Technical standards overview
Performance
Page load time
Browser and device compatibility
Domain policy
Vanity URLs
Third-party hosting
HIPAA and privacy
Use of QR codes
Standard scope
This standard applies to:
- pennmedicine.org
- All Penn Medicine websites
- Penn Medicine mobile applications
- All Penn Medicine digital products
Overview
Standards sustain patient trust and help guard Penn Medicine from data breaches, accessibility violations and legal liabilities. For Penn Medicine, as a healthcare organization, third-party hosting web standards are essential to:
- Safeguard patient data and privacy (HIPAA)
- Guarantee accessible digital services (ADA/WCAG)
- Protect against security risks and legal exposures
- Ensure consistent, high-quality performance
- Preserve brand reputation and trust
- Enable seamless system integration
Penn Medicine requirements
To achieve compliance for third party hosting, refer to the following requirements:
- Adhere to all requirements of the Penn Medicine Privacy policies, including specific requirements for Business Associates.
- Adhere to all requirements of the Penn Medicine Cybersecurity Program, including the Third-Party Management policy maintained by the Cybersecurity organization. Penn Medicine implements and maintains a Third-Party Risk Management (TPRM) program to aid in the security of its third-party provider ecosystem.
- Adhere to all web standards, including design standards, content standards, accessibility standards and technical standards.
Related resources
Contact
For questions, please contact web-standards@pennmedicine.upenn.edu
Last updated
Date
Version
Description
08/11/25
1.0.0
Initial Release