Not necessarily. AWS doesn't sign Business Associate Agreements, as required by HIPAA/HITECH for any healthcare payers/providers who want to use their services today, and for any Health IT companies who want to use them starting in September (per the new Omnibus Rule announced in March).

AWS and Rackspace have both hinted that they are considering becoming BAA compliant, but they aren't today. Azure (Enterprise) and pricier services like Firehost are.

It is possible that you could make a legal case for storing encrypted patient data on S3, but this is still a gray area, especially when some states (like Mass.) have enhanced patient privacy laws that trump federal laws. And before anyone replies, note that it's a LEGAL question of possession of data, not a technical one about encryption algorithms. We have very expensive HIPAA attorneys who do understand how encryption works but are still undecided on this.