It's not necessarily a BAD idea, but I've personally never heard of it. You may find issue with licensing, though. For example: If they use an open-source library, can they really escrow that? I'm not sure it matters, but there are likely some lawyers who would disagree... I would also make sure that any developer documentation is a part of the escrow.
(On a side note: We work with healthcare companies, law firms, software development startups, etc... on cybersecurity. If you're interested in the conversation around HIPAA and software engineering, shoot me a message).