Given the sensitivity of data handled over Citrix connections (pretty much all hospitals), I'm fairly sure Microsoft just doesn't want the headaches. My general experience is that service providers would rather be seen handling nuclear weapons data than healthcare data.
As someone who is VP of IT in healthcare, I can understand that sentiment. At least fewer people need access to nuclear secrets, while medical records are simultaneously highly confidential AND needed by many people. It's never dull. :D
