Sovereign AI in action: Automation of health insurance input management - A practical report on value, quality, and control

The need for sovereign artificial intelligence in statutory health insurance

Statutory health insurance (SHI) is under enormous pressure. A growing volume of documents, an acute shortage of skilled workers, and increasingly complex regulatory requirements (GDPR, EU AI Act) are pushing traditional paper-based processes to their limits. Input management, namely the processing of incoming documents, has proven to be a particular obstacle. Manual classification and data extraction not only require considerable human resources, but also lead to long throughput times, which limits the scalability and quality of the processes. In view of this, there is a growing desire for smart automation. However, when dealing with sensitive insurance data, it must be ensured that efficiency gains do not compromise data protection, traceability, or control.

This leads to the central question of this article, namely: How can sovereign, trustworthy artificial intelligence (AI) be used to efficiently automate the input management of a statutory health insurance company, ensure regulatory compliance, and at the same time guarantee the long-term technological independence of the health insurance company? In short: How do we stop wasting time and gain control over the technology at the same time?

Materials, methods, and tools: The foundation for trustworthy AI

Digitalization in healthcare requires solutions that are both efficient and compliant with regulations. The project described here for automating digital mail reception was developed as part of a strategic AI partnership between a large North German health insurance company and adesso. The basis for success was a structured, methodologically sound approach that incorporated the exact specifications of the statutory health insurance sector from the outset.

Exploratory and iterative approach

Instead of a big bang approach, the project team opted for an exploratory and iterative approach, which was divided into clearly defined phases. The proof of value (PoV) phase played a key role. First, a potential workshop was held to jointly identify the biggest pain points in the existing process. Based on this, the optimal, fully automated target process for input management was defined. The specific scope of the PoV was then determined, focusing on document types with the highest automation potential. To ensure reliable results, the health insurance company provided real but anonymized data, which is necessary for meaningful tests. Subsequently, the focus shifted to “company flavor fine-tuning,” in which AI models are adapted to the specific linguistic characteristics, format variants, and document structures of the health insurance companies. This model adaptation is crucial for achieving high recognition accuracy in a productive environment. Finally, a comprehensive performance evaluation was carried out, including classification accuracy and extraction precision, as well as ergonomic tests of the user interface. These usability tests ensured that the final solution was not only technically convincing, but also well received by the administrators.

Statutory health insurance companies operate in an environment with particularly high data protection and data security requirements. In particular, the processing of sensitive personal data is classified as “high risk” in the EU AI Act. In order to meet this responsibility, several methodological principles were established in the project. Initially, a comprehensive data governance framework ensured that all GDPR requirements were met. The main focus here was on data quality in order to rule out distortions in the training data and, accordingly, associated error classifications or discrimination. In addition, the project was consistently aligned with strict MLOps principles. These ensure transparency, traceability, and reproducibility in later production operations. This means that the reasons why and how the AI arrives at a particular classification are documented at all times, which is a central aspect of accountability under Art. 5 GDPR.

In addition, a risk management system was introduced in accordance with the requirements of the EU AI Act. This continuous, iterative process serves to systematically identify, assess, and reduce risks and also helps to establish a trustworthy AI system that is regulated beyond its purely technical implementation.

The technological basis for this was the Perceptor AI platform from TamedAI, which was developed specifically for automated document processing. Integration into a multi-cloud environment was a conscious strategic decision to support the health insurance company's technological sovereignty, enable a modular and flexible architecture, and prevent dependence on individual cloud or AI providers.

The solution: an intelligent and fully integrated inbox

The core of the project was to develop a fully automated, AI-supported inbox that integrates seamlessly into the health insurance company's existing system landscape, including the core management system Oscare and the connected peripheral systems. In summary, the goal was to create a solution that intelligently processes all incoming documents, regardless of the channel through which they arrive.

