Editor's Note — May 11, 2026
On May 7, 2026, HHS published an Interim Final Rule (IFR) extending the Section 504 web and mobile accessibility compliance dates by one year. The new deadlines are May 11, 2027 (recipients with 15+ employees) and May 10, 2028 (recipients with fewer than 15 employees).
The technical requirements (WCAG 2.1 Level A and AA) and scope of coverage are unchanged. HHS is accepting written comments on the IFR through July 6, 2026.
The post below has been updated to reflect the new deadlines.
The US Department of Health and Human Services’ (HHS) updated Section 504 website accessibility rule now explicitly requires many HHS-funded organizations to meet WCAG 2.1 Level A and AA for websites, web content, and mobile apps.
Compliance deadlines were extended by one year via an HHS Interim Final Rule (May 7, 2026). New deadlines: May 11, 2027 (15+ employees) and May 10, 2028 (fewer than 15 employees).
Healthcare teams need a programmatic approach: inventory, audit, remediation, monitoring, governance, and training.
On May 9, 2024, the HHS Office for Civil Rights (OCR) issued a final rule, Nondiscrimination on the Basis of Disability in Programs or Activities Receiving Federal Financial Assistance, updating its Section 504 regulations for the first time in nearly 50 years.
Update — May 2026: On May 7, 2026, HHS published an interim final rule extending the Section 504 digital accessibility compliance deadlines by one year. Recipients with 15 or more employees now have until May 11, 2027; recipients with fewer than 15 employees have until May 10, 2028. The underlying obligation has not changed — only the technical-standard deadline moved. HHS has opened a 60-day public comment period through July 6, 2026 (docket HHS-OCR-2026-0004).
Section 504 prohibits discrimination based on disability in programs and activities that receive federal financial assistance from HHS. The final rule makes it explicit that discrimination includes barriers in web content and mobile apps that prevent people with disabilities from accessing services.
For many people with disabilities, digital barriers are not minor inconveniences. They can block access to health care itself. If a patient cannot navigate a portal, schedule an appointment, view test results, pay a bill, or join a telehealth visit, the impact is a barrier to care, not just a frustrating user experience. The new Section 504 rule treats those barriers as discrimination that must be addressed. Section 504 digital accessibility is therefore not a technical checkbox; it is a patient access issue with direct legal consequences for HHS-funded organizations.
If your organization receives federal financial assistance from HHS—for example, through Medicare, Medicaid, CHIP, Marketplaces, or HHS grants—you are likely covered by the updated Section 504 rule. Understanding which organizations fall under HHS Section 504 website accessibility obligations is the first step toward compliance.
This includes (but is not limited to):
Hospitals, clinics, and specialty care providers
Health insurers and managed care organizations
State Medicaid agencies
Telehealth services and apps
Long-term care and post-acute facilities
Human and social service agencies that receive HHS funding
Key dates to know for web and mobile accessibility:
Rule effective date: July 8, 2024
These dates may feel distant, but most providers manage multiple websites, portals, and apps, often with limited digital and QA capacity. Audits, remediation, vendor coordination, contracts, and training all take time to do well.
The final rule makes 504 accessibility requirements explicit. Recipients must ensure that the web content and mobile apps they provide or make available, directly or through vendors, conform to WCAG 2.1 Level A and Level AA success criteria and conformance requirements, subject to limited exceptions and undue-burden provisions. The rule also covers self-service kiosks — including patient check-in, payment, and wayfinding kiosks common in healthcare settings — which must provide equal access to patients with disabilities. (This article focuses specifically on web and mobile accessibility; the broader Section 504 rule also addresses medical diagnostic equipment, facility accessibility, and other obligations that fall outside this guide’s scope.)
In practice, that means:
Your websites, patient portals, online scheduling systems, and mobile apps need to be evaluated against WCAG 2.1 AA.
Automated tools are helpful but not sufficient. You also need manual testing with assistive technologies—for example, screen readers, keyboard-only navigation, magnification, and speech input—to understand what patients actually experience in critical workflows.
The rule does not demand perfection, but it does require that people with disabilities have meaningful access to programs and services.
Common digital accessibility issues include:
Inaccessible PDFs and forms used for applications, consents, or instructions
Images without descriptive alt text or labels
Videos without captions or, when needed, audio descriptions
Error messages and status updates that are not announced to screen readers
Authentication and login flows that rely on memory tests or drag-and-drop gestures
Telehealth platforms and apps should support captioning, work with screen readers, and function with a range of input methods so that patients with disabilities can use them independently.
Accessibility is not a one-off project. To avoid regressions, accessibility checks need to be part of your standard processes:
Design reviews and UX sign-off
Development and code reviews
QA test plans and CI/CD pipelines
High-impact journeys—such as portal login, scheduling, telehealth access, and online payments—should receive ongoing automated and manual testing.
