(a) The security requirements of the “Health Insurance Portability and Accountability Act of 1996,” as set forth in 45 CFR Part 164 Subpart C;

(b) Title V of the “Gramm-Leach-Bliley Act of 1999,” Public Law 106-102, as amended;
(c) The “Federal Information Security Modernization Act of 2014,” Public Law 113-283;
(d) The “Health Information Technology for Economic and Clinical Health Act,” as set forth in 45 CFR part 162.

Then the business has a legal defnse to lawsuits challening the data security practices of the business.

Columbus Business First | Kasich signs bill protecting business that invest in data security 

Huntington News | Bill Launched by Attorney General’s CyberOhio Initiative Signed into Law