Jeff,
There are a few different ways to do this. HSRP sends it's updates via multicast IP addess 224.0.0.2
Therefore, you should be able to drop all traffic to that address from any interface or vlan via an access-list or vlan-map, depending on where you configure it.
For example, if you were using a vlan-map on a 3550/3560, you'd do the following:
ip access-list extended HSRP
permit ip host 224.0.0.2 any
deny ip any any
vlan access-map HSRP-Map 10
action drop
match ip address HSRP
vlan filter HSRP-Map vlan-list 100
The vlan map matches the traffic in the access-list, in this particular secenario, it is permitting 224.0.0.2 to be dropped. In addition, it is denying everything else from being dropped. This only pertains to traffic in vlan 100, which is listed in the vlan-filter.
It seems kind of backwards at first, but once you do it a few times, it'll make sense.
If you wanted to restrict HSRP at the router, just add 'deny ip any host 224.0.0.2' to your access-list on the appropriate interface.
I'm pretty sure this should work. Give it a try and let me know!