Certification for regulatory compliance is certainly something Storj DCS is missing greatly as it would open the door to more industries (https://wasabi-support.zendesk.com/hc/en-us/articles/115002145572-What-third-party-compliances-have-been-attained-by-Wasabi-)
HIPAA is US specific. The author from the paper I have linked is professor at the University of Messina, Italy, so he is referring to EU law, literally the GDPR. But there might be country specific regulatory requirements in other countries for the EU also. However for Germany for example I am not aware of any that would even stiffen the GDPR.
But that’s what I mean when I suggest to contact the author as he not only seems to be a computer expert but also an expert on e-healthcare so he is surely aware of regulatory requirements in different areas of the world.