2004-1 Amend.- Benefit Plan for Outside Directors

EX-10.20 4 k76116exv10w20.txt 2004-1 AMEND.- BENEFIT PLAN FOR OUTSIDE DIRECTORS EXHIBIT 10.20 2004-1 AMENDMENT TO THE STEELCASE BENEFIT PLAN FOR OUTSIDE DIRECTORS (Effective as of March 1, 1999) ------------------------- This 2004-1 Amendment to the STEELCASE BENEFIT PLAN FOR OUTSIDE DIRECTORS ("Plan") is adopted by Steelcase Inc. to be effective as of April 14, 2003, and is required by the privacy rules of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). Pursuant to Section 1.3 of the Plan, Steelcase Inc. amends the Plan as follows: A. A new Article XIII shall be added to the Plan as follows: ARTICLE XIII HIPAA COMPLIANCE 13.1 PERMITTED AND REQUIRED USES AND DISCLOSURE OF PROTECTED HEALTH INFORMATION ("PHI"). Subject to obtaining written certification pursuant to Section 13.3, the Plan may disclose PHI to Steelcase Inc., provided Steelcase Inc. does not use or disclose such PHI except for the following purposes: (a) To perform Plan Administrative Functions which Steelcase Inc. performs for the Plan. (b) Obtaining premium bids from insurance companies or other health plans for providing coverage under or on behalf of the Plan; or (c) Modifying, amending or terminating the Plan. Notwithstanding the provisions of the Plan to the contrary, in no event shall Steelcase Inc. be permitted to use or disclose PHI in a manner that is inconsistent with 45 CFR Section 164.504(f). 13.2 CONDITIONS OF DISCLOSURE. Steelcase Inc. agrees that with respect to any PHI, it shall: (a) Not use or further disclose the PHI other than as permitted or required by the Plan or as required by law. (b) Ensure that any agents, including subcontractors, to whom it provides PHI received from the Plan, agree to the same restrictions and conditions that apply to Steelcase Inc. with respect to PHI. (c) Not use or disclose the PHI for employment-related actions and decisions or in connection with any other benefit or employee benefit plan of Steelcase Inc.. (d) Report to the Plan any use or disclosure of the information that is inconsistent with the uses or disclosures provided for which it becomes aware. (e) Make available to individual Plan participants who request access, the Plan participant's PHI in accordance with 45 CFR Section 164.524. (f) Make available to individual Plan participants who request an amendment, the participant's PHI and incorporate any amendments to the participant's PHI in accordance with 45 CFR Section 164.526. (g) Make available to individual Plan participants who request an accounting of disclosures of the participant's PHI, the information required to provide an accounting of disclosures in accordance with 45 CFR Section 164.528. (h) Make its internal practices, books, and records, relating to the use and disclosures of PHI received from the Plan, available to the Secretary of the U.S. Department of Health and Human Services for purposes of determining compliance by the Plan with the HIPAA privacy rules. (i) If feasible, return or destroy all PHI received from the Plan that Steelcase Inc. still maintains in any form, and retain no copies of such information when no longer needed for the purpose for which the disclosure was made, except that, if such return or destruction is not feasible, limit further uses and disclosures to those purposes that make the return or destruction of the information feasible. -2- (j) Ensure that the adequate separation between Plan and Steelcase Inc., required in 45 CFR Section 164.504(f) (2)(iii), is satisfied and that terms set forth in Section 13.5 are followed. 13.3 CERTIFICATION. The Plan shall disclose PHI to Steelcase Inc. only upon the receipt of a Certification by Steelcase Inc. that the Plan has been amended to incorporate the provisions of 45 CFR Section 164.504(f)(2)(ii), and that Steelcase Inc. agrees to the conditions of disclosure set forth in Section 13.2. 13.4 PERMITTED USES AND DISCLOSURE OF SUMMARY HEALTH INFORMATION. The Plan may disclose Summary Health Information to Steelcase Inc., provided such Summary Health Information is only used by Steelcase Inc. for the purpose of: (a) Obtaining premium bids from health plan providers for providing health coverage under the Plan; or (b) Modifying, amending or terminating the Plan. 13.5 ADEQUATE SEPARATION BETWEEN PLAN AND STEELCASE INC.. (a) The following employees, or classes of employees, shall be given access to PHI: Vice-President of Human Resources Human Resources Director Human Resources Manager Human Resources staff, including employee relations staff and employee services/HRIS staff Director, Compensation and Benefits Director, Benefits and Health Services Benefits Manager Benefits staff Benefit Review Committee Chief Financial Officer Financial staff, including Risk manager and payroll staff Plan auditor Director of Information Services Information Services Manager Information Services staff Medical staff In-house legal counsel In-house legal staff -3- (b) The access to and use of PHI by the individuals described in subsection (a) above shall be restricted to the Plan Administrative Functions that Steelcase Inc. performs for the Plan. (c) In the event any of the individuals described in subsection (a) do not comply with the provisions of the Plan relating to use and disclosure of PHI, the plan administrator shall impose reasonable sanctions as necessary, in its discretion, to ensure that no further non-compliance occurs. Such sanctions shall be imposed progressively (for example, an oral warning, a written warning, time off without pay and termination), if appropriate, and shall be imposed so that they are commensurate with the severity of the violation. 