John, good question.
I have not heard of a VSaaS provider making that claim (of course there may be some out there). I checked online specifically for Axis AVHS (since they are one of the oldest) but found no matches for HIPAA.
Question to all: How does one certify one's surveillance system as HIPAA conformant / compliant?
That is a good question. I have contemplated switching to cloud services myself. This link might offer some help.
"Does cloud based video storage violate any HIPAA compliance laws?"
I don't know nearly as much about HIPAA as PCI or NIST, et al., but from what I understand HIPAA would be looking for information assurance for any data related to patient privacy no matter where it's stored. That is, if you stored video of patients on a DVR in your hospital you'd need to be able to show the video data was secure (as per HIPAA guidelines). Likewise if you shoved that data to cloud storage or engaged a VSaaS provider you'd need to provide assurance the data was secure in transit and at rest with them as well.
Since cloud based storage is a service, you'd need to work with the service provider to achieve HIPAA conformance.
Ironically, a lot of the data security standards say things about the use of video to keep data secure (i.e, you need to have video of your data storage servers and secure areas), but say little if anything about the secure storage of that video itself. In and around HIPAA I think you'd have to consider images of patients as being private, and would want to limit how much video of patients you actually generate in order to lessen your liabilty there.
Hospitals of any size tend to have high camera counts, probably making them poor applications for VSaaS anyway. VsaaS could potentially be used at smaller medical offices and clinics, but most of these have so many other HIPAA non-compliance issues that the vulnerability of video surveillance data would be far from the top of the list. (Remember those medical records stored on open shelves that you saw the last time that you visited your doctor?)
Not saying that precautions shouldn't be taken, but in reality, this is probably a non-issue.