AMENDMENT NO. 1 TO KO EXECUTIVE MEDICAL PLAN, DATED 4-15-03
Published on August 13, 2003
EXHIBIT 10.1
AMENDMENT NUMBER ONE TO
THE EXECUTIVE MEDICAL PLAN OF
THE COCA-COLA COMPANY
THIS AMENDMENT to the Executive Medical Plan of The Coca-Cola Company (the
"Plan") is adopted by the Plan Administrator.
W I T N E S S E T H:
WHEREAS, Section 10 of the Plan provides that the Plan Administrator may
amend the Plan at any time; and
WHEREAS, the Plan Administrator wishes to amend the Plan to address the use
and disclosure of protected health information.
NOW, THEREFORE, the Plan Administrator hereby amends the Plan as follows:
Effective April 14, 2003, the following new Section 12 shall be added:
12. PROTECTED HEALTH INFORMATION
12.1 USE AND DISCLOSURE OF PROTECTED HEALTH INFORMATION.
The Plan will use and disclose protected health information (PHI) for
purposes related to the treatment through, payment for, and operation of health
care functions. The Plan will disclose PHI to the Company only after receipt of
proper confirmation from the Company that the Plan document has been amended to
incorporate the following provisions and/or conditions relating to the use and
disclosure of PHI.
(a) Payment for health care functions includes those activities undertaken
by or performed on behalf of the Plan to obtain premiums or to determine or
fulfill its responsibility for coverage and provision of benefits under the
Plan with respect to an individual to whom health care services are
provided. Activities that constitute payment activities include, but are
not limited to, the following activities:
1. Determination of eligibility or coverage (including the determination
of cost sharing amounts);
2. Coordination of benefits;
3. Adjudication or subrogation of health benefit claims;
4. Risk adjusting amounts due based upon enrollee health status and
demographic characteristics;
5. Billing, claims management, collection activities, obtaining payment
under a contract for reinsurance (including stop-loss insurance and
excess of loss insurance), and related health care data processing;
6. Review of health care services with respect to medical necessity,
coverage under a health plan, appropriateness of care, or
justification of charges;
7. Utilization review activities, including precertification and
preauthorization of services, concurrent and retrospective review of
services; and
8. Disclosure to consumer reporting agencies of any of the following
health information relating to collection of premiums or
reimbursement:
(i) Name and address;
(ii) Date of birth;
(iii) Social Security Number;
(iv) Payment history;
(v) Account number; and
(vi) Name and address of the health care provider and/or health plan.
(b) Health Care Operations include, but are not limited to, the following
activities:
1. Conducting quality assessment and improvement activities, including
outcomes evaluation and development of clinical guidelines (provided
that the obtainment of generalizable knowledge is not the primary
purpose of any studies resulting from such activities);
2. Population-based activities relating to the improving health or
reducing health care costs, protocol development, case management and
care coordination, and contacting of health care providers and
patients with information about treatment alternatives (and related
functions that do not include treatment);
3. Reviewing the competence or qualifications of health care
professionals, evaluating practitioner and provider performance,
health plan performance, conducting training programs for students,
trainees, or practitioners in areas of health care, and training of
non-health care professionals;
4. Accreditation, certification, licensing, or credentialing activities;
5. Underwriting, premium rating, and other activities relating to the
creation, renewal or replacement of a contract of health insurance or
health benefits, and ceding, securing, or placing a contract for
reinsurance of risk relating to claims for health care (including
stop-loss insurance and excess of loss insurance);
6. Conducting or arranging for medical review, legal services, and
auditing functions (including fraud and abuse detection and compliance
programs);
7. Business planning and development, such as conducting cost-management
and planning-related analyses related to managing and operating the
Plan, including formulary development and administration, development
or improvement of methods of payment or coverage policies;
8. Business management and general administrative activities of the Plan,
including (but not limited to):
(i) Management activities relating to implementation of and
compliance with the requirements of HIPAA's administrative
simplification regulations;
(ii) Customer service, including the provision of data analyses for
policy holders or other customers (provided that protected health
information is not disclosed to such policy holder or customer);
(iii) Resolution of internal grievances;
(iv) Due diligence in connection with the sale or transfer of assets
to a potential successor in interest (if the potential successor
in interest is a covered entity under HIPAA or will become a
covered entity following the sale or transfer); and
(v) Creating de-identified health information, fundraising for the
benefit of the covered entity, and marketing for which an
individual authorization is not required.
12.2 USE AND DISCLOSURE OF PHI AS REQUIRED BY LAW OR AS PERMITTED BY
AUTHORIZATION OF THE PARTICIPANT OR BENEFICIARY. With authorization, the Plan
will disclose PHI to the other plans sponsored by the Company for purposes
related to administration of these plans.
12.3 CONDITIONS RELATING TO THE USE AND DISCLOSURE OF PHI BY THE COMPANY
THE COMPANY AGREE TO THE FOLLOWING CONDITIONS RELATING TO THE USE AND DISCLOSURE
OF PHI:
(a) The Company will not use or further disclose PHI other than as
permitted or required by the Plan document or required by law;
(b) The Company will ensure that any agents, including subcontractors, to
whom it provides PHI received from the Plan agree to the same
restrictions and conditions that apply to the Company with respect to
such PHI;
(c) The Company will not use or disclose PHI for employment-related
actions or decisions or in connection with any other benefit or
employee benefit plan of the Company (unless authorized to do so by
the individual);
(d) The Company will report to the Plan any use or disclosure of PHI that
is inconsistent with the uses or disclosures provided for in the Plan
document of which the Company becomes aware;
(e) The Company will make PHI available to the individual in accordance
with the access requirements of HIPAA;
(f) The Company will make PHI available to the individual for amendment
and incorporate any amendments to PHI in accordance the amendment
requirements of HIPAA;
(g) The Company will make available such information as is required to
provide an accounting of disclosures in accordance with the
requirements of HIPAA;
(h) The Company will make its internal practices, books, and records
relating to the use and disclosure of PHI received from the Plan
available to the Secretary of Health and Human Services for purposes
of determining compliance by the Plan with the requirements of HIPAA;
(i) The Company will, if feasible, return or destroy all PHI received from
the Plan that the Company still maintains in any form and retain no
copies of such PHI when no longer needed for the purpose for which the
disclosure was made. Where such return or destruction is not feasible,
the Company will limit further uses or disclosures to those purposes
that make the return or destruction of the PHI infeasible.
12.4 ESTABLISHMENT AND MAINTENANCE OF ADEQUATE SEPARATION BETWEEN THE
COMPANY. In accordance with the requirements of HIPAA, only the following
employees/classes of employees will be given access to PHI to be disclosed:
Barbara Gilbreath Sharon Ray Leah Thomason
Jill Welch Angela Green Cheryl Lee
Inga Vaystikh Smith Ann Kroboth Sandy Lewis
Lisa Bremmer Porcha Cook Lisa Taylor
The persons described above will only have access to and use PHI for
purposes of Plan administration functions that the Company performs for the
Plan.
12.5 NONCOMPLIANCE BY PLAN ADMINISTRATIVE PERSONNEL: In the event that the
employee/ class of employees described in subsection 12.4 above fail to comply
with the terms of the Plan document, the Company shall provide an effective
mechanism for the resolution of any such noncompliance issues, to include
disciplinary measures.
IN WITNESS WHEREOF, the Plan Administrator has adopted this Amendment on
the date shown below, but effective as of the dates indicated above.
Plan Administrator
By: /s/ Barbara S. Gilbreath
---------------------------------
Date 4/15/03
---------------------------------