Blog Post

WCAG Compliance in Patient Portals: What Most Health Tech Teams Miss

Q: Is my patient portal required to be ADA compliant?

If your organization receives federal financial assistance (Medicare, Medicaid, or other HHS funding), your patient portal must comply with WCAG 2.1 Level AA under HHS Section 504 and ACA Section 1557. Private healthcare organizations not receiving federal funds may still face ADA Title III claims, though Title III does not yet name a specific WCAG standard.

Q: What WCAG level do patient portals need?

WCAG 2.1 Level AA. This includes all Level A criteria plus additional requirements for contrast, text resizing, keyboard navigation, focus indicators, and mobile accessibility. Level AAA is not required but some criteria (like enhanced contrast ratios) are recommended for healthcare content where readability is critical.

Q: How do I test patient portal accessibility?

Use a three-layer approach: (1) automated scanning with tools like axe-core or WAVE to catch programmatic violations, (2) visual QA review to catch contrast failures, missing focus indicators, and form label issues that automated tools miss, and (3) assistive technology testing with a screen reader and keyboard-only navigation on critical flows like login, appointment scheduling, and lab results.

Q: What happens if my patient portal fails an accessibility audit?

Consequences depend on who audits you. An HHS OCR investigation can result in a corrective action plan, ongoing monitoring, or loss of federal funding. A private ADA lawsuit typically results in a settlement (median $18,000 for out-of-court, up to $6M for class actions per Accessibility.build data). In both cases, courts and regulators give credit for documented good-faith remediation efforts.

Q: Does the Section 504 deadline extension mean I can wait?

No. The technical compliance deadline moved to May 2027, but ACA Section 1557 provisions are already in effect. You should have appointed a Section 1557 coordinator and established accessibility policies by July 2025. Private ADA lawsuits are not bound by any deadline. The extension gives you more time for technical remediation, not more time to start.

Patient portal accessibility is a legal requirement under HHS Section 504 and ACA Section 1557. Healthcare organizations receiving federal funds must make patient portals conform to WCAG 2.1 Level AA by May 2027. Only 4.9% of top U.S. hospital websites met WCAG 2.1 compliance in a 2022 AHIMA Foundation study. This guide covers the compliance requirements, common portal failures, and the visual QA workflow that catches what automated scanners miss.

What Is Patient Portal Accessibility?

Patient portal accessibility is the practice of ensuring that web-based healthcare portals can be used by people with disabilities, including those who rely on screen readers, keyboard navigation, magnification, and voice control. Accessible patient portals conform to the Web Content Accessibility Guidelines (WCAG 2.1 Level AA), the international standard for web accessibility.

The Legal Requirements: Section 504 and Section 1557

Two federal rules mandate digital accessibility for healthcare organizations. The HHS Section 504 Final Rule (May 2024) requires WCAG 2.1 Level AA compliance for all organizations receiving HHS funding, with a deadline of May 2027 for organizations with 15+ employees. ACA Section 1557 establishes the broader nondiscrimination framework requiring accessible websites, mobile apps, and patient portals.

How Many Healthcare Websites Actually Comply?

A 2022 AHIMA Foundation and Mathematica study evaluated 106 top-ranked U.S. hospital websites. Only 4.9% were fully WCAG 2.1 compliant. Nearly 80% were semi-compliant. 16.7% were fully noncompliant. The WebAIM Million 2026 report found 95.9% of one million homepages had WCAG 2 failures, averaging 56.1 errors per page.

The Lawsuit Landscape for Healthcare

3,117 federal ADA Title III digital accessibility cases were filed in 2025, a 27.1% increase over 2024 (Accessibility.build Lawsuit Tracker). Healthcare accounted for approximately 4% of cases in the first half of 2025 (UsableNet 2025 Midyear Report), described as rising ahead of the HHS deadline. Settlement medians range from $4,000 (demand letter) to $225,000 (class action).

The Most Common Patient Portal Accessibility Failures

Low contrast text (83.9% of pages per WebAIM Million 2026), especially in medication instructions and lab result values
Missing focus indicators making keyboard navigation impossible
Missing form labels (51% of homepages), critical for registration and intake forms
Inaccessible date pickers in appointment scheduling
Missing alt text (53.1% of pages) on medical imaging and provider photos
Empty links and buttons (46.3% and 30.6%) on icon-only actions

Why Automated Scanners Are Not Enough

Automated accessibility scanners catch roughly 30-40% of WCAG violations. The rest require human judgment. A three-layer approach combines automated scanning (axe, WAVE), visual QA and design review, and assistive technology testing for comprehensive coverage.