The automated pipeline: precision in three stages

The AI solution developed handles the entire processing of incoming documents and standardizes the entire input process across all channels, regardless of whether the documents arrive by mail, fax, email, or via an upload portal. The first step was preprocessing and standardization. This means that all incoming documents are converted into a uniform digital format to ensure consistent further processing. This is followed by intelligent classification, whereby the AI automatically classifies each document into the appropriate document type in real time. Since a wide variety of documents occur in the statutory health insurance environment, specialized models are used for this purpose, each of which has been trained for specific types of documents, such as certificates of incapacity for work, invoices, or change of address notifications. The final step is precise data extraction. Here, all relevant information, such as insurance numbers, amounts, or invoice data, is reliably read from the documents. A technical architecture designed for very high volumes and high scalability enables flexible adaptation of processing capacities, from several million pages per year to virtually unlimited amounts of data. Even complex and unstructured full texts can be processed automatically.

The front end: The central control center for confident control

A relevant difference to classic automation solutions lies in the specially developed front end, which serves as the central control center for the sovereign control of AI. This forms the basis for the human supervision required by regulations (human-in-the-loop) and enables specialist users to actively intervene in automated processes.

An important element is the integrated validation and escalation. Whenever the AI achieves a confidence value below a defined threshold for a document, or when the content requires legally complex discretionary decisions, the process is automatically forwarded to the relevant department. This means that the front end provides an intuitive user interface through which the proposed classifications and extracted data can be quickly reviewed and corrected if necessary.

Furthermore, the solution promotes the independence of the organization by enabling comprehensive knowledge transfer. Specialist users can not only monitor the platform, but also maintain and develop it independently. This includes, among other things, teaching new document variants and continuously adapting the underlying models. This internal knowledge of model maintenance significantly reduces dependence on external service providers and is therefore also a central component of technological sovereignty. Another advantage of the front end is its complete transparency. It documents step by step how the AI arrives at its decisions, which also creates the necessary traceability for internal audit processes and external supervisory authorities.

Results, experience, and lessons learned: added value through reduced workload and quality

Facts from practice

In practice, the automation of incoming mail led to measurable improvements in both efficiency and quality.

The processing times for mass documents were significantly reduced, enabling faster performance decisions and leading to increased satisfaction among policyholders. In addition, AI achieved a high classification accuracy and dark processing rate of 85% in the prioritized use cases. This noticeably relieved clerks of repetitive tasks such as sorting and manual data entry. The quality of the input data was also significantly improved.

Typical input errors that often occur during manual processing were reduced by automated extraction, which also stabilized downstream processes in the core system.

Key experiences and insights

The project illustrates that technological excellence alone is not enough to realize the full benefits of an AI solution. A solid organizational and regulatory foundation is crucial. The focus here is on governance prior to go-live, but close coordination between IT, specialist departments, data protection, and the legal department is also a key factor for success. It also became clear that regulatory requirements, especially those for high-risk AI systems, must be firmly anchored in the design and PoV stage to prevent them from becoming a problem later on.

Another important point is building trust within the organization. Employees must be involved at an early stage to strengthen acceptance of the new technology. This includes training on how to use the front end and how AI works, which must comply with the requirements of the EU AI Act. Open communication about the role of AI as a support system and not as a replacement for human expertise proved to be essential.

Technological sovereignty proved to be a strategic success factor. The development of its own front end and the training of internal experts to fine-tune the models enable the organization to independently control, maintain, and further develop the AI. This allows it to respond flexibly to new regulatory or business requirements and secure its long-term competitiveness.

Discussion and outlook: The GKV as a blueprint for sovereign AI

The project impressively demonstrates how the balancing act between pressure for efficiency and strict regulation can be achieved in the sensitive environment of the GKV. By implementing a sovereign AI platform that is controlled and maintained internally, the health insurance company ensures compliance with data protection, complete traceability of all decisions, and long-term control over its own technology.

Input management is only the first step. The project serves as a blueprint for building a scalable, sovereign AI ecosystem. The next project phases will focus on identifying and integrating additional complex use cases into the existing platform. Possible applications include the evaluation of automated checks of simple benefit claims and AI-supported assistance with case management and correspondence with insured persons.

In the long term, the health insurance company is positioning itself not only as an efficient but also as a responsible player in the digital transformation. Those who already apply the criteria of the EU AI Act today are creating a strategic competitive advantage and building lasting trust in the technology. Sovereign AI is thus the key to mastering the balance between efficiency, quality, and compliance in statutory health insurance.