The Scale of Failure

In March 2025, the Welsh Government escalated DHCW to Level 3 — Enhanced Monitoring — for "serious concerns about the organisation's ability to effectively deliver a number of major programmes." Nine programme areas were placed under formal scrutiny. But the failures extend far beyond those nine programmes. Beneath them sits a layer of legacy infrastructure that is actively dangerous, a pattern of system outages that disrupts clinical care, and a cyber security posture that no one can verify.

This page documents the full scale.

Part One: The Nine Level 3 Programmes

1. Enterprise Architecture / National Target Architecture (NTA)

DHCW appointed Channel 3 Consulting — a private-equity-backed consultancy (£10m MBO funded by WestBridge Capital, Cardiff registered) — and Aire Logic (Leeds-based, employee-owned) to develop the National Target Architecture.

After nine months of Phase 1, only two reports had been delivered: a Current State report and an Initial Target State report. Phase 2, with Channel 3 alone, runs to March 2026. No contract value has been publicly disclosed. No competitive tender notice appears on Find a Tender or Contracts Finder. The procurement route has not been published.

This programme is producing strategy documents, not deploying systems. That it required Level 3 escalation to initiate is itself an indictment of DHCW's strategic capability.

2. NHS Wales App / DSPP

The NHS Wales App was conceived in 2021-2022 as a national patient-facing platform — the "digital front door" for every patient in Wales. As of early 2025, it was still in beta with approximately 1,000 users at ten GP practices — a negligible footprint.

By late 2025, DHCW claimed 345,000 registered users. No total programme budget or spend has been disclosed. At the January 2026 accountability meeting, the Deputy Chief Executive of NHS Wales, Nick Wood, delivered a devastating verdict:

"You could argue that the NHS app, from a patient perspective, is probably the most important digital development that we're likely to see... But it's been mired in delay, non-delivery."

He noted that the app only showed waiting time data for patients referred from December onwards — excluding the 653,000 people already on the waiting list. "People are clearly not adopting it, because it's not there for what they want it to be there for."

Sam Hall, Director for Primary Community Mental Health Digital Services, was unable to provide a timeline for when the app would reach critical mass. The Cabinet Secretary responded: "I'm not getting a great deal of confidence that we know what the critical path is for the app."

The CEO herself admitted: "I think that's a bit of a gap at the moment."

Evidence submitted to CareNHS sheds light on how the programme reached this point. A source with direct knowledge of DHCW operations stated that the DSPP programme was originally "being run outside of DHCW: they only hosted the teams, they did not manage them," with most development work delivered by Kainos, an external supplier. He stated that DHCW's CEO and COO "persuaded WG to let them take them over" and that "delivery against agreed timelines has stalled... since." A separate anonymous submission alleged that the Kainos work was "fully discarded and restarted by permanent staff" — an allegation that has not been independently verified. The programmes were described as progressing well under external management. Following the governance transfer, the publicly documented outcomes — "mired in delay, non-delivery" in Nick Wood's words — speak for themselves.

3. Connecting Care (replacing WCCIS) — £42M+

The single most financially damaging programme. The Welsh Community Care Information System (WCCIS), launched in 2015 as a 12-year programme, had consumed over £30 million by March 2022 with a further £12 million planned. By that point, only 15 organisations were live (13 local authorities, 2 health boards), with 6 yet to commit.

Audit Wales concluded the ambition was "still a long way from being realised." At least two local authorities were actively seeking to exit their contracts. Organisations were paying service charges for functionality they did not use.

An independent strategic review in early 2022 triggered a full programme reset and rebrand to "Connecting Care" in 2024. The business case for the replacement scope remains pending under Level 3 scrutiny.

Over £42 million committed with no prospect of full national adoption. The senior responsible officer was simultaneously serving as interim Chief Executive of another health board — a governance arrangement that divided accountability.

4. Data Architecture / National Data Resource (NDR)

An internal audit for 2024/25 identified active restrictions on the ingestion and use of some NHS Wales data due to perceived conflicts with Welsh Government policy — meaning the data resource cannot actually access the data it was designed to hold.

Funding challenges emerged in late 2024-25, prompting plan reviews across all delivery partners. The Programme Chair position was flagged as needing reassignment. Target date remains 2030 — effectively a decade-long delivery timeline from inception. No published budget or total expenditure figure has been found in public documents.

Chief Data Officer Rebecca Cook — who has spent approximately 19 years entirely within NWIS and DHCW — leads this programme. It is one of the programmes under Level 3 scrutiny. No formal academic qualifications are publicly disclosed for the person leading a programme intended to transform how Wales manages health data.

5. Radiology (RISP) — £47-56M

Contract awarded November 2023 at £47.2 million (potentially £56 million with extensions) for a seven-year Master Services Agreement. The system is intended to integrate picture archiving, patient dose management, and radiology information across all Welsh health boards by 2026.

