The method you use to store the data is irrelevant. Access to your network. Logging. If you're encrypting the disk. How is the application presenting this data. What kind of ACLs are you using. Asking if PG is good to store HIPAA data is exactly as useful as asking if you can even store HIPAA data. There are so many more important things to consider.
RDS is a hosted service. They don't have all the guarentees you'd want for PHI. I'm sure they're MySQL engine probably has similar warnings.
Jim