Bad thing is, most agents have ZERO clue about HIPAA, are not warned about it, and probably break the law on a daily basis, particularly when they just go buy a Win 10 pc... (the fun of being a 1099 "employee" - the corporation has little to no liability for your actions.)
If one isn't aware of HIPPA then buying a Windows 10 PC wouldn't even be the start of issues. In reading the guidelines, which cover phones, there's just nothing in the guidelines about vendor telemetry. It's all about, is the device secured with passwords, disaster recovery, device loss, updates. I actually sent an email to ONC.Request@hhs.gov asking specially about Windows 10 last Thursday. No response thus far.