It looks like you don’t have to it is just a good idea to because by including the key in the hash it shows that the data was indeed encrypted with the original key – almost indefinitely. Obviously your example above would work, but I would say you can’t be 100% certain that the message wasn’t intelligently manipulated, or brute force trial-and-errored, to produce a decrypt on the other side that appears correct but doesn’t trigger a hash check failure.

An HMAC function is used by the message sender to produce a value (the MAC) that is formed by condensing the secret key and the message input. The MAC is typically sent to the message receiver along with the message. The receiver computes the MAC on the received message using the same key and HMAC function as was used by the sender, and compares the result computed with the received MAC. If the two values match, the message has been correctly received, and the receiver is assured that the sender is a member of the community of users that share the key.

FIPS PUB 198
FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION
“The Keyed-Hash Message Authentication Code (HMAC)”

Using the above method means you have an extra check for safety. After you decrypt the message you then append the original key to the message and run your hashing function. You then compare the new hash with the one sent. This is a better check because you know that the attacker would have to know the key (or be extremely lucky) in order to generate something that passed the hash check. It’s basically an attempt to try and avoid those attackers that might know hashing functions very well, and limit what alterations they can make.