HHS expects accessibility to be part of how your organization operates, not just a line in a project plan.
Practical steps include:
Creating a digital accessibility policy that references WCAG 2.1 AA and Section 504 obligations
Assigning clear ownership across digital, IT, compliance, and patient experience teams
Training content authors, designers, developers, and clinical staff so accessible practices become part of daily work, not just the responsibility of an “accessibility team”
The 2027 and 2028 deadlines are important milestones, but they are not the end of the work. Sites, portals, and apps change frequently. New content, microsites, and third-party tools are introduced regularly.
A sustainable accessibility program typically includes:
Periodic audits and user testing
Governance and escalation paths for accessibility issues
Vendor and contract language that aligns third-party tools with your accessibility requirements
The rule also provides narrow content exceptions—for example, certain archived web content, some pre-existing electronic documents, limited third-party content, individualized password-protected documents, and pre-existing social media posts—plus allowances for fundamental alteration and undue burden. Those exceptions are not intended as a loophole, but as limited carve-outs when content truly has minimal impact on access.
Across the accessibility community, guidance for HHS-funded providers follows a consistent pattern: inventory, audit, remediation, monitoring, and governance.
Organizations that are making progress tend to:
Start with high-impact patient journeys, like portals, scheduling, billing, and telehealth
Integrate accessibility checks into existing design, dev, and QA workflows, rather than running separate one-off projects
Use repeatable testing and reporting approaches so they can show documented improvements over time
Many healthcare organizations have already purchased audits or tools, yet still feel stuck. The updated Section 504 rule raises the bar: regulators expect accessible outcomes and meaningful access, not just reports.
UsableNet can support healthcare providers by combining:
Experience with healthcare and HHS-funded programs, including complex digital environments
Managed remediation services that take on much of the hands-on work, reducing the burden on lean internal teams
Testing and monitoring platforms that track progress and help document ongoing conformance with WCAG 2.1 AA
Instead of asking internal teams to interpret findings and fix everything alone, you can:
Prioritize the patient journeys that matter most for access to care
Integrate remediation into your existing release cycles and vendor processes
Show tangible, ongoing improvements toward your Section 504 digital accessibility obligations
If you are just starting to respond to the HHS Section 504 digital accessibility rule, this five-step approach can help.
List every website, portal, and app your patients and caregivers use, including:
Public websites
Patient portals
Scheduling tools
Telehealth platforms
Third-party tools embedded in your digital experience
Auditing against 504 accessibility requirements means evaluating every patient-facing digital property against WCAG 2.1 Level A and AA, not just your main public website.
Use a combination of:
Automated scanning
Expert manual testing
When possible, user testing with people who rely on assistive technologies
Focus first on journeys that support applying for, paying for, or receiving care, because those are central to Section 504’s focus on meaningful access.
Start with:
Patient portals and mobile apps
Scheduling and telehealth workflows
Billing, insurance, and application forms
Break work into sprints, assign owners, align deadlines with the 2027 and 2028 compliance dates, and track progress visibly.
Define who makes decisions about accessibility, how issues are triaged, and how updates to your accessibility statement will be handled.
Train the teams who publish content and ship changes so accessibility is considered whenever something new goes live, not only during special initiatives.
Select a partner who understands:
Health IT systems and integrations
OCR enforcement and regulatory risk
How to collaborate with your internal teams and vendors
UsableNet works specifically with healthcare organizations navigating HHS Section 504 digital accessibility obligations. Our team brings experience across complex healthcare digital environments, including patient portals, EHR-connected tools, telehealth platforms, and multi-vendor ecosystems.
Learn more about UsableNet's healthcare accessibility services.
For executives, digital leaders, and compliance teams, several themes are worth keeping in view:
Risk is real. OCR complaints and enforcement under Section 504 have been able to explicitly involve web and mobile accessibility since the rule took effect on July 8, 2024 — the 2027 and 2028 dates are technical-standard deadlines, not the start of enforcement. OCR can also investigate proactively, without a complaint being filed.
This is a journey. Compliance dates are now in 2027 and 2028 (extended by HHS in May 2026), but accessibility needs ongoing resourcing, planning, and governance.
Patients come first. Accessible digital experiences are part of equitable care and patient trust, not just a legal checkbox.
Integration is essential. The rule expects accessibility to be integrated into DevOps, QA, design, and content workflows—not added at the very end of a project.
Digital accessibility in healthcare is now a clear legal requirement under HHS’s updated Section 504 rule. It is also a chance to deliver better experiences to every patient who relies on your digital services.
Providers that act early on HHS Section 504 digital accessibility and commit to continuous improvement will be better positioned to meet their obligations and maintain trust with patients, caregivers, and regulators.
Disclaimer: The materials in this blog are for educational purposes only and do not constitute legal advice. Organizations should consult their legal counsel for advice on specific situations.