There are actually technical requirements for HIPAA compliance (HITRUST or HITECH, or maybe both, idr any more). Essentially no HPI (healthcare information about an individual), unencrypted, in transit, ever. Also, not unencrypted on disk, ever. The idea is that if your network security slips and someone manages to place a traffic snoop somewhere, they still can’t listen in.
It’s almost never a requirement (and very rarely implemented) in mid- to low-risk security situations, and even for HIPAA entitties, encryption in transit is usually implemented with an encrypted layer 3 of some kind. But I could see a fairly simple high-risk app needing the network to contain nothing in plaintext.
Unless you’re Jason Bourne, I doubt you need it for your homelab.