For secure and trusted data exchange in the healthcare sector

When the electronic patient file is introduced on January 1, 2021, health insurance companies will face the challenge of protecting the sensitive health data of their insured in the best possible way. For cases like these, the Weinheim-based startup comuny offers support: Its Trust Data Operator enables the legally secure verification of the identity of users of digital services. The data is then delivered as a cross-application and cross-process service in the required use case. The two founders Beatrix Reiß and Dr. Dominik Deimel will present their solution at October 6 at the "Insuring Digital Health" program, which brings together 5-HT startups and their innovative digital solutions with insurance companies and health insurance providers. In an interview, Beatrix Reiß and Dominik Deimel explain how comuny enables a trustworthy data exchange between users and companies in the health and insurance sector.

What is the idea of comuny?

Beatrix Reiß: We address companies in the environment of regulated markets, especially health insurance companies and insurance companies, where more and more business processes are becoming digitally accessible. Due to regulatory requirements, these companies are faced with the challenge of providing secure access and legally compliant process handling, while at the same time making customer data available for personalized use. This involves not only the name, e-mail address or cell phone number, but also health data. This requires trustworthy interaction in the digital space, in which personal data is exchanged securely between the players. Through our Trust Data Operator, we deliver verified data as a service to any applications and process steps. Because every business process is different, we automate and simplify the interaction between health insurance companies and their preferred service providers. Our ecosystem approach normalizes the connection to the many solution providers on the market in the context of personal verification (e.g. video identity or selfie identity), policyholder authentication or digital signatures. This makes it easier for health insurers and insurance companies to integrate verified customer data into their processes and use it in a legally compliant manner across different sectors - for example, to access electronic patient files.

As of 2021, all those with statutory health insurance are entitled to receive an electronic patient file (ePA) from their health insurance company. How does comuny help with the technical implementation?

Dominik Deimel: In order for patients to be able to access the electronic patient file fraud-proof via their smartphone, the health insurance company needs the following four pieces of information:

1. it is the right person,
2. are the delivered data genuine,
3. may the data be used and
4. is the data transfer secured and protected?

For example, the health insurance company can use identification documents such as the identity card to ensure that it is really the insured person. It must also check the device binding and authenticate users who are already authorized with a password or biometric data. When health insurance companies work with us for fraud-free digital use of such customer data, they don't have to implement a solution themselves, but can simply integrate our operator into their application. In doing so, they can flexibly configure which data should be collected. We then deliver the finished process and the necessary data at a fixed price, so they no longer have to worry about anything. For the electronic patient file, we are currently already working with BARMER to make the use of the ePA as convenient as possible for their insured. With comuny, the electronic patient file can be accessed completely digitally, without the customer having to insert his health insurance card into a connector, as gematik has envisioned until now. We are currently working towards obtaining confirmation of the security of our procedure from gematik and the German Federal Office for Information Security (BSI).

The topic of health is about sensitive data. How does comuny ensure that personal customer data is protected?

Beatrix Reiß: Precisely because very personal data is involved in the healthcare sector, we are convinced that data exchange should be transparent, conscious and trustworthy. That is why it is central to our Trust Data Model that the user is actively involved in the process and decides for himself to whom his data may be passed on.

Dominik Deimel: Today, customer data is usually exchanged directly between different companies, for example between a service provider who performs the video identification of the person and the health insurance company to which the data is forwarded. In contrast, with us, the data always runs via the user himself. The data set is stored in a safe on his smartphone. From there, he can consciously decide to share the data with his insurance company or its partner companies. In the application, this works very simply. At the beginning, the user is informed that all data is stored in the data safe on his smartphone. Whether he specifically confirms the sharing of the data each time or only once at the beginning depends on the settings.

What are the advantages of using comuny for health insurance companies and other insurance companies?

Dominik Deimel: We enable these companies to obtain customer data at the moment they need it with a cost-effective service without their own implementation. They benefit from high-quality data, more convenience and more security, but also from more options: With comuny, for example, they can log in without a password, multifactor authentication and the comprehensive use of test results. Use cases can be realized digitally step by step with upstream and downstream processes. The specialized processes of our Ecosystem partners, for example in the areas of biometrics or signatures, can be flexibly combined with each other. If requirements or customer wishes change, companies can adapt their process quite easily by adding or exchanging solutions.

In addition, we make customer information usable in the company's digital ecosystem. For example, the data that users have verified for access to their electronic patient files can be made divisible so that they can use it for other services in the context of health insurance - for example, to identify themselves to a doctor, book an electronic prescription or provide monitoring data. It would also be conceivable for customers to pass on their health data to a life insurance provider in order to save themselves the medical report that would otherwise be required to take out a life insurance policy. With comuny, this process could also be completely digital and legally compliant. In this way, comuny promises greater convenience for end customers, as they no longer have to register and authenticate themselves individually for each service. Our integrated as-a-service approach saves effort, time and costs.

How was comuny founded?

Beatrix Reiß: Before the company was founded, we both worked as consultants in the e-health industry. Dominik also has experience as an entrepreneur in the industry. Because we often discussed how the collection, verification and sharing of personal data in the healthcare sector could be better organized, over time the common idea for comuny was born. In April 2018 we officially founded our startup. We are currently expanding the team of our CTO in the development area.

What are the next goals for comuny?

Dominik Deimel: On October 1, the product launch of our Trust Data Operator will take place, which will then be available as a Software Development Kit (SDK) for iOS and Android and can be integrated into any mobile app of a health insurance company or insurance company. This SDK will also be used for the technical integration of our customers' desired solution partners from the comuny Trust Ecosystem. We will also present the first procedures for this on October 1. Thus, self-regulated processes with customer information will become secure, data-supported and customer-friendly. This is our great strength and so far unique in the market. In the future we want to be able to show more and more concretely which extraordinary solution scenarios can be realized via comuny. Currently we are also planning a financing round that will help us decide whether we will remain focused on health insurance companies and insurances or whether we already enter other industries. We see great potential for comuny in many business processes in regulated markets, for example in the banking sector or in the public sector, because fraud-free customer data play a major role here as well as in the health sector.

What do you hope to gain from working with 5-HT?

Beatrix Reiß: We hope to establish contacts in the 5-HT ecosystem with companies that have high standards of data security and want to build sustainable customer relationships based on trust. Since we know how complex this is, the players in the 5-HT environment are highly exciting for us. When it comes to regulatory requirements, we are happy to be available to companies from various industries as an innovative and competent partner. We offer them the concentrated competence of our partners from different industries to enable a new level of innovation to solve regulatory requirements via the connecting system comuny.

Dominik Deimel: In particular, we look forward to participating in the "Insuring Digital Health" program, which the 5-HT Digital Hub is organizing together with EIT Health at October 6. This event is certainly a good opportunity for us to get in touch with other health insurance companies and insurers and to understand which concrete use cases beyond the patient file are currently being planned here. In addition, we are always happy to exchange information with pharmaceutical and chemical companies from the 5-HT network, since the requirements in these industries are basically similar to those of health insurance companies and insurance companies: Here too, there are digital customers and also digital interactions between employees and suppliers or across business units and locations. In principle, comuny can be used in all B2B areas, for example when it comes to checking whether someone is authorized to buy or sell a chemical product via an online store. If there are companies in the 5-HT environment for which the digital utilization of data from customers, employees or partners is a challenge, we are happy to find solutions together.