My understanding would be this would be very dependent on the cloud provider to also be hipaa or the appropriate cloud validation ready. While some of the questions can be answered here about encryption of the data in transit and at rest (it does this), or user authentication (with ACL it does this) - much of the rest would be on the cloud provider. For this both google cloud and AWS are available, dgraph-labs would have to respond directly to how it is set up to know for sure.
full disclosure: I am notably not in the healthcare sector.