[reificator]

I don't work with HIPAA but with other compliance/regulations NOT using version control is the problem.

Unless you have patient information hardcoded into the source code for god knows what reason...

[marrone12]

Things that might be hardcoded are access keys and passwords to PII databases.

[rovr138]

Which is bad practice for lots of reasons and, is that a HIPAA violation? Your code also has it then.

Hosting git externally might be an issue though.

[all_usernames]

No. No no no no no.