Multiple health boards signed Local Deployment Orders. However, "setbacks were encountered due to changes in the supplier's implementation plan" and negotiations are ongoing. The supplier is not named in accessible public sources.

A £47-56 million contract encountering implementation setbacks within two years of award — before systems are deployed — is a significant risk to public money.

6. Laboratory Information (LINC/LIMS) — 8 years, one lab partially live

LINC started in December 2017. The original target was full LIMS deployment by December 2024 — missed. The contract with the original replacement system supplier was terminated. The legacy system was extended through June 2030 — thirteen years beyond initial deployment.

A revised approach deploys by discipline rather than by health board. As of July 2025, only a reduced-scope go-live in a single laboratory (PenGU, microbiology) had been achieved.

DHCW is seeking £1.6 million in additional funding from Welsh Government. If not secured, individual health boards bear the cost — Hywel Dda, for example, faces approximately £176,000 in extra costs for 2025/26.

Eight years of programme activity. One laboratory partially live. The original supplier contract terminated. No published total expenditure.

7. Primary Care — The Double Migration

This programme embodies wasted investment through directional reversal.

In 2018, EMIS lost preferred vendor status after a procurement evaluation, forcing roughly half of Welsh GP practices to switch to VISION. The migration generated significant GP complaints and RCGP retention warnings.

The current programme reverses this entirely: all practices are migrating back to EMIS between 2024 and 2027, each requiring a 12-week planning programme. Welsh GPs were forced onto one system, then forced back to the other.

Then the situation worsened. In January 2025, CEO Helen Thomas revealed that In Practice Systems — one of Wales's two GP system suppliers — had entered administration, creating a single-supplier dependency risk not previously disclosed in public governance documents. Wales now depends entirely on one GP system vendor.

The total cost of both migrations combined has never been published. The waste is structural and considerable — not just the direct migration costs, but the disruption to clinical workflows, the retraining burden on GP practices, and the loss of confidence in DHCW's strategic direction.

The GP IT systems contract overall is valued at up to £80 million over 5 years (awarded 2022).

8. Digital Medicines / Electronic Prescription Service (EPS)

EPS went live across all seven health boards by October 2024. By May 2025, it was live in approximately 50% of community pharmacies but only 15-20% of GP practices. One million items dispensed by early 2025. Full rollout targeted November 2026.

Helen Thomas revealed in January 2025 that only 7% of GP practices were using e-prescriptions.

For context: England completed EPS implementation over a decade ago.

This is DHCW's strongest-performing escalated programme — and Wales remains a decade behind England on the same capability. When your best programme is a decade behind a direct comparator, the scale of failure across the portfolio comes into sharp focus.

The Digital Medicines Transformation Programme followed the same governance pattern as the NHS Wales App. A source with direct knowledge of DHCW operations stated that the programme was originally managed outside DHCW, with delivery led by commercial software suppliers and NHS England, and hospital-based medicines projects managed by the health boards themselves. They stated that following the transfer of management to DHCW, "delivery against agreed timelines has stalled." The programme was described as progressing under external management. Following the governance transfer, 7% GP adoption after a year of national availability is the publicly documented result.

No programme expenditure has ever been published.

9. Secondary Care / OpenEyes — £8.5M, seven years

The Welsh Clinical Portal (WCP) is an established system with incremental enhancements. However, the linked OpenEyes eye care digitisation programme demonstrates the pattern of failure at its purest.

• £8.5 million allocated from January 2020
• National rollout target of March 2021 — missed
• Revised deadline of March 2023 — also missed
• Full rollout now projected for early 2027 — seven years after funding commenced

CEO Helen Thomas was summoned to the Senedd Health Committee in May 2025 specifically on OpenEyes. DHCW executives conceded "there was a period where things didn't progress as they should." Thomas acknowledged that engagement with health boards "could have worked a lot better" — a significant understatement for a programme seven years behind its original timeline.

Part Two: The Infrastructure Beneath

The nine Level 3 programmes are the visible failures. Beneath them sits a layer of legacy infrastructure that is older, more fragile, and more dangerous — systems that DHCW inherited and has failed to replace or secure. These are the systems that clinicians depend on every day.

10. WPAS — The System Linked to Patient Death

The Welsh Patient Administration System (WPAS) is used in almost every hospital in Wales — all health boards except Cardiff and Vale, which runs its own Patient Management System (PMS) rather than submit to a platform that health boards across Wales have consistently criticised. WPAS processes 4.5 billion transactions from 52,653 users. It is the foundational system through which patient admissions, appointments, referrals, and clinical workflows are managed.

According to Employment Tribunal proceedings, a senior technical leader at a Health Board confirmed that WPAS was identified as a factor in the death of at least one patient. The same Health Board considered WPAS their "single biggest risk to patient safety."

