CareNHS — Campaign for Responsible Leadership in NHS Wales

Submit What You Know

If you have evidence of failures, waste, misconduct, or mismanagement at DHCW — we want to hear from you.

Do you know something the public should see?

We are collecting evidence of failures, waste, misconduct, and mismanagement at DHCW and across NHS Wales digital services. If you have witnessed something that concerns you — whether as an employee, a contractor, a clinician, a Health Board professional, or a member of the public who has been affected — we want to hear from you.

What we are looking for

  • Failed programmes or projects — systems that were late, over budget, never delivered, or unfit for purpose. If you were involved in or affected by a programme that wasted public money, tell us what happened.

  • Patient safety concerns — incidents where digital system failures delayed treatment, lost records, or put patients at risk. If you filed an incident report that went nowhere, or saw a problem that was never addressed, we need to know.

  • Suppression of concerns — instances where staff who raised legitimate issues about quality, safety, or spending were ignored, disciplined, moved, or pushed out. If you were warned to stay quiet, or saw someone else punished for speaking up, your account matters.

  • Questionable procurement or contracts — cases where expert advice was overridden, where contracts were awarded without proper process, or where consultancies were hired to duplicate work that internal staff could have done better.

  • Leadership conduct — examples of nepotism, empire-building, self-interested decision-making, or failure to act on known problems.

  • Anything else — if something at DHCW or in NHS Wales digital services troubled you and you didn't know who to tell, tell us.

Your identity is protected

We will never reveal who you are without your explicit written consent. You can submit anonymously if you prefer. We understand the risks of speaking up — two senior employees have already allegedly lost their jobs for doing so. We take your safety seriously.

How to contact us safely

If you work at DHCW, an NHS Health Board, or anywhere connected to NHS Wales, you should assume that your employer can see what you do on work devices and work networks. DHCW manages the NHS Wales network and has already demonstrated a willingness to block content it finds inconvenient. Take your safety seriously. We do.

The disclosure ladder — safest first

1. Safest — encrypted email from a personal device Create a free ProtonMail or Tuta account using a name that is not yours. Email us from that account, from a personal device (your own phone, laptop, or tablet), on your home WiFi or mobile data — not on any NHS network. This gives you end-to-end encryption, no link to your real identity, and no trace on any NHS system.

2. Good — personal email from a personal device at home Use your personal Gmail, Outlook, or other email from your own device on your home network. This is encrypted in transit (HTTPS/TLS) but your email provider holds the content. Still far safer than anything on an NHS device.

3. Acceptable — the contact form on this page The form below transmits over HTTPS (encrypted in transit). It does not require your name or email. However, if you submit from an NHS device or network, the fact that you visited carenhs.org may be visible to DHCW's network administrators — and the site is already blocked on NHS networks.

4. Avoid — NHS email, NHS devices, NHS WiFi Do not email us from an NHS email address. Do not access this site from an NHS device. Do not use NHS WiFi. DHCW manages the network infrastructure and email systems. Even if the content of your message is encrypted, the metadata — that you contacted carenhs.org, when, and from which device — could be visible. Given that at least two senior employees have allegedly been dismissed for raising concerns, this is not a theoretical risk.

Practical advice for DHCW and NHS staff

  • Do not discuss your intention to contact us with colleagues first. If the organisation has a culture of surveillance — and the evidence suggests it does — a conversation overheard or relayed could identify you before you have even made contact.
  • Do not forward NHS emails to your personal account. Forwarding creates a log on the NHS email server showing you sent internal material to an external address, the time, and the recipient.
  • Do not access carenhs.org from work. It is blocked on NHS Wales networks. Any attempt to access it may be logged.
  • If you have documents, consider printing them at home rather than emailing attachments — documents can contain metadata (author name, revision history, device ID) that could identify you. If you send digital files, strip metadata first (on Windows: right-click → Properties → Details → Remove Properties; on Mac: use Preview → Export).
  • Consider creating a dedicated email account that you use only for this purpose, with no connection to your real name or personal accounts.

Email: carenhs@carenhs.org

We will acknowledge receipt within 48 hours. If you used an anonymous account and do not hear back, check your spam/junk folder.

What happens to your submission

Every submission is reviewed carefully. Where we can verify the information from independent sources, we may publish it (with all identifying details of the submitter removed). Where we cannot verify it independently, we hold it as intelligence that informs our FOI requests, our questions to authorities, and our understanding of the full picture.

Nothing is wasted. Everything helps.

Submit online

You can also use this form to send us information directly. All fields are optional — share only what you are comfortable with.