I found the following HIPAA related discussions:
HIPAA requirements vs. AppEngine security guidelines
http://groups.google.com/group/google-appengine/browse_thread/thread/78b40375b8b5af41/4cb5de1b17aae039?lnk=gstq=HIPAA#
IPAA and client data stored w/ Google's App Engine framework
From reading the Google Health FAQ I think the answer to your question
is no, but they don't need to be.
Is Google Health covered by HIPAA?
Unlike a doctor or health plan, Google Health is not regulated by the
Health Insurance Portability and Accountability Act (HIPAA), a federal
law that