The "send search data to an internet endpoint even if it's patently obvious that the search is for local resources" reeks strongly of Ubuntu's Amazon Shopping Lens. Did Mark Shuttleworth switch gears from Canonical to Microsoft when I wasn't looking?
Perhaps pedantic, but that's redundant; HITECH doesn't define breaches separately from HIPAA, it establishes standards for when HIPAA data is "unsecured" and reporting requirements, etc., related to HIPAA breaches.
Of course, this is speculation right now, and perhaps my concerns are unfounded, but I can already imagine some old doctor typing "J. Random Hacker biopsy" into that Start Menu search field in the hopes of finding some document and inadvertently sending the fact that J. Random Hacker had a biopsy to Microsoft and potentially some advertising partners (depending on the nature of such transmissions).