Atlassian doesn't make products that state they meet any specific regulations. That doesn't mean that their products can't be made to meet the compliance you need, however. We work with many clients that need to be HIPAA compliant and we have been successful at implementing Atlassian tools to pass audits.
In short, they can be HIPAA compliant, but you need to configure them to be compliant (or work with a Solutions Partner that knows what to do.)
I think your only option currently is to be on a self-hosted version of Jira. Cloud doesn't have the capability currently. You should use SSL on the front-end. The supported databases all have the ability to encrypt data in the database as long as you use a driver that can support it. This is not something that Atlassian supports, but it's possible. There is an App from Marketplace that helps obfuscate personal information that may be inadvertently entered in to Jira as well. Permissions in Jira are very granular, but you may need to lock your Projects down more than you are currently doing. You can also make use of Issue Security to limit access to individual issues. You may need to increase log verbosity and perform some audits to ensure compliance. I hope that helps.