Let's assume you were on summer holiday in a non-EU country. You had previously taken out five international health insurance policies – purely hypothetically. And you actually needed treatment: nausea, diarrhoea – nothing dramatic, but you still had to pay. Back home, you submitted the bill from your holiday destination to an insurance company digitally. And then to another, and another. Golden diarrhoea – but unfortunately a violation of §78 VVG! However, as insurance companies do not exchange information with each other for data protection reasons, multiple insurance policies were the blind spot in fraud prevention.
How can data synchronisation be achieved in compliance with data protection regulations?
We'll explain it to you, because we developed ICO.Link for this very purpose. ICO.Link consists of a sophisticated combination of cryptographic methods, with hashing as the central component. This generates a unique digital ‘fingerprint’ for each piece of information. This fingerprint is designed in such a way that it can only be used to answer a clearly defined question. The original personal data is not included. Hashing transforms any text or image into an ‘image’ of the original data. And just as a fingerprint does not contain the entire finger and a map does not contain the entire area, the hash value no longer contains the original data. The hash function accepts input of any length and always delivers output of a fixed length, for example 256 characters.
How does hashing work step by step?
1. Input: Standardised input data is important: all data must be in the same format, e.g. a date must always be in the format DD.MM.YY
2. Decomposition: Most modern hash functions divide the input into small blocks (approximately 512 bits each).
3. Processing: Each block is reduced by complex mathematical operations in such a way that different input data results in different hashes. At the same time, the same input always produces the same hash value (determinism).
4. Output: The result is a hash value – a string of seemingly random characters. Even the smallest change to the input data results in a completely different hash (avalanche effect).
5. Uniqueness and one-way: A hash value cannot be traced back to the input data because the original data is no longer contained in it (one-way function).
The hash values are collated on ICO.Link. If two values from different insurers are identical, it is likely that the underlying facts, such as the submitted invoice, are also identical. Incidentally, this is the only legally compliant way to detect such misconduct.
Graphic by ICO-LUX
Mock-up template by Freepik