The HIPAA regulations already address the IT issue in that you shouldn't let anybody near your stuff unless you have a Business Associate Agreement in place. Certainly all the major IT companies for hardware and software are familiar with them, and in the past few years since enforcement has been stepped up even the mom and pop shops are probably familiar with them if they deal with HIPAA protected stuff.

Microsoft for example updated theirs in the last two weeks for their cloud services, their press release is here

Microsoft updates Business Associate Agreement to address new HIPAA requirements and help enable healthcare organizations to maintain compliance in the cloud

Any vendor that wants your business will gladly sign an agreement, then it's not a concern if they take your disk away.