13.6 DISCLOSURE OF CERTAIN ENROLLMENT INFORMATION TO STEELCASE INC.. Pursuant to 45 CFR 164.504(f)(1)(iii), the Plan may disclose to Steelcase Inc. information on whether an individual is participating in the Plan or is enrolled in or has disenrolled from any health insurance issuer or health maintenance organization offered by the Plan. 13.7 DISCLOSURE OF PHI TO OBTAIN STOP-LOSS OR EXCESS LOSS COVERAGE. Steelcase Inc. authorizes and directs the Plan, through the plan administrator, to disclose PHI to stop-loss carriers, excess loss carriers or managing general underwriters (MGUs) for underwriting and other purposes in order to obtain and maintain stop-loss or excess loss coverage related to benefit claims under the Plan. Such disclosures shall be made in accordance with the HIPAA privacy rules. 13.8 OTHER DISCLOSURES AND USES OF PHI. With respect to all other uses and disclosures of PHI, the Plan shall comply with the HIPAA privacy rules. 13.9 DEFINITIONS. For purposes of this Amendment, the following terms shall have the following meanings: (a) "Business Associate" means a person or entity who: (i) performs or assists in performing a Plan function or activity involving the use and disclosure of PHI (including claims processing or administration; data analysis, underwriting, etc.); or (ii) provides legal, accounting, actuarial, consulting, data aggregation, management, accreditation, or financial services, where the per- -4- performance of such services involves giving the service provider access to PHI. (b) "Plan Administrative Functions" mean activities that would meet the definition of payment or health care operations, but do not include functions to modify, amend, or terminate the Plan or solicit bids from prospective issuers. Plan administrative functions include quality assurance, employee assistance, claims processing, auditing, monitoring, and management of carve-out-plans--such as vision and dental. PHI for these purposes may not be used by or between the Plan or business associates of the Plan in a manner inconsistent with the HIPAA privacy rules, absent an authorization from the individual. Plan administrative functions specifically do not include any employment-related functions. (c) "Protected Health Information" or "PHI" means information that is created or received by the Plan, or a business associate of the Plan and relates to the past, present, or future physical or mental health or condition of a participant; the provision of health care to a participant; or the past, present, or future payment for the provision of health care to a participant; and that identifies the participant or for which there is a reasonable basis to believe the information can be used to identify the participant (whether living or deceased). The following components of a participant's information are considered to enable identification: (i) Names; (ii) Street address, city, county, precinct, zip code; (iii) Dates directly related to a participant's receipt of health care treatment, including birth date, health facility admission and discharge date, and date of death; (iv) Telephone numbers, fax numbers and electronic mail addresses; (v) Social Security numbers; (vi) Medical record numbers; (vii) Health plan beneficiary numbers; (viii) Account numbers; (ix) Certificate/license numbers; -5- (x) Vehicle identifiers and serial numbers, including license plate numbers; (xi) Device identifiers and serial numbers; (xii) Web Universal Resource Locators (URLs); (xiii) Biometric identifiers, including finger and voice prints; (xiv) Full face photographic images and any comparable images; and (xv) Any other unique identifying number, characteristic or code. (d) "Summary Health Information" means information that may be individually identifiable health information that: (i) Summarizes the claims history, claims expenses or type of claims experienced by individuals for whom Steelcase Inc. has provided health benefits under a health plan; and (ii) From which the information described at 42 CFR Section 164.514(b)(2)(i) has been deleted, except that the geographic information need only be aggregated to the level of a five-digit zip code. 13.10 HYBRID ENTITY. This Section applies to the extent the Plan provides any non-health benefits such as (but not limited to), disability benefits or group term life insurance benefits. The Plan is a separate legal entity whose business activities include functions covered by the HIPAA privacy rules and non-covered functions. As a result, the Plan is a "Hybrid Entity," as that term is defined in the HIPAA privacy rules. The Plan's covered functions are its health benefits ("health care component"). All other benefits are non-covered functions. Therefore, the Plan hereby designates that it shall only be a covered entity under the HIPAA privacy rules with respect to the health care component (the health benefits) of the Plan. -6- 13.11 PARTICIPANT NOTIFICATION. Participants shall be notified of this Plan Amendment in the notice of privacy practices. B. In all other respects, the Plan shall be unchanged. IN WITNESS OF WHICH, Steelcase Inc. has executed this 2004-1 Amendment to the Plan. STEELCASE INC. Dated: April 3, 2003 By /s/ Nancy W. Hickey ---------------- ------------------------------------------------- Its Sr. Vice President, Global Strategic Resources & Chief Administrative Officer -7-