A server is 50 times more secure than a workstation. As long as you are connected to the Internet, your data is vulnerable. Besides, a workstation is generally light and in the work area where anyone could grab it and, hence, the data. Your biggest weakness will always be user passwords and users period.
Now for my main points:
1. I have no idea what the HIPAA requirements are for a network
2. I don't care what the HIPAA requirements are for a network
3. How is HIPAA going to know how well my server is locked down
4. I have never, ever concerned myself with HIPAA.
From what I recall a year or so ago when backups were the big topic, at least 15% of users, if not more, were backing up AC to a flash drive and taking it home unencrypted. Now, if that doesn't violate HIPAA, nothing does.
