Yes. ProofPilot has put a significant amount of resources into meeting and in some cases exceeding HIPAA and similar health security and access regulations.
There is one important caveat.
Participants in studies receive notifications, via push message (phone and desktop computer), SMS, e-mail, Facebook notification Viber etc. These messages may include protected information. In order for a participant to engage in a study, participants must weigh the risks and benefits of receiving these messages via services that are likely secure – but do not advertise themselves as HIPAA compliant.
As part of the consent process, users are made aware that they, by joining a study, agree to these notifications. This caveat is covered under HIPAA. Read the specifics in the Final Omibus Rule p.5634 (so a search in the doc for 5634 as it is not a page number).