I'm trying to find out how far back a hospital would have to be able to produce audits of activity in patient records, per HIPAA (ie, the number of years). This isn't the same thing as producing an accounting of disclosures, which is what I originial...