Andy Palmer RPh, CIPP – US, CCEP

Principal & Vice President

Andy is an experienced pharmacy executive with a multifaceted background in privacy, compliance, audit and loss prevention. He is a registered pharmacist in Pennsylvania, Ohio and Kentucky with over 30 years of experience across pharmacy operations and regulatory affairs. He is the former Chief Privacy officer at Rite Aid Corporate where he also led the Compliance and Internal Audit functions. Andy has a proven ability to lead cross-functional teams to respond to a variety of legal matters in the healthcare industry.

Professional Experience

North American Forensic Accounting

Principal & Vice President – May 2025 – Present

  • Serves as the Firm’s primary subject matter expert on pharmacy and the broader healthcare industry
  • Advises clients on compliance matters including HIPAA, AML, & Pharmacy regulatory compliance matters
  • Develop strategic solutions to optimize Firm performance

Rite Aid Corporation

Chief Privacy Officer – October 2021 – November 2024

  • Directed the enterprise-wide privacy program across all business units, including the pharmacy benefit manager subsidiary
  • Responsible for and coordinated regulatory adherence with internal and external legal partners and consultants
  • Mitigated risk by applying industry knowledge and implementing internal practices to facilitate compliance with laws and regulations
  • Responded to litigation in coordination with internal and external legal counsel and advisors spanning various industry-related matters as part of this role and that of previous positions within the company
  • Responsible for the coordination of internal and external resources for the response to data breaches fulfilling regulatory obligations

Group Vice President, Compliance, Privacy & Internal Assurance Services

Chief Compliance Officer & Chief Privacy Officer – February 2018 – October 2021

  • Oversaw numerous aspects of regulatory compliance including privacy (HIPAA)
  • Implemented programs and tools to comply with data subject rights regulations including the California Consumer Privacy Act (CCPA) and others
  • Worked with internal and external legal counsel to respond to and implement controls related to an FTC consent order
  • Coordinated response with internal and external counsel related to opioid MDL
  • Chaired the Corporate Compliance Committee, including reporting to the Audit Committee of the Board of Directors
  • Led compliance team responsible for retail level compliance auditing and compliance optimization

Vice President, Compliance Monitoring & Privacy Officer

  • Developed programs and controls in conjunction with business partners to establish procedures related to pseudoephedrine sales
  • Worked with internal and external legal counsel to respond to and implement controls related to an OCR consent order
  • Responsible for the oversight of all privacy matters and investigations & follow up with the Office for Civil Rights (OCR)
  • Served as the USA Patriot Act Officer which included working with Money Services Business partners to facilitate compliance with anti-money laundering rules and regulations

Held additional roles in the Accounting (Third Party) and Loss Prevention departments. Responsibilities included but not limited to:

  • Set up processes to facilitate the adjudication and payment between third party payers and Rite Aid
  • Established a Pharmacy Specific Loss Prevention Program to mitigate both internal and external losses

CORE COMPETENCIES

  • Regulatory Compliance
  • Legal & Litigation Support
  • Privacy / HIPAA
  • Pharmacy Revenue
  • Internal Controls and Loss Prevention
  • Investigation

EDUCATION

University of Cincinnati

Bachelor of Science in Pharmacy, 1989

CERTIFICATIONS & LICENSURE

Licensed Pharmacist (PA, OH, KY)

Certified Information Privacy Professional (CIPP-US)

Certified Compliance & Ethics Professional (CCEP)

PROFESSIONAL AFFILIATIONS

Member, American Society for Pharmacy Law (ASPL)

Member, Society of Corporate Compliance and Ethics (SCCE)

Member, International Association of Privacy Professionals (IAPP)

Member, Association of Certified Fraud Examiners (ACFE)

Member, Health Care Compliance Association (HCCA)