A Practical Compliance Workflow for Patient Portals

Baseline audit with automated scans and manual review across key portal flows
Visual QA layer to catch contrast failures, focus indicators, and form label issues
Document everything for compliance defense with a VPAT and traceable issue exports
Build accessibility verification into every sprint

High-Risk Portal Flows to Audit First

Login and authentication (CAPTCHA, error messages, password requirements)
Appointment scheduling (date pickers, time slot labels, confirmations)
Lab results and medical records (table headers, PDF tagging, chart alternatives)
Secure messaging (rich text editors, attachment buttons, threading)
Billing and payment (form labels, error validation, receipt downloads)

Resolution Type	Median Settlement	Range
Demand letter	$4,000	$1K - $25K
Out-of-court settlement	$18,000	$5K - $150K
Court judgment	$55,000	$10K - $500K
Class action	$225,000	$50K - $6M

Testing Layer	What It Catches	What It Misses
Automated scanning (axe, WAVE)	Missing alt text, missing labels, contrast ratios, ARIA errors, missing lang attribute	Meaningful alt text quality, logical reading order, keyboard navigation flow, focus management in modals, custom component state
Visual QA and design review	Contrast failures in context, focus indicator visibility, touch target sizing, form label visibility, layout issues affecting comprehension	Code-level ARIA implementation, screen reader pronunciation, programmatic name/role/value
Assistive technology testing	Screen reader compatibility, keyboard-only navigation, voice control operability	Visual presentation issues, design consistency, responsive layout failures

Portal Flow	Risk Level	Common Accessibility Failures
Login and authentication	Critical	CAPTCHA inaccessible to screen readers, error messages not announced, password requirements not programmatically associated
Appointment scheduling	Critical	Date pickers are keyboard traps, time slot buttons lack labels, confirmation not announced to screen readers
Lab results and medical records	High	Data tables missing headers, PDF results not tagged for accessibility, chart/graph images without text alternatives
Secure messaging	High	Rich text editors inaccessible, attachment buttons unlabeled, message threading unclear to screen readers
Billing and payment	High	Payment form fields missing labels, error validation not announced, receipt download links empty
Registration and intake forms	Medium	Multi-step forms lose focus on page transition, required field indicators not programmatic, conditional fields not announced

Factor	General Web	Patient Portal
Legal framework	ADA Title III (private businesses)	ADA + Section 504 + Section 1557 (triple coverage)
Enforcement body	DOJ, private lawsuits	DOJ + HHS OCR + private lawsuits
Penalty for non-compliance	Lawsuit settlements ($4K-$225K median)	Lawsuit settlements + loss of federal funding
User population	General public	Disproportionately older adults and people with disabilities
Content sensitivity	Commercial	Protected health information, medical decisions
WCAG standard required	No federal standard specified (Title III)	WCAG 2.1 AA explicitly required

Frequently Asked Questions

Is my patient portal required to be ADA compliant?

If your organization receives federal financial assistance, your patient portal must comply with WCAG 2.1 Level AA under HHS Section 504 and ACA Section 1557.

What WCAG level do patient portals need?

WCAG 2.1 Level AA, including all Level A criteria plus requirements for contrast, text resizing, keyboard navigation, focus indicators, and mobile accessibility.

How do I test patient portal accessibility?

Use a three-layer approach: automated scanning, visual QA review, and assistive technology testing with screen readers and keyboard-only navigation.

What happens if my patient portal fails an accessibility audit?

HHS OCR investigations can result in corrective action plans or loss of federal funding. Private ADA lawsuits typically result in settlements from $4,000 to $6M depending on scope.

Does the Section 504 deadline extension mean I can wait?

No. ACA Section 1557 provisions are already in effect. Private ADA lawsuits are not bound by any deadline.

Are third-party portal vendors responsible for compliance?

No. The compliance obligation rests with the healthcare organization. Include WCAG 2.1 AA requirements in vendor contracts and request VPATs.