A covered entity's cybersecurity program, as described in Section 3 of this act, reasonably conforms to an industry-recognized cybersecurity framework for purposes of that section if this section is satisfied:
1. The covered entity is subject to the requirements of the laws or regulations listed below, and the cybersecurity program reasonably conforms to the entirety of the current version of both of the following, subject to paragraph 2 of this section:a. the security requirements of the Health Insurance Portability and Accountability Act of 1996, as set forth in 45 CFR Part 164 Subpart C, andb. the Health Information Technology for Economic and Clinical Health Act, as set forth in 45 CFR Part 162; and2. When a framework listed in paragraph 1 of this section is amended, a covered entity whose cybersecurity program reasonably conforms to that framework shall reasonably conform to the amended framework not later than one (1) year after the effective date of the amended framework.Okla. Stat. tit. 18, § 2071
Added by Laws 2023 , c. 84, s. 4, eff. 11/1/2023.