Hilliard, Joel (10230) Welcome to Microsoft Q & A Community Forum. When you attempt to assign the HIPAA/HITRUST Initiative to your resource group, you are prompted for the certificate thumbprints because the initiative includes policies that require a certificate-based authentication for certain Azure services. The certificate thumbprints are used to authenticate the policies that require this type of authentication.
As part of compliance controls within HIPAA initiative, protocols used to communicate between all involved parties are secured using cryptographic techniques(ex: SSL, certificate). "Audit Windows machines that do not contain the specified certificates in Trusted Root" policy definition which is part of HIPAA initiative audits whether if the machine Trusted Root certificate store (Cert:\LocalMachine\Root) contains one or more of the certificates listed by the policy parameter to verify the compliance of machines.
For more information on policy definition, refer this link.