Rosario Cartagena – Institute for Clinical Evaluative Services

It’s a time of transformation and strategic planning for ICES as it celebrates its 30th anniversary, says Rosario Cartagena, the Toronto organization’s chief privacy and legal officer and corporate secretary.

ICES is Ontario’s largest health services research, analytics and data institute. It has 572 scientists and staff across seven sites working on more than 1,250 ongoing projects.

In less than five years on the job, Cartagena has bolstered and solidified the organization’s corporate foundation by maturing its legal and risk operations, privacy infrastructure and cybersecurity program. At ICES, maintaining the confidence and trust of Ontarians is paramount to its far-reaching impact and success.

Rosario Cartagena | Chief Privacy & Legal Officer | Institute for Clinical Evaluative Services

“I think I’ve done well to leverage my background in public health, years of legal experience and knowledge of privacy and cybersecurity to move ICES’s vision forward,” she says. “And in the future, much of that movement will focus on service delivery for our clients and organizational excellence.”

In addition to scaling the programs under her portfolio, Cartagena says she has created more mature processes, built more robust templates that can be used by people in different departments, and is conceptualizing a more comprehensive risk, compliance and governance tool for implementation later this year.

Of course, she has not acted alone.

“My team is excellent, and I couldn’t have done any of this without their hard work,” she says. “I also am very thankful for the support of my CEO. You need leadership for transformation, but it is only possible if you have a strong team and a supportive boss who helps to guide and acts as a coach.”

Creating an infrastructure

When Cartagena joined the organization as its chief privacy officer in 2018, she recognized that she needed to implement a stronger foundation to ensure that privacy, legal, risk, compliance and cybersecurity were interconnected. She says all these program areas help form the basis for ICES being a trusted data steward.

She says she reviewed internal processes for managing contracts and which internal stakeholders needed legal collaboration and then decided what procedures needed to be built. Cartagena and the legal services department rely on contract management software, and policies were created to provide the department with the support it needs to help the business.

“I was excited, not daunted, at the prospect of joining a company where I needed to create more sophisticated programs while also looking for ways to render processes more efficient and maintaining compliance,” she says. “I’ve always been eager to build and create opportunities.”

One of the things Cartagena built was an enterprise risk management program. She also implemented a privacy and auditing program and quickly learned about cybersecurity and its importance to the organization.

“There has been a lot of building, mapping out workflows and figuring out what parts of our work can benefit from the tools at our disposal,” she adds. “Understanding the software and how it operates—and operates effectively—is crucial.”

Learning and implementing

Cartagena says she has spent much time understanding the language of cybersecurity and the threats surrounding data privacy and protection.

ICES has a vulnerability management program and a director of cybersecurity, a position Cartagena pushed for. The company also has a cybersecurity framework and standards in place to protect the data it collects.

“To provide good cybersecurity advice, one must understand the cybersecurity risks,” she says.

She is also working with stakeholders to push for changes in legislation to give ICES more authority. Right now, the organization can only collect personal health information; Cartagena says being able to manage other data, like education, mental health or economic data, would be a game-changer.

“We’re putting together briefing notes and documents with background information and working closely with different levels of government to determine how to leverage the institute best,” she says.

Law in the family

Cartagena was born in California to El Salvadoran parents. Her father, a doctor, came to California in the 1970s, eventually moving his family to Winnipeg, Manitoba, Canada. She says she always knew she wanted a position in leadership, whether as a doctor or lawyer or some other profession.

She earned a biology degree from Brandon University and a master’s in public health from the University of Alberta. During her master’s degree program, Cartagena lived in Mongolia, collecting health data. Later, she completed a post-graduate work internship at the Harvard School of Public Health before moving from Boston to Canada.

“I like advocacy and problem-solving, and always knew I would be in a position related to health,” Cartagena says.

After earning a Juris Doctor from the University of Ottawa and a Master of Laws from Osgoode Hall Law School at York University, she worked in both private practice and for a government agency. She had an opportunity to dive into health law matters while she was an associate for Fasken LLP—it was an opportunity to understand the health system and its various stakeholders. She joined ICES in 2018.

“My husband and I met during law school, and life circumstances brought me in-house,” Cartagena says. “I do enjoy working in private practice, but also, this organization is important for Ontario. I’m proud to work for ICES.”

View this feature in the Vanguard Spring III 2023 Edition here.