I agree with above, but with all the HIPAA, PHI, PII protection that is required, they should never have let your personal pc touch their network in the first place. If you get audited and personal data happens to be saved to a non protected pc god help you. And if that laptop were to get stolen and exposed, well now you have tons of government fines and horrible PR and a damaged reputation.
Sorry but even with a miminal chance of losing patient data you absolutely have to protect that at all costs, I'm suprised there are not mandatory HIPAA training courses that you need to go throught that would explain that.