It's important to keep in mind that Amazon's HIPAA whitepaper is horribly out-of-date in light of the new Omnibus rules that were passed earlier this year:
The new regulations require you to sign a BAA with Amazon if you are storing PHI on their servers.
Having gone through the process of building a "HIPAA-compliant" product, I wouldn't underestimate the extra work that HIPAA requires. The encryption requirements really limit the third parties you can work with, so you often have to end up building a lot of your own infrastructure and software.
http://www.hhs.gov/ocr/privacy/hipaa/administrative/omnibus/...
The new regulations require you to sign a BAA with Amazon if you are storing PHI on their servers.
Having gone through the process of building a "HIPAA-compliant" product, I wouldn't underestimate the extra work that HIPAA requires. The encryption requirements really limit the third parties you can work with, so you often have to end up building a lot of your own infrastructure and software.