(Web) Laws are For the Little People
Here's what the official HHS policy is:
Section 508 requires that, when Federal agencies develop, procure, maintain, or use EIT, (1) individuals with disabilities who are Federal employees have access to and use of information and data that is comparable to the access to and use of the information and data by Federal employees who are not individuals with disabilities; and (2) individuals with disabilities who are members of the public seeking information or services from a Federal department or agency to have access to and use of information and data that is comparable to the access to and use of the information and data by such members of the public who are not individuals with disabilities (FAR 39.201 and 36 CFR 1194.1). Comparable access is not required if it would impose an undue burden on the agency.
Details of the rules and guidelines for compliance are here on the HHS site, but the tl;dr version is coveredca.gov doesn't comply.
Of course, you might argue this is a state of California site, but it turns out that:
Although the law applies to all Federal agencies, state and local government is also impacted by the act. The Americans with Disabilities Act (ADA) and, if the government entities receive Federal funding, the Rehabilitation Act of 1973, generally require that State and local governments provide qualified individuals with disabilities equal access to their programs, services, or activities unless doing so would fundamentally alter the nature of their programs, services, or activities or would impose an undue burden.(Wikipedia, original source here.)
That just seems to go with the story the Washington Examiner reported last night that Healthcare.gov doesn't actually comply with OMB's guidance on when a privacy-critical system can be put on line. See, OMB says there can be no "interim" certifications.
Not, I guess, that is should surprise us they don't comply with their own laws on this too.