More concretely, the mobile phone number gets encrypted before sending them to the mobile network operator. The mobile network operator then computes the heat map.
Through the use of homomorphic encryption, this computation can be done without decrypting the mobile phone numbers of the patients. The result is an encrypted CoronaHeatMap. The health authority owns the only key able to decrypt the map.