Ohio Rev. Code Ann. § 3965.01
As used in this chapter:
(N) "Multifactor authentication" means authentication through verification of at least two of the following types of authentication factors:
(O) "Nonpublic information" means information that is not publicly available information and is one of the following:
(2) Information concerning a consumer that because of the name, number, personal mark, or other identifier contained in the information can be used to identify that consumer in combination with any one or more of the following data elements:
(3) Any information or data, except age or gender, that is in any form or medium created by or derived from a health care provider or a consumer, that can be used to identify a particular consumer, and that relates to any of the following:
(P) "Publicly available information" means any information that a licensee has a reasonable basis to believe is lawfully made available to the general public from federal, state, or local government records; widely distributed media; or disclosures to the general public that are required to be made by federal, state, or local law. For the purposes of this chapter, a licensee has a reasonable basis to believe that information is lawfully made available to the general public if the licensee has taken steps to determine both of the following:
(R) "Third-party service provider" means a person other than a licensee that: