You are part of an AI team at a healthcare company tasked with implementing a sensitive machine learning model that handles patient data on AWS. Given the critical nature of the data and regulatory requirements, which option best ensures the security and compliance of your machine learning solution?