The US Department of Health and Human Services’ (HHS) updated Section 504 rule now explicitly requires many HHS-funded organizations to meet WCAG 2.1 Level A and AA for websites, web content, and mobile apps.
Compliance deadlines are May 11, 2026 (15+ employees) and May 10, 2027 (fewer than 15 employees).
Healthcare teams need a programmatic approach: inventory, audit, remediation, monitoring, governance, and training.
In May 2024, the HHS Office for Civil Rights (OCR) issued a final rule, Discrimination based on Disability in Health and Human Service Programs or Activities, updating its Section 504 regulations for the first time in nearly 50 years.
Section 504 prohibits discrimination based on disability in programs and activities that receive federal financial assistance from HHS. The final rule makes it explicit that discrimination includes barriers in web content and mobile apps that prevent people with disabilities from accessing services.
For many people with disabilities, digital barriers are not minor inconveniences. They can block access to health care itself. If a patient cannot navigate a portal, schedule an appointment, view test results, pay a bill, or join a telehealth visit, the impact is a barrier to care, not just a frustrating user experience. The new Section 504 rule treats those barriers as discrimination that must be addressed.
If your organization receives federal financial assistance from HHS—for example, through Medicare, Medicaid, CHIP, Marketplaces, or HHS grants—you are likely covered by the updated Section 504 rule.
This includes (but is not limited to):
Hospitals, clinics, and specialty care providers
Health insurers and managed care organizations
State Medicaid agencies
Telehealth services and apps
Long-term care and post-acute facilities
Human and social service agencies that receive HHS funding
Key dates to know for web and mobile accessibility:
Rule effective date: July 8, 2024
WCAG 2.1 AA compliance deadlines for web and mobile apps:
May 11, 2026 for recipients with 15 or more employees
May 10, 2027 for recipients with fewer than 15 employees
These dates may feel distant, but most providers manage multiple websites, portals, and apps, often with limited digital and QA capacity. Audits, remediation, vendor coordination, contracts, and training all take time to do well.
The final rule makes digital accessibility requirements explicit. Recipients must ensure that the web content and mobile apps they provide or make available, directly or through vendors, conform to WCAG 2.1 Level A and Level AA success criteria and conformance requirements, subject to limited exceptions and undue-burden provisions.
In practice, that means:
Your websites, patient portals, online scheduling systems, and mobile apps need to be evaluated against WCAG 2.1 AA.
Automated tools are helpful but not sufficient. You also need manual testing with assistive technologies—for example, screen readers, keyboard-only navigation, magnification, and speech input—to understand what patients actually experience in critical workflows.
The rule does not demand perfection, but it does require that people with disabilities have meaningful access to programs and services.
Common digital accessibility issues include:
Inaccessible PDFs and forms used for applications, consents, or instructions
Images without descriptive alt text or labels
Videos without captions or, when needed, audio descriptions
Error messages and status updates that are not announced to screen readers
Authentication and login flows that rely on memory tests or drag-and-drop gestures
Telehealth platforms and apps should support captioning, work with screen readers, and function with a range of input methods so that patients with disabilities can use them independently.
Accessibility is not a one-off project. To avoid regressions, accessibility checks need to be part of your standard processes:
Design reviews and UX sign-off
Development and code reviews
QA test plans and CI/CD pipelines
High-impact journeys—such as portal login, scheduling, telehealth access, and online payments—should receive ongoing automated and manual testing.
HHS expects accessibility to be part of how your organization operates, not just a line in a project plan.
Practical steps include:
Creating a digital accessibility policy that references WCAG 2.1 AA and Section 504 obligations
Assigning clear ownership across digital, IT, compliance, and patient experience teams
Training content authors, designers, developers, and clinical staff so accessible practices become part of daily work, not just the responsibility of an “accessibility team”
The 2026 and 2027 deadlines are important milestones, but they are not the end of the work. Sites, portals, and apps change frequently. New content, microsites, and third-party tools are introduced regularly.
A sustainable accessibility program typically includes:
Periodic audits and user testing
Governance and escalation paths for accessibility issues
Vendor and contract language that aligns third-party tools with your accessibility requirements
The rule also provides narrow content exceptions—for example, certain archived web content, some pre-existing electronic documents, limited third-party content, individualized password-protected documents, and pre-existing social media posts—plus allowances for fundamental alteration and undue burden. Those exceptions are not intended as a loophole, but as limited carve-outs when content truly has minimal impact on access.
Across the accessibility community, guidance for HHS-funded providers follows a consistent pattern: inventory, audit, remediation, monitoring, and governance.
Organizations that are making progress tend to:
Start with high-impact patient journeys, like portals, scheduling, billing, and telehealth
Integrate accessibility checks into existing design, dev, and QA workflows, rather than running separate one-off projects
Use repeatable testing and reporting approaches so they can show documented improvements over time
Many healthcare organizations have already purchased audits or tools, yet still feel stuck. The updated Section 504 rule raises the bar: regulators expect accessible outcomes and meaningful access, not just reports.
UsableNet can support healthcare providers by combining:
Experience with healthcare and HHS-funded programs, including complex digital environments
Managed remediation services that take on much of the hands-on work, reducing the burden on lean internal teams
Testing and monitoring platforms that track progress and help document ongoing conformance with WCAG 2.1 AA
Instead of asking internal teams to interpret findings and fix everything alone, you can:
Prioritize the patient journeys that matter most for access to care
Integrate remediation into your existing release cycles and vendor processes
Show tangible, ongoing improvements toward your Section 504 digital accessibility obligations
If you are just starting to respond to the HHS Section 504 digital accessibility rule, this five-step approach can help.
List every website, portal, and app your patients and caregivers use, including:
Public websites
Patient portals
Scheduling tools
Telehealth platforms
Third-party tools embedded in your digital experience
Use a combination of:
Automated scanning
Expert manual testing
When possible, user testing with people who rely on assistive technologies
Focus first on journeys that support applying for, paying for, or receiving care, because those are central to Section 504’s focus on meaningful access.
Start with:
Patient portals and mobile apps
Scheduling and telehealth workflows
Billing, insurance, and application forms
Break work into sprints, assign owners, align deadlines with the 2026 and 2027 compliance dates, and track progress visibly.
Define who makes decisions about accessibility, how issues are triaged, and how updates to your accessibility statement will be handled.
Train the teams who publish content and ship changes so accessibility is considered whenever something new goes live, not only during special initiatives.
Select a partner who understands:
Health IT systems and integrations
OCR enforcement and regulatory risk
How to collaborate with your internal teams and vendors
The right partner can help you move faster, avoid fragmented efforts, and support your teams in meeting HHS’s expectations for web and mobile accessibility.
For executives, digital leaders, and compliance teams, several themes are worth keeping in view:
Risk is real. OCR complaints and enforcement can now explicitly involve web and mobile accessibility under Section 504.
This is a journey. Compliance dates are in 2026 and 2027, but accessibility needs ongoing resourcing, planning, and governance.
Patients come first. Accessible digital experiences are part of equitable care and patient trust, not just a legal checkbox.
Integration is essential. The rule expects accessibility to be integrated into DevOps, QA, design, and content workflows—not added at the very end of a project.
Digital accessibility in healthcare is now a clear legal requirement under HHS’s updated Section 504 rule. It is also a chance to deliver better experiences to every patient who relies on your digital services.
Providers that act early and commit to continuous improvement will be better positioned to meet their obligations and maintain trust with patients, caregivers, and regulators.
Disclaimer: The materials in this blog are for educational purposes only and do not constitute legal advice. Organizations should consult their legal counsel for advice on specific situations.