EX-10.2 4 a2153908zex-10_2.htm EXHIBIT 10.2
QuickLinks -- Click here to rapidly navigate through this document


Exhibit 10.2

SCOTT'S LIQUID GOLD & AFFILIATED COMPANIES
EMPLOYEE BENEFIT HEALTH AND WELFARE PLAN
AMENDMENT #1-2004

        Effective April 14, 2004 Scott's Liquid Gold & Affiliated Companies Employee Benefit Health and Welfare Plan is hereby amended.

1)
Table of Contents page, a section entitled HIPAA Privacy Information is hereby ADDED.

2)
The following definitions are hereby ADDED to the Definitions section beginning on page 66.

    "Covered Entity" means (1) health plans; (2) health care clearinghouses; and (3) health care providers that conduct certain types of transactions in electronic form in relation to HIPAA's administrative simplification rules.

    "Health Information" means any information, whether oral or recorded in any form or medium, that:

    1.
    is created or received by a health care provider, health plan; public health authority, employer, life insurer, school or university, or health care clearinghouse; and

    2.
    relates to the past, present or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.

    "Health Plan" means any individual or group plan that provides or pays the cost of medical care (as defined in Section 2791 (a)(2)of the PHS Act, 42 U.S.C. § 300gg-91(a)(2).

    "Individually Identifiable Health Information" means a subset of health information, including demographic information collected from an individual, and:

    1.
    is created or received by a health care provider, health plan, employer, or health care clearinghouse; and

    2.
    relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and

    a.
    that identifies the individual; or

    b.
    with respect to which there is a reasonable basis to believe the information can be used to identify the individual.

    "Protected Health Information (PHI)" means individually identifiable health information:

    1.
    Except as provided in paragraph (2) of this definition, that is:

    a.
    transmitted by electronic media;

    b.
    maintained in any media described in the definition of electronic media at 42 CFR § 162.103; or

    c.
    transmitted or maintained in any other form or medium.

    2.
    Protected health information excludes individually identifiable health Information in:

    a.
    education records covered by the Family Educational Rights and Privacy Act, as amended, 20 U.S.C., § 1232g;

1

      b.
      records described at 20 U.S.C. § 1232g(a)(4)(B)(iv); and

      c.
      employment records held by a covered entity in its role as employer.

    "Summary Health Information" means information that summarizes the claims history, claims expenses or the type of claims experienced by individuals in the Plan, but it excludes all identifiers that must be removed for the information to be de-identified, except that it may contain geographic information to the extent that it is aggregated by five-digit zip code.

    "Transaction" means the transmission of information between two parties to carry out financial or administrative activities related to health care.

3)
Page 74, Definitions section, "HIPAA" IS CURRENTLY:

    "HIPAA" means The Health Insurance Portability and Accountability Act of 1996, enacted on August 21, 1996. HIPAA amends the Public Health Service Act (PHS Act), the Employee Retirement Income Security Act of 1974 (ERISA), and the Internal Revenue Code of 1986 (CODE), significantly expanding employee access to health care coverage.

    IS AMENDED TO:

    "HIPAA" means The Health Insurance Portability and Accountability Act of 1996, enacted on August 21, 1996, including Title II, the Administrative Simplification Compliance Act. HIPAA amends the Public Health Service Act (PHS Act), the Employee Retirement Income Security Act of 1974 (ERISA), and the Internal Revenue Code of 1986 (CODE), significantly expanding employee access to health care coverage.

4)
The following section entitled HIPAA Privacy Information is hereby ADDED to the Plan:

HIPAA PRIVACY INFORMATION

    DISCLOSURE OF SUMMARY HEALTH INFORMATION TO THE PLAN SPONSOR

    In accordance with the Privacy Standards, the Plan may disclose summary health information to the Plan Sponsor, if the Plan Sponsor requests the summary health information for the purpose of (a) obtaining premium bids from stop loss carriers, excess loss carriers or managing general underwriters (MGUs) for providing health coverage under this Plan or (b) modifying, amending or terminating the Plan.

    "Summary health information" may be individually identifiable health information and it summarizes the claims history, claims expenses or the type of claims experienced by individuals in the plan, but it excludes all identifiers that must be removed for the information to be de-identified, except that it may contain geographic information to the extent that it is aggregated by five-digit zip code.

    DISCLOSURE OF PROTECTED HEALTH INFORMATION ("PHI") TO THE PLAN SPONSOR FOR PLAN ADMINISTRATION PURPOSES

    In order that the Plan Sponsor may receive and use PHI for Plan Administration purposes, the Plan Sponsor agrees to:

    1.
    Not use or further disclose PHI other than as permitted or required by the Plan Documents or as Required by Law (as defined in the Privacy Standards);

    2.
    Ensure that any agents, including a subcontractor, to whom the Plan Sponsor provides PHI received from the Plan agree to the same restrictions and conditions that apply to the Plan Sponsor with respect to such PHI;

2

    3.
    Not use or disclose PHI for employment-related actions and decisions or in connection with any other benefit or employee benefit plan of the Plan Sponsor, except pursuant to an authorization which meets the requirements of the Privacy Standards;

    4.
    Report to the Plan any PHI use or disclosure that is inconsistent with the uses or disclosures provided for of which the Plan Sponsor becomes aware;

    5.
    Make available PHI in accordance with Section "164.524 of the Privacy Standards (45 CFR 164.524);

    6.
    Make available PHI for amendment and incorporate any amendments to PHI in accordance with Section 164.526 of the Privacy Standards (45 CFR 164.526);

