Hi Ed. I realize that your post is a little over 6 years old, but figured I'd respond anyway
I'm currently evaluating Tableau's new 'subscription-based' licensing and one of the considerations is whether to move our on-prem (actually running on an EC2 instance in AWS) Tableau Server to have Tableau host it for us. I was researching the PCI/DSS/HIPA compliance of Tableau's hosting and came across your post.
Wondering if you'd be interested in comparing notes on a brief phone call?