Rachel V. Rose | Rachel V. Rose – Attorney at Law, PLLC

Rachel V. Rose, JD, MBA is a Principal with Rachel V. Rose – Attorney
at Law, P.L.L.C. (Houston, TX)

Ms. Rose has a unique background, having worked in many different facets of healthcare, securities, cybersecurity, as well as international law and business throughout her career. For nearly a decade, her practice has focused transactional, compliance, and litigation matters related to cybersecurity, health care, securities, and Dodd-Frank/False Claims Act whistleblower claims. Ms. Rose worked on Capitol Hill when HIPAA passed in 1996 and worked at HHS in 2009 when the HITECH Act was being implemented.

In addition to being extensively published and a sought-after presenter and quoted expert, Ms. Rose holds an MBA with minors in healthcare and entrepreneurship from Vanderbilt University, and a law degree from Stetson University College of Law, where she graduated with various honors, including the National Scribes Award and The William F. Blews Pro Bono Service Award.

Ms. Rose is licensed in Texas and is a Fellow of the Federal Bar Association. Currently, she is the Chair of the Federal Bar Association’s Government Relations Committee, a board member of the Federal Bar Association’s Qui Tam Section, the co-editor of the American Health Lawyers Association’s Enterprise Risk Management Handbook for Healthcare Entities (2nd Edition), as well as a co-author of the ABA’s books The ABCs of ACOs and What Are International HIPAA Considerations?

She has been named consecutively to the Texas Bar College, the National Women Trial Lawyers Association’s Top 25, Houstonia Magazine’s Top Lawyers (healthcare), the National Trial Lawyers Association’s Top 100, as well as 1st Healthcare Compliance’s 2019 Top Presenter. Ms. Rose is also an Affiliated Member with the Baylor College of Medicine’s Center for Medical Ethics and Health Policy, where she teaches bioethics.

Federal Court Admissions: Supreme Court of the United States, CO, DC, SDTX, NDTX, EDTX and WDTX.

Ryan Buckner | Schellman’s Learning, Education & Academic Development

Having directly performed and completed over 1,000 cybersecurity audits, Ryan is one of the most experienced IT and operational auditors in the world.

Ryan’s career focus has been on the performance improvement of IT audit professionals through educational and experimental audit programs and methodologies. With a heavy focus on the AICPA attest code, and various control and risk management frameworks, Ryan has served hundreds of project teams and organizations in the achievement of their IT audit certifications and compliance objectives.

Ryan is a Principal and the Chief Knowledge Officer at Schellman Compliance. Ryan currently serves on Schellman’s attestation leadership team to lead the firm-wide training services. Prior to this role, Ryan led the firm-wide research and development for attestation methodology for more than 15 years. Ryan maintains the following professional certifications, licenses, and designations, among others:

• Certified Public Accountant (over 20 years) licensed by nine (9) U.S. state boards of Accountancy
• Certified Information Systems Security Professional (CISSP over 20 years)
• Certified Information Systems Auditor (CISA)
• ISO 27001 Lead Auditor
• Certified Information Privacy Professional (CIPP)
• Certified Knowledge Manager (CKM)

Ryan is also an AICPA-approved and nationally listed Peer Review Specialist for SOC examinations.

For 20+ years Ryan has evaluated the design, implementation, and operational effectiveness of risk mitigation strategies through both IT and operational / process controls. This included the identification of compliance, regulatory, and financial business objectives, and the assessment of risk management practices designed to address the risks to those objectives. Ryan has performed and managed all phases of the IT and cybersecurity audit process from risk assessment and management through the development and execution of audit programs for various industries. Ryan continues to be a frequent speaker and contributor to cybersecurity conferences and training forums.

I. Understanding different types of standards and audits, as well as the three-step approach | 12:00pm – 12:15pm

II. How legal requirements intersect with audit requirements and content | 12:15pm – 12:30pm

III. What makes an audit effective, comprehensive, and legitimate? | 12:30pm – 12:45pm

IV. The role of third parties auditors and mitigating risk and how they may be named as a defendant | 12:45pm – 12:55pm

V. Conclusion | 12:55pm – 1:00pm