It should not be a surprise to anyone that HITECH audits are back.  The only thing, if anything, that I find peculiar is that a few of the audits I have seen this year are going back to an attestation period dating back to the year 2012. Worst part about this is that at the time a lot of the information provided to the Providers was erroneous which now may result in these same Providers not meeting Meaningful Use criteria.  One of the key misconceptions was to believe that a certified EHR covered all the requirements of Meaningful Use. Another misconception was to assume that data won’t change or get corrupted with the years. I hate to write this but the only way to make sure your data is correct and available for an audit is to print a copy of the information used at the time of the attestation.  Some of the key documents I recommend to keep as part of the attestation include bur are not limited to: 1. Copy of your contract with the Electronic Health Record company to include copies of invoices and payments. 2. Copies of the reports where you obtained the data.  If the report doesn’t have the name of the EHR and the version print copies of your screens and you create these reports. 3. Copy of your HIPAA Security Risk Assessment and the Security Management Plan. 4. Copies of documentation indicating actions taken as part of your HIPAA Security program. 5. Patient lists used to complete your attestation. In short, make sure that you have proof of every single item you are attesting to.  Also, keep this documentation for at least six years.  Ideally I will advice against taking chances and creating a book of evidence for every attestation year to protect yourself.  Of course, if you have questions make sure to contact an expert to assist you with these actions.