End the once-for-Wales monopoly delivery model. Embed DHCW teams in health boards under clinical leadership. Recruit externally on published technical criteria, not internal promotion from the patronage pipeline. Separate interoperability standards from application delivery — the model every comparable country (Denmark, Estonia, NHS Digital England) uses to build world-class digital health. The monopoly is not 'how small countries do digital health' — it is a specifically Welsh arrangement that the comparators explicitly rejected.
Embed DHCW teams in health boards, working under clinical leadership. Teams report to health board clinical leadership, not to DHCW programme management. If the loyalty network controls the embedded teams, they become DHCW outposts, not clinical collaborators.
Recruit embedded team leads externally — from the commercial health tech sector, from NHS Digital England, from international equivalents. Not from within the DHCW loyalty network. Pay market rates. The Band 8c (£71-82k) salary for Head of Software Engineering signals that DHCW is not serious about external talent.
Give embedded teams authority to bypass DHCW’s national architecture mandates if clinicians need something faster. Let local success prove what works before standardising. Autonomy paired with accountability — decision rights inside published standards rather than approval chains designed for procurement risk — is one of the operating components of the psychological safety prerequisite the Blueprint relies on, and it is the federated alternative to the monopoly-control model the current arrangement embeds.
The architectural endpoint
DHCW becomes a standards-and-interoperability body, modelled on TEHIK (Estonia, ~200 staff for 1.3M people) and MedCom (Denmark, jointly owned by central government, regions, and local government). Tightly scoped:
- National data standards. Every health-board procured system must comply.
- National patient index. Single source of truth for “who is this patient?”, maintained centrally and queried by health-board clinical systems.
- National interoperability backbone. A Wales equivalent of X-Road (Estonia, Finland, and seven further jurisdictions) — a federated data exchange layer, open source, operated by the standards body.
- National cybersecurity for shared infrastructure. Including the PSBA layer where a single failure cascaded across all NHS Wales in March 2026.
Health boards procure clinical applications within those standards. The standards body does not deliver clinical applications. The “once for Wales” delivery monopoly is dismantled — and replaced with a federated architecture that has worked in every comparable jurisdiction.
The technical destination this intervention aims at — six layers, three principals, open standards throughout — is documented at The Target Architecture. The target architecture is the picture of where this intervention arrives.
Vendor and contract portfolio recovery
DHCW manages a contract portfolio valued at roughly £1.25 billion. The diagnosis documents 51 instances of board approval without scrutiny, multiple sole-bidder contracts, and several contract values entirely undisclosed (the RISP radiology supplier on a £47-56M contract, the Channel 3 / Aire Logic NTA contract, Promptly Health on £11M with no published business case). The PSBA outage in March 2026 demonstrated the operational consequence: a single shared dependency took O365, EPMA, RISP, and radiology offline across every NHS Wales organisation simultaneously. The portfolio is not just expensive. It is fragile.
Recovery has four steps:
- Audit the full portfolio. Every contract above £100K, with value, term, sole-bidder status, performance-against-milestones data, and concentration risk. Published on the transparency dashboard under Radical Transparency.
- Re-tender or terminate sole-bidder contracts above £1M unless a public justification for sole-bidder status is filed and accepted by the new governance body. The 51 approved-without-scrutiny instances are the precedent: the default is renewed scrutiny.
- Remediate single-point-of-failure dependencies. PSBA-class shared infrastructure receives an explicit redundancy and exit plan. No single supplier holds infrastructure that, if it fails, takes the whole NHS Wales digital estate offline.
- Renegotiate against the new architectural endpoint. Where the standards-body model means DHCW will no longer deliver an application, contracts transfer to (or are re-tendered by) the relevant health board, with knowledge transfer included.
Embedded team governance
Embedded teams report to health board clinical leadership. Each team publishes a monthly delivery report — what shipped, what slipped, what changed in clinical use. Exit criteria are named: once an embedded team has shipped a stable system used by clinicians, the team disbands and the application is owned by the health board, with the standards body retaining only standards-compliance oversight.
Recruitment partner specified
Recruitment for embedded team leads is conducted by a commercial recruiter from the health-tech sector — not by DHCW HR. Salary bands align with NHS Digital England’s commercial-recruitment ranges and Scottish Government Digital. Selection criteria are published in advance. External panels conduct selection. The pattern documented at L8 — sham recruitment with predetermined outcomes — is structurally precluded by externalising the recruitment apparatus for these roles.
This intervention dismantles L2: The Credibility Death Spiral and L5: The Vendor Dependency Spiral.