The Senedd's Public Accounts Committee found in 2018 that NWIS (DHCW's predecessor) was operating "archaic and fragile IT systems." DHCW itself has acknowledged that the quality of its systems "directly affects administrative and clinical decision-making."

The system that processes the largest volume of patient data in Wales has been identified by those who use it most as a threat to the patients it was designed to serve.

11. WCCG — The Single Point of Failure for Every GP Referral

The Welsh Clinical Communications Gateway (WCCG) is the system that connects GP practices to hospitals. Every time a GP refers a patient to secondary care — for a specialist appointment, for diagnostic testing, for urgent assessment — that referral passes through WCCG.

According to Employment Tribunal proceedings, this system runs on technology that has been unsupported for eight years. It allegedly meets no criteria for resilience or cybersecurity. The technical team had been raising the alarm for years. Those warnings were allegedly ignored.

The consequences of failure are not hypothetical. If WCCG goes down, every referral to secondary care in Wales stops. GPs cannot send patients to hospital. The entire pathway through which cancer diagnoses, cardiac assessments, surgical referrals, and urgent care transfers flow ceases to function.

Sam Hall, Director for Primary Community Mental Health Digital Services, acknowledged at the January 2026 accountability meeting: "The issue we have with our legacy technology is that... there are just a few people that know how that thing is put together."

A national healthcare system relying on a single unsupported system, maintained by a handful of specialists, with no resilience, no supported upgrade path, and no published replacement timeline.

12. eMPI Outage — Patient Records Mixed Up Across Wales

The enterprise Master Patient Index (eMPI) is the identity layer beneath every other system in NHS Wales. When a clinician looks up a patient, when a prescription is issued, when test results are returned — the eMPI ensures the right information reaches the right patient.

According to Employment Tribunal proceedings, the eMPI suffered a catastrophic outage that mixed up patient records across Wales. Patients received health communications intended for other people. Others missed screening invitations for life-threatening conditions, including cancer. A year of remedial work followed at significant cost.

The eMPI had been procured at considerable expense for a system designed for entirely different purposes, of which only a fraction of its capability was used. The outage demonstrated what happens when critical patient safety infrastructure is treated as a procurement exercise rather than an engineering challenge.

13. System Outages — 21 Failures in Seven Months

The Public Accounts and Public Administration Committee referenced 21 system outages in a seven-month period across DHCW-managed infrastructure. No detailed breakdown has been published: which systems failed, for how long, how many users were affected, what the clinical impact was.

The pattern continued into 2026. On the morning of the January 2026 Public Accountability Meeting — the session at which DHCW was called to answer for its performance — DHCW's own systems went down. Interim Chair Ruth Glazzard addressed it with what she may have intended as humour: "Some people have suggested we may have done that deliberately today."

No root-cause analysis was published. No indication was given of how many users were affected or what clinical impact resulted.

When an organisation suffers 21 outages in seven months and then another outage on the morning it is called to account, the pattern is not coincidental. It is systemic.

14. Cyber Security — Under Level 3 With No Public Evidence of Compliance

Cyber Security is one of the nine programmes under Level 3 escalation — yet it differs from the others. It is not a programme that is late. It is a programme whose current status is entirely opaque.

• The entire NHS Wales Cyber Resilience Unit comprised four people as of the Senedd's July 2023 scrutiny (para 67). Four people protecting the digital health data of three million Welsh patients.
• No published penetration testing results against NCSC guidelines
• No evidence of Cyber Essentials or Cyber Essentials Plus certification
• No published NHS Data Security and Protection Toolkit (DSPT) compliance
• Zero disclosed programme expenditure for any year since DHCW's creation
• Legacy systems including WCCG running on unsupported technology with unknown vulnerability status
• Cybersecurity assessment outcomes were not reported to DHCW itself — only to individual health bodies and Welsh Government (para 74). The national body responsible for NHS Wales cyber security was not receiving the results of its own assessments.

These are binary compliance questions. Either DHCW holds Cyber Essentials certification or it does not. Either it conducts penetration testing or it does not. The refusal to publish this information — for an organisation managing the health data of three million people, defended by a cyber unit of four — is itself a finding.

15. Betsi Cadwaladr — When the Numbers Themselves Fail

A data quality failure at a single health board — Betsi Cadwaladr — caused the suspension of national waiting time statistics for approximately six months. National waiting time data — used by clinicians, managers, politicians, and patients to understand how the health service is performing — ceased to be reliable because of a data quality failure in a system managed or connected to DHCW infrastructure.

This is not a local error. It is a national infrastructure failure. If a single health board's data quality issue can suspend statistics for the entire country, the national data architecture has no resilience.

