What is your software support org doing regarding new HIPAA requirements?

What approaches are other software support organizations using to support customers with private healthcare data, especially with new HIPAA requirements coming? For e.g. are some choosing to just not accept any of this data from customers at all? Or have others put heavy processes/systems/controls in place to ensure that if this data is accepted from a customer, that there is no risk to that data?

I would love to hear what controls other software support orgs have implemented or plan on implementing related to HIPAA requirements.