As a general rule (my opinion) I would prefer L3 unless there was a compeling reason to go L2. From my experience the only reason I've ever done L2 between datacenters is because we were too cheap to get some type of load balancing solution. So instead of having VMs on different subnets hidden behind a load balancer, we did L2 so the VMs didn't need an IP change when the load shifted.
The reason we don't like spanning L2 across sites is because we expand our STP domain. So Spanning Tree topology changes propagate across sites and it can become a real headache on larger networks.
I don't know about hippa, but MPLS has never been an issue in the PCI audits I've been involved in. Nevertheless, you certainly want to run any major network changes (new MPLS backbone) by your PCI auditors before you commit finances.