I can think of a couple of ways of doing this but they all boil down to (more or less) the same thing:
Have a Lambda function running on the private subnet to do the health check (that you already have); and then use a VPC Endpoint for another AWS service to send the results out from that Lambda function. You could use SNS or SQS (both of which could trigger another Lambda function directly); or you could use CloudWatch Synthetics.
Note that the VPC endpoint does introduce additional cost (but then, so does NAT Gateway) but it restricts the access from the private subnet to the service that you've created the endpoint for. You can also use an endpoint policy to further restrict access if you like.
Problem on Application load balancer with rule: Health check only responds on the default ruleasked 2 months ago
How Instances in Private subnet can connect to Internet with NAT InstanceAccepted Answerasked 4 months ago
Application LB Health Check CLIasked a year ago
Do health check requests coming from the ELB cost money?Accepted Answerasked 4 months ago
Public ALB - NAT Gatewayasked 3 years ago
Elastic BeanStalk shows unhealthy; health check not workingasked 5 months ago
TCP health check with NLBasked 8 months ago
How can EC2 Instance in Private Subnet communicate with Gmail SMTP without NAT Gateway on firewall applied environment?asked a month ago
How to check application's health api in private ec2 with No NAT Gateway.Accepted Answerasked 9 days ago
EC2 instance in private subnet shows IPv4 address of NAT instanceasked 3 years ago