Yes, I am fond of HIPAA too. One project I worked on was physical infrastructure for a healthcare company.
One cool thing I remember is that the phone lines within the building had to be in armored cable, so they couldn’t be tapped without leaving a huge mess.
You can read the technical safeguards. They are pretty reasonable and not nearly that intense. There is definitely a cottage industry of security/compliance consultants giving maximalist interpretations to bill more hours, but there are also shops doing pretty average modern IT best practices (individual user accounts, TLS, screensaver passwords, etc) that do fine.
One cool thing I remember is that the phone lines within the building had to be in armored cable, so they couldn’t be tapped without leaving a huge mess.