DOI regulatory relationships, Board and Audit Committee engagement, and enterprise HIPAA programming.
Led enterprise risk management at a top-ranked academic pediatric medical center — collaborating with executive leadership and the Board on risk governance, Joint Commission alignment, and institutional insurance oversight.
Eight years across four progressive roles spanning compliance risk management, FWA investigations, enterprise data governance, and healthcare litigation — supporting Medicare Advantage and Medicaid across Humana's Retail Segment.
Foundational experience across healthcare litigation defense, regulatory investigations, and privacy law — the practitioner grounding that informs a compliance leader's understanding of enforcement exposure and legal risk.
Six years of volunteer board service, including as Chair of the Alumni Board of Directors (2024–2026) — providing governance oversight, strategic input, and institutional leadership.
A practitioner's case for repositioning the Chief Compliance Officer as a governance-level function with direct board accountability — and what that means for nominating committees evaluating compliance talent.
Panelist at the Virtual 43rd National HIPAA Summit alongside Tabitha Gaffney, Julie Seitz, and moderator Milada Goturi — examining the practical compliance intersections between HIPAA and 42 CFR Part 2 substance use disorder privacy protections.
Panelist on Ethico's Ethicsverse series — a practitioner-grounded discussion on how compliance and ethics leaders should think about AI agent risk, governance frameworks, and the difference between productive caution and counterproductive fear.
Panelist with Samantha Kelen and Ross Ronan at the Opal Group's Transforming Healthcare with Emerging Technologies conference — examining how compliance functions as a design principle in healthcare innovation rather than a downstream control.
Presented with Shawn Marchese at SCCE's Compliance in Smaller Organizations virtual conference — practical frameworks for solo compliance practitioners navigating resource constraints without sacrificing program integrity.
Regular practitioner-grounded commentary on healthcare regulatory developments, AI governance in clinical settings, board oversight of compliance programs, and the evolving CCO function.
Most boards seeking compliance expertise get a retired regulator or an outside counsel. What they rarely get is a current practitioner — someone actively managing the same risks they're being asked to oversee, in a comparable organization, right now.
The OIG's 2023 General Compliance Program Guidance directed healthcare boards — including those at PE-backed companies and health plans — to evaluate whether they have the compliance expertise needed for effective oversight, and recommended creating a dedicated Board Compliance Committee separate from audit. Andrew's board bio details the operating track record, regulatory depth, and governance orientation that answer that directive directly.
Download Board BioWhether you're a PE-backed healthcare company evaluating board composition, a search firm identifying compliance-credentialed director candidates, or a peer working through the governance dimensions of healthcare compliance — Andrew welcomes the conversation.
The views and opinions expressed on this site are solely those of Andrew B. Heineman in his personal capacity and do not represent or reflect the views, positions, or opinions of his employer or any organization with which he is affiliated. The content on this site is intended for informational purposes only and does not constitute legal advice. For legal guidance, please consult a licensed attorney.