Texas HHS Signals Stricter Procurement Standards

In a recent vendor briefing, Texas Health and Human Services (HHS) Chief Information Officer Sylvia Kauffman detailed new expectations and priorities that will shape procurement, system design and vendor accountability across the organization.

Kauffman laid out a strategic vision anchored in six goals, including improving project delivery, modernizing aging infrastructure, building a shared services architecture and advancing responsible AI adoption. With more than 300 legacy systems and increasing pressure from legislative oversight, the agency is working to streamline operations and improve responsiveness through long-term planning and deeper vendor collaboration.

Kauffman described cybersecurity threats as her No. 1 concern, noting that HHS systems must be architected with security in mind from the outset. Vendors proposing solutions are expected to embed security and accessibility up front, rather than relying on post-deployment remediation.

“When we evaluate solutions that you guys are proposing, whether it’s software, whatever it is that you’re sending our way, please think about the security as you’re building the thing and make sure it’s already architected in,” said Kauffman. “We are not going to buy any more systems that don’t have the security we need up front.”

She also highlighted technical debt and data silos as persistent challenges, pointing to the complexity of managing hundreds of aging applications that often cannot communicate with one another. In response, the agency is pursuing a modular, shared-services architecture with common components such as client registration and provider payment. Vendors with plug-and-play capabilities and strong interoperability standards will be best positioned to support this transition.

HHS is rolling out Microsoft 365 Copilot, GitHub Copilot and Google Gemini-based knowledge tools to improve staff productivity and service delivery. However, Kauffman made clear that vendors must follow the agency’s updated artificial intelligence policy, which includes strict prohibitions on using HHS data to train private models. Systems must also provide audit trails and support transparent decision-making to withstand external audits. The agency is also developing a new enterprise data strategy to better prepare legacy systems for AI integration, with an emphasis on ensuring data quality and access.

Solutions must be Section 508 compliant at the outset. According to Kauffman, HHS has paused projects due to insufficient accessibility and will no longer accept systems that require retroactive fixes.

Interoperability is also mandatory; systems should offer open APIs, standard data formats and avoid data lock-in. She urged vendors not to impose additional fees for extracting state-owned data from vendor platforms.

HHS is in the early stages of a 10-year modernization plan and is preparing to request funding from the Legislature for upcoming projects. Vendors were advised to track postings on the Health and Human Services Commission (HHSC) procurement page for future solicitations.

Kauffman also noted that HHSC is exploring ways to quantify the benefits of AI-driven development. Vendors leveraging AI to reduce development time and costs may be asked to reflect those savings in their pricing.

“If you guys are getting benefit from using AI, and your cost is going down, then I think it’s only fair that the state also benefits from that,” said Kauffman. “It’s something we’re asking all our vendors, especially the ones that are actively coding with us right now.”

With new leadership in procurement and IT, and with policy updates underway, the agency is signaling a more structured and performance-driven approach to vendor engagement.

“We are super excited to work with you all,” Kauffman said. “But we need your help to deliver systems that are secure, accessible, interoperable and cost-effective.”