AI Consulting in Baltimore

Yes. Any build that touches protected health information — patient records, research datasets with PHI, Epic integrations — gets scoped with a Business Associate Agreement in place before a single credential changes hands. We route those workloads through model endpoints with zero-retention, no-training contractual terms (Anthropic Enterprise, Azure OpenAI, or comparable) so PHI never enters a training pipeline. For JHU-affiliated academic medical center teams, we also account for IRB data-use agreements: the data flows we build stay within the boundaries defined in the IRB protocol, and we document those flows in a format your IRB coordinator can review. REDCap and Epic integrations run through official APIs with scoped service accounts — no scraping, no admin-level credentials sitting in a config file. If your team is operating under a federal grant with additional data-handling requirements (NIH DMS policy, for instance), we flag those constraints during the audit before any build scope is written.

We build the workflow and document automation layer — we don't replace the physical access control infrastructure TWIC governs. What we can do: automate the documentation that surrounds port operations. That means structured intake for carrier and driver credentialing records, demurrage tracking against vessel schedules, customs entry document assembly from broker data, and freight broker communication workflows that create audit trails instead of email threads. For operators pursuing ISO 28000 supply chain security certification or maintaining it through annual surveillance audits, we can build document control workflows that keep your security management system records current without a manual assembly cycle before every audit. We scope these builds after the $99 audit maps your existing system connectors — EDI feeds, TMS integrations, carrier portal credentials — so we know what we're actually connecting to before quoting.

For private-sector clients in Baltimore, Maryland procurement rules don't apply. For organizations contracting with Maryland state agencies — MDOT, DHMH, or similar — procurement channels and vendor registration requirements shape how an engagement gets structured. We're not a registered Maryland state vendor, so for state agency work we typically operate through a prime contractor that holds the vehicle. For local government and quasi-public entities (like port authority adjacent work), the structure depends on contract threshold and the agency's purchasing policy. During the audit we'll surface whether your use case has procurement implications and tell you plainly what path makes sense — we don't chase government contract vehicles we're not already on.

APL is a federally funded research and development center that handles ITAR-controlled technical data. We don't hold ITAR registration and don't build systems that process, store, or transmit ITAR-controlled information. If your team has APL project involvement that touches controlled technical data, that work is outside our scope — full stop. What we can do is build automation for the uncontrolled administrative side of a research operation: grant reporting workflows, travel and expense routing, IRB correspondence management, and internal knowledge bases that explicitly exclude controlled technical content. If you're unsure where the ITAR boundary sits in your operation, that's a question for your export control officer before you engage any outside vendor, including us.

The compliance document cycle for registered investment advisors — Form ADV annual amendments, Form CRS updates, SEC examination response packages — follows a predictable calendar but gets built by hand every time. We scope builds that pull from your existing CRM, portfolio management system, and prior filing data to pre-populate the structured sections of those documents, flag fields where data has changed year-over-year, and route the draft to your CCO for review instead of starting from a blank template. For exam response packages, the same logic applies: build a structured intake for exam requests, pull relevant policies and procedures from your document management system, and assemble a first-pass response package the CCO reviews rather than authors. We don't provide legal or compliance advice — we build the document workflow. Your compliance counsel signs off on substance. Maryland Insurance Administration filings for dual-registrants follow the same pattern.