Is this on the roadmap yet? You may find that everything in the stack is now an eligible service
https://aws.amazon.com/compliance/hipaa-eligible-services-reference/. Seems silly to not try and support healthcare customers considering that's one of the major industries where R is used.
The security protocols you already have in place are probably fine, and you wouldn't have to worry about the integrity requirements since it's supposed to be ephemeral environments anyway. I just need a BAA and VPN support please.