Well, yes you can, you just document the procedure.
I really can't understand the disconnect between setting a policy that you can't have company data on company owned/controlled desktops but can have all that data sitting in a 3rd party system.
And in the future you'll be able to get another free year because AWS was breached and all your health data has been accessible over the internet for god knows how long. Or maybe you won't because it wasn't the hospitals fault, it was Amazon's and you're not their customer. I know I'm looking forward to it.
But whatever, just hope that Amazon does the right thing, it's not like you or your healthcare provider can check up on it.
Ya, just put it on Amazon's servers instead. That's way better.