AWS HIPAA center is a good start: HIPAA in AWS.
As mentioned on that page:
You can use any AWS service in your HIPAA-compliant applications. However, only the HIPAA-eligible services defined in our BAA can be used to process, store, and transmit personally-identifiable patient data.
Read the two AWS HIPAA FAQs: Part 1 and Part 2. You will also need to understand the shared responsibility model.
EC2, EBS are HIPAA-eligible services. However you need turn on EBS encryption, and run them on dedicated instance. The price tag for that is not small, may be overkill for a single instance/small system.
Regarding your questions:
- Should I need to do a block level encryption of the database storage.
If you run database on EC2 + EBS, then yes; and this is just one click on AWS.
If you use RDS (a managed service) then this is handled for you by AWS.
Note: only MySQL and Oracle are HIPAA-eligible RDS at the time of writing (Sept/2016). However you can run MS SQL Server on your HIPAA-eligible EC2 & EBS.
- Should I need to encrypt sensitive data before storing in the database.
Not really needed. I would say Yes only if you need this as an extra security layer, but it doesn't improve your HIPAA-compliance status.
- Best database software to handle with the encryption
It depends on your specific architecture. If you use encrypted EBS or RDS, then the encryption is already handled for you.
I would suggest to contact AWS support and get a BAA, then do a TCO calculation for entire solution before moving forward.