An interesting thing to note is also that AWS sells pre-rolled HIPAA compatible services in a lot of their offerings. If AWS accidentally peaked into one of these services in an unauthorized manner it'd be a huge legal event and, I suspect that part of them working out that their services are HIPAA compliant involved being extremely transparent on how a number of things around those services operate with some department in the government.

Those servers, at least, should be free from any of the snooping concerns folks have.