WordPress itself is not HIPAA compliant, so there would be a clause that you should never store any PHI on the site.
BuddyBoss is a Theme/Platform plugin, which does not change the situation of where the data is held/stored. The main challenge with HIPAA is that you’ll need to ensure you’re using compliant web hosting and that you have an ongoing audit for any activity on personal information, along with the appropriate security procedures in place.
