I'm not sure how any company or business that deals with information that requires security by law could be using Windows 10.
They pretty much don't care, unless it affects their bottom line, so why would they avoid Windows? As far as I know, HIPAA doesn't levy any fines for a breach; it only requires breaches be reported. Fix that, and you might fix the problem.
As an example, I work for a health insurance company, and we're currently restructuring our network. As far as I can tell (having been a security guy, in the past), they're not doing anything to actually prevent a breach. It only gives them the ability to point fingers and track down the culprit, after the fact. I'm pretty sure many of the changes will actually make a breach more likely, so Windows 10's telemetry is the least of their concerns.