    7.
    Make available the information required to provide an accounting of disclosures in accordance with Section 164.528 of the Privacy Standards (45 CFR 164.528);

    8.
    Make its internal practices, books end records relating to the use and disclosure of PHI received from the Plan available to the Secretary of the U.S. Department of Health and Human Services ("HHS"), or any other officer or employee of HHS to whom the authority involved has been delegated, for purposes of determining compliance by the Plan with Part 164, Subpart E, of the Privacy Standards (45 CFR 164.500 etseq);

    9.
    If feasible, return or destroy all PHI received from the Plan that the Plan Sponsor still maintains in any form and retain no copies of such PHI when no longer needed for the purpose for which disclosure was made, except that, if such return or destruction is not feasible, limit further uses and disclosures to those purposes that make the return or destruction of the PHI infeasible; and

    10.
    Ensure that adequate separation between the Plan and the Plan Sponsor, as required in Section "164.504(f)(2)(iii) of the Privacy Standards (45 CFR 164.504(f)(2)(iii)), is established as follows:

    a.
    The following employees, or classes of employees, or other persons under control of the Plan Sponsor, shall be given access to the PHI to be disclosed:

    i.
    The Health Benefit Committee

    ii.
    Chief Financial Officer

    iii.
    Controller

    iv.
    Benefits Manager

    v.
    Health Plan Financial Clerk

    vi.
    Accounts Payable Clerk

    vii.
    Human Resource Manager

    b.
    The access to and use of PHI by the individuals described in subsection 10(a) above shall be restricted to the Plan Administration functions that the Plan Sponsor performs for the Plan.

    c.
    In the event any of the individuals described in subsection 10(a) above do not comply with the provisions of the Plan Documents relating to use and disclosure of PHI, the Plan Administrator shall impose reasonable sanctions as necessary, in its discretion, to ensure that no further non-compliance occurs. Such sanctions shall be imposed progressively (for example, an oral warning, a written warning, time off without pay and termination), if

3

        appropriate, and shall be imposed so that they are commensurate with the severity of the violation.

        "Plan Administration" activities are limited to activities that would meet the definition of payment or health care operations, but do not include functions to modify, amend or terminate the Plan or solicit bids from prospective issuers. "Plan Administration" functions include quality assurance, claims processing, auditing, monitoring and management of carve-out plans, such as prescription drugs. It does not include any employment-related functions or functions in connection with any other benefit or benefit plans.

    The Plan shall disclose PHI to the Plan Sponsor only upon receipt of a certification by the Plan Sponsor that (a) the Plan Documents have been amended to incorporate the above provisions and (b) the Plan Sponsor agrees to comply with such provisions.

    DISCLOSURE OF CERTAIN ENROLLMENT INFORMATION TO THE PLAN SPONSOR

    Pursuant to Section 164.504(f)(1)(iii) of the Privacy Standards (45 CFR 164.504(f)(1)(iii)), the Plan may disclose to the Plan Sponsor information on whether an individual is participating in the Plan or is enrolled in or has disenrolled from coverage under the Plan to the Plan Sponsor.

    DISCLOSURE OF PHI TO OBTAIN STOP-LOSS OR EXCESS LOSS COVERAGE

    The Plan Sponsor hereby authorizes and directs the Plan, through the Plan Administrator or Mountain States Administration Company Inc. to disclose PHI to stop-loss carriers, excess loss carriers or managing general underwriters (MGUs) for underwriting and other purposes in order to obtain and maintain stop-loss or excess loss coverage related to benefit claims under the Plan. Such disclosures shall be made in accordance with the Privacy Standards.

    OTHER DISCLOSURES AND USES OF PHI

    With respect to all other uses and disclosures of PHI, the Plan shall comply with the Privacy Standards.

4)
Page 101, Coordination of Benefits section, Right to Receive or Release Necessary Information IS CURRENTLY:

    RIGHT TO RECEIVE OR RELEASE NECESSARY INFORMATION

    For the purposes of determining the applicability of and implementing the terms of this coordination of benefits provision of this Plan or any provision of similar purpose of any other plan, the Plan may, without consent of or notice to any person, release to or obtain from any insurance company or other organization or person any information, with respect to any person, which the Plan deems to be necessary for such purposes. Any person claiming benefits under this Plan shall furnish to the Plan such information as may be necessary to implement this provision. A covered person, by receipt of benefits under this Plan, agrees to cooperate fully with the Plan and shall provide any information requested by the Plan within five (5) days of request.

    IS AMENDED TO:

    RIGHT TO RECEIVE OR RELEASE NECESSARY INFORMATION

    For the purposes of determining the applicability of and implementing the terms Of this coordination of benefits provision of this Plan or any provision of similar purpose of any other plan, the Plan may, without consent of or notice to any person, release to or obtain from any insurance company or other organization or person any information, with respect to any person, which the Plan deems to be necessary for such purposes. Any person claiming benefits under this Plan shall furnish to the Plan such information as may be necessary to implement this provision. A

4


    covered person, by receipt of benefits under this Plan, agrees to cooperate fully with the Plan and shall provide any information requested by the Plan within five (5) days of request. The release and handling of any Protected Health Information (PHI) and/or Transactions will be administered in compliance with the Plan's HIPAA Privacy information provisions.

REVIEWED AND ACCEPTED:
SCOTT'S LIQUID GOLD-INC.		   /s/  JEFFRY B. JOHNSON      
SIGNATURE

 
 
Jeffry B. Johnson
NAME (please print)

 
 
Chief Financial Officer
TITLE

 
 
6/3/04
DATE

5



QuickLinks