Domain policy

Penn Medicine manages all web domains that feature the Penn Medicine name, shield, and logo and authorizes use of domains within the pennmedicine.org namespace.

In addition, @pennmedicine.upenn.edu is the only approved domain for email for all health system entities.

Technical standards overview
Performance
Page load time
Browser and device compatibility
Domain policy
Vanity URLs
HIPAA and privacy
Use of QR codes

Standard scope

This standard applies to:

  • pennmedicine.org
  • All Penn Medicine websites
  • Penn Medicine mobile applications
  • All Penn Medicine digital products
  • Email domains (ie: @pennmedicine.upenn.edu)

Overview

The Penn Medicine marketing organization authorizes the use of all domains within the pennmedicine.org namespace and any domains that feature the Penn Medicine name, shield, and logo. The control and management of the Penn Medicine web presence supports the web strategy to optimize patient engagement and also safeguards against the threat of cybersecurity scams and non-compliance with legal requirements for any US health systems.

Primary Domain

The primary domain for Penn Medicine is pennmedicine.org. Alternate top-level and second-level domains are not allowed for any patient-facing content related to Penn Medicine services and entities.

Subdomains

Groups requesting a subdomain (e.g., xxx.pennmedicine.org) should align with the Penn Medicine domain policy detailed below.

Third-level domains are allowed and should take into consideration the broader web strategy.  The granting of a third-level name is limited to entities and services with a broad scope and long duration and that do not conflict with the mission and content of pennmedicine.org

Third-level domains may only be granted at the request of primary stakeholders of Penn Medicine departments, administrative units, interdisciplinary centers or institutes, and enterprise services. All requests must be reviewed and approved by the Director of User Experience, who will make the final decision on granting the third-level domain.

Third-level domain requests from entities that do not fall in the above categories will be reviewed on an individual basis but will generally be denied.

Third-level domains should clearly identify the requesting entity, avoiding the use of acronyms or generic terms that could apply to multiple entities or services.

Third-level domains are a revocable resource. The revocation of a third-level domain will be a rare occurrence but could happen, for example, if an existing third-level domain conflicts with the request of a major new Penn Medicine entity. Third-level domains may also be revoked if they have not been actively used for a period of one year. The review process for new third-level domains will include screening for current or potential future conflicts.

In general, fourth-level and additional levels of domains are discouraged.

Email domains
The @pennmedicine.upenn.edu is the only approved email domain for the health system, including the Perelman School of Medicine.

Alternate domains and fourth-level domains for email are not permitted because they dilute the brand identity and make it harder for recipients to remember and to identify the sender. Deeply nested addresses are also less trustworthy. And overly complex subdomains can trigger SPAM filters.

Contact

For assistance, please contact web-standards@pennmedicine.upenn.edu

Last updated

Date
Description
06/11/25
Initial Release