Besides MBR & BIOS, is it possible for a rootkit to stay persistent after a format of the hard drive?
Normally, no. Not in a self-bootable area. You might have data not overwritten by the disk wipe, in "out-of-band" areas, but those areas aren't normally accessible, and if made so, they also become accessible to the wipe.
Theoretically, for very large values of theoretically, yes. In some hard drives, there may be a third memory area that is accessible, self-booting and capable of hosting a complex malware (as complex as, say, a minimal Linux kernel).
(Update: the above trick has been reported in the wild by Kaspersky)
This area is normally not accessed (for programming) through the data cable by which the hard drive is connected to the host computer, but through a specialized JTAG connector which is only used during the manufacturing process.
Also, the programming instructions must be specifically adapted for the hard drive controller CPU chip; just as the same HTTP protocol may be "spoken" by a Motorola-powered old Mac or an Intel 80386, but the two CPUs won't ever "speak" the same language, so two disks from the same manufacturer may have an Avago chip, or a Marvell one - and they will require different and totally incompatible instructions.
The problem then is that the malware would have to be specifically targeted, and in most if not all cases, hardware physical access to the JTAG connector through a custom cable will be required. So a purely software malware would have no chances. Unless some programming backdoor had been burned in the firmware by the manufacturer, in order to save some bucks and do without the whole JTAG stuff. Which, predictably, it seems to have been the case.
A disk thus hacked is completely untrustworthy. Whatever you do to a hard disk from the SATA cable is actually no more than a polite request to the disk SoC to perform some action on your behalf. Untampered SoCs will obey (or lie to you to your advantage: for example reporting that a sector has been written instantly, while in reality it is being held in a write-back cache to increase performances). A tampered SoC might disobey and lie about it (and will do so, or there would no point in tampering).
You could (ask it to) overwrite the boot loader, read it back and receive an enthusiastic confirmation that it has been zeroed; (ask to) write a clean boot loader in its place, re-read it and receive a haughty confirmation that it has been written and committed. Then power cycle... and still have a malicious boot loader come out of the disk instead of the one you believed should have been there, thus bluepilling the system.
Of course, the malware should be aware of the operating system in use in order to infect it, and gain, through it, a more sophisticated access to files, network, keyboard and so on. It would do so by intercepting the operating system attempts to load its own code from disk, supplying instead modified code containing the infection routines. The modified code would need to be compatible with the operating system, and it would be powerless should the operating system self-check its own code, unless even more advanced techniques were used.
Actual probability is in the low noughts for any reasonably common scenario.
On the other hand... if you just received a brand new desktop as a token of NSA's appreciation for your work, then no - wiping the disk, zeroing its HPA and DCO and Gutmann-blasting every single sector it has, will not be enough.
If it replaced the BIOS, it could, through the Windows Platform Binary Table (WPBT), provide a malware stored there, reinfecting a Windows machine even after replacing the hard disk with a new one.
This is what was used by the lenovo rootkit from August 2015 to persist itself even after a clean reinstall.