16. Pandemic Preparedness — "Are We Ready? No."

In January 2025, CEO Helen Thomas was asked whether NHS Wales's digital systems were ready for another pandemic. Her answer:

"Are we ready for the next one? No."

She disclosed that data-sharing freedoms temporarily enabled during COVID-19 had "almost snapped back to pre-Covid levels." Wales had accumulated "non-standard standards" and "compromises to make things work in an integrated way over the last two decades." The Electronic Prescription Service — critical for remote healthcare — had been activated by only 7% of GP practices.

The pandemic response itself was not without serious data failures. In March 2020, DHCW's predecessor NWIS issued COVID-19 shielding letters to 86,000 vulnerable Welsh patients. Due to a processing error, a number were posted to previous addresses — meaning clinically vulnerable people did not receive life-critical information. NWIS published an apology and reported the matter to the ICO. [Source: DHCW archived news]

The pandemic response of 2020-2021 was frequently cited by DHCW as evidence of its capability. Thomas's own 2025 admission — combined with the documented shielding letter failure — means that response was a temporary workaround, not a durable legacy. If another pandemic struck tomorrow, Wales's digital health infrastructure would be no better prepared than it was in 2020.

Part Three: What It Has Cost

The programme summary

The infrastructure summary

The financial picture

The total figure cannot be calculated because DHCW has never published programme-level expenditure. What is known:

• DHCW's annual budget exceeds £78 million — funded entirely by Welsh taxpayers
• Identifiable programme costs approach £200 million (WCCIS £42M+, RISP £47-56M, GP Systems up to £80M, OpenEyes £8.5M, Promptly Health £11M — subtotal £189-198M)
• The true figure is substantially higher — NDR (Employment Tribunal documents allege £60M+ alone), NHS Wales App, NTA, LINC/LIMS, EPS, and Cyber Security costs have never been disclosed
• Additional undisclosed contracts include Cisco HIMSS INFRAM assessment (value undisclosed) and Atos stakeholder engagement review (£207,100) — the resulting report found only 13.3% of stakeholders spoke highly of DHCW; it was never published
• External consultancy contracts total £8.94 million across 49 contracts, obtained through FOI — nearly 12 times what DHCW disclosed in its published accounts
• Estimated re-procurement waste of £20-28 million per year across the organisation — money spent on cyclical procurement exercises rather than new capability
• 23 off-payroll workers at £245+/day (estimated £1.5-4.5M per year) with only one publicly identified

Against all of this spending, the CEO was asked at the January 2026 accountability meeting what return the public had received. She replied:

"We don't have an ROI on all of our investments."

The only concrete benefit she could cite was £0.5 million in "equivalent savings" — not cash — from a single system. Against several hundred million pounds in total expenditure.

Thomas then compared measuring digital ROI to measuring the value of electricity — arguing that accountability for outcomes is inherently impossible.

We disagree. And so, it seems, does the Welsh Government — which is why DHCW is under Level 3 intervention.

Nine programmes. All under Level 3 intervention. All under the same leadership. Legacy systems linked to patient death. Twenty-one outages in seven months. No evidence of basic cyber security compliance. A CEO who admits she cannot demonstrate a return on investment. And not a single director has faced any consequence.

The United Kingdom has been here before. The National Programme for IT (NPfIT) — the government's attempt to build a centrally-imposed national EHR for England — cost £12.7 billion before being dismantled after nine years. The Public Accounts Committee called it "one of the worst and most expensive contracting fiascos in the history of the public sector." The conditions that caused NPfIT to fail — top-down imposition without clinician engagement, leaders who didn't understand technology, suppression of criticism, chronic optimism bias — are the same conditions documented at DHCW. And Wales is now approaching its own billion-pound EHR decision under the same leadership that has failed at every programme it has attempted.

All figures verified from Senedd proceedings, Audit Wales reports, Welsh Government written statements, DHCW annual accounts, DHCW's own public accountability meeting of 29 January 2026, and the CEO's interview with Digital Health (January 2025). Where claims derive from Employment Tribunal proceedings — specifically regarding WPAS and patient death, the WCCG system condition, and the eMPI outage — this is explicitly stated. Sources cited on individual evidence pages.

What You Can Do

This evidence exists because someone looked. You can help make sure it leads to change:

• Write to your MS — ask what they will do about DHCW's failures
• Share this page — the more people who see this evidence, the harder it is to ignore
• Submit what you know — if you have evidence of waste, misconduct, or the suppression of concerns
• Support the FOI campaign — 54 Freedom of Information requests targeting DHCW's hidden data

Related pages:

• Financial Waste — The Evidence — full cost analysis and ROI admission
• Patient Safety — The Evidence — how these failures harm patients
• Nine Programmes, Zero Delivery — in-depth article on programme failures
• Leadership Analysis — why the same leadership keeps failing
• Our Solution — a detailed reform plan