Is the site compliant, particularly to exchange PHI data?

Is OwnCloud HIPAA compliant?

According to it depends on the setup.

If you host it on-site, use a safe https configuration, offsite backups, logging/auditing, listen to ownCloud file integrity warnings, and also implement some physical safeguards (like a lock at the server room door), it seems to be compliant.

I am neither a lawyer nor a US citizen though.