Disclaimer: I am not a lawyer and I second Josh Berke's comment.
Six months is generally what I've heard discussed as a minimum, but when it comes to HIPAA compliance there is no such thing as being too safe. If there's no technical limitation, retain audit trails for as long as you can.