The short answer is yes, it can be, and we have a number of users who are using Realm in HIPAA Compliant applications.
There are many guidelines and rules around creating a HIPAA compliant application. Realm provides the tools which are necessary to meet these various requirements (i.e. access control, flexible deployment options, etc). By large, this means properly encrypting your database. If you are using Realm Platform, this typically means self-hosting our Realm Object Server in a secure environment which is only accessible by authorized users.
The following security white paper covers a great deal of topics which are imperative to creating a secure application with Realm. Additionally, our documentation on access control shows how you can ensure that data is only accessible by the correct parties. If you have additional questions, please contact us at [email protected]