privacy policy

Effective Date: May 25, 2025

Spectra Support Services LLC (“Spectra,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, and protect information submitted through spectrapa.com.

This Privacy Policy applies to information collected through our website. If you become a client or receive services from Spectra, additional privacy rights and protections may apply, including protections under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

Spectra’s HIPAA privacy practices are described in our separate HIPAA Notice of Privacy Practices, which explains how Protected Health Information (“PHI”) may be used, disclosed, protected, accessed, and corrected.

Spectra Support Services LLC provides therapy and social services to individuals, families, and organizations.

Mailing Address:
Spectra Support Services LLC
390 Reed Rd, FL 1
Broomall, PA 19008

Privacy Contact:
Patricia Gonzalez
privacy@spectrapa.com

We may collect information that you choose to submit through our website, including through interest forms, contact forms, job applications, and event sign-up forms.

This information may include:

• Name 
• Email address 
• Phone number 
• Service interest 
• Message content 
• Previous job titles 
• Resume or application materials 
• Event registration information 
• Information related to a therapy, mental health, or social service request 

We do not collect payment information through the website.

Some website forms may allow you to submit information related to therapy, mental health, social services, or service needs. Please submit only the information needed for Spectra to understand your request and contact you.

If you become a Spectra service user or client, your Protected Health Information may be subject to HIPAA and Spectra’s HIPAA Notice of Privacy Practices. Spectra’s internal HIPAA policy states that Spectra maintains HIPAA compliance, limits access to Service User information to those involved in providing services or who otherwise need access, and safeguards electronic and paper records. 

We use Google Analytics, cookies, and Google Ads to help us understand website activity, improve our website, and market Spectra’s services.

Google Ads is used for general advertising only. Spectra does not sell personal information or share it for targeted advertising by third parties.

These tools may collect website usage information, such as pages visited, browser type, device information, referral source, and general interaction data. Spectra does not use this information to personally identify website visitors.

You can control or disable cookies through your browser settings. Some parts of the website may not work as intended if cookies are disabled.

Spectra may use information collected through the website to:

• Respond to inquiries 
• Connect individuals, families, or organizations with services 
• Review service interest 
• Process job applications 
• Manage event sign-ups 
• Improve the website 
• Understand how to better market Spectra’s services 
• Maintain website security and operations 

Spectra does not currently send marketing newsletters or promotional email campaigns.

Spectra does not sell personal information.

Spectra does not share personal information with outside partners, affiliates, or advertisers for their own use.

We may use service providers that help operate our website and business systems, including GoDaddy and Google Workspace. These providers may process information only as needed to provide services to Spectra.

We may also disclose information if required by law, legal process, court order, subpoena, safety obligation, reporting obligation, or to protect the rights, safety, or security of Spectra, our clients, website users, or others.

Our website may include third-party content or links, such as YouTube videos and Google Maps. These third parties may collect information according to their own privacy policies. Spectra is not responsible for the privacy practices of third-party websites or services.

Spectra generally keeps website inquiries, contact form submissions, and related website information for one year, unless a longer period is needed for legal, operational, employment, service-related, clinical, or compliance reasons.

Access to submitted website information is limited to appropriate Spectra personnel, including the intake coordinator, COO, and CEO.

Spectra uses reasonable administrative, technical, and organizational safeguards to protect information submitted through the website. However, no website, email system, or online transmission is completely secure. Please avoid submitting highly sensitive information through the website unless necessary.

Spectra provides services that may involve children and families. However, our website is not intended for unsupervised use by children under 13.

If a parent or guardian believes that a child under 13 submitted personal information through the website without appropriate permission, please contact us at privacy@spectrapa.com so we can review and delete the information if appropriate.

COPPA applies to operators of websites or online services directed to children under 13, or those with actual knowledge that they are collecting personal information online from children under 13. 

You may contact Spectra to request that we:

• Provide access to personal information you submitted through the website 
• Correct inaccurate information 
• Delete information, when legally permitted 
• Stop using information for certain purposes 

To make a privacy request, contact:

Patricia Gonzalez
privacy@spectrapa.com

We may need to verify your identity before completing a request.

If you are a Spectra client or service user, you may have additional rights regarding your Protected Health Information. These may include rights to access, request corrections to, and request limits on certain uses or disclosures of your PHI, subject to applicable law.

Spectra’s HIPAA Notice of Privacy Practices provides more information about these rights and how to contact Spectra’s Privacy Officer.

If you are located in the European Union or United Kingdom, you may have additional privacy rights under applicable data protection laws. These may include the right to request access, correction, deletion, restriction, objection, or portability of your personal information. The European Data Protection Board maintains guidance and materials related to data subject rights. 

Spectra processes website information to respond to inquiries, provide requested information, evaluate service or employment interest, operate the website, and improve outreach. Where required, Spectra relies on appropriate legal bases such as consent, legitimate interests, legal obligations, or steps taken at your request.

To exercise privacy rights, contact privacy@spectrapa.com.

Spectra may update this Privacy Policy from time to time. Updates will be posted on this page with a new effective date.

For questions about this Privacy Policy, HIPAA privacy practices, or privacy requests, contact:

Spectra Support Services LLC
390 Reed Rd, FL 1
Broomall, PA 19008
Privacy Officer: Patricia Gonzalez
Email: privacy@spectrapa.com

,how, within that, in thewithThethatincluding AnnualensureAnnualensureLLC'srecords,,,the User's,ectra Support Services, LLC maintains compliance with all regulations under the federal Health Insurance Portability and Accountability Act (HIPAA). While delivering its services and programs, Spectra Support Services, LLC collects personal information from its Service Users. This personal information is known as Protected Health Information (PHI) and is defined as any information that could be used on its own, or with other information, to establish the identity of a Service User, the Service User’s service provider or the Service User’s substitute decision maker. Personal information also includes any other information about a Service User including information that is contained in a Service User record and is subject to the federal Health Insurance Portability and Accountability Act (HIPAA) regulations.

Spectra Support Services, LLC collects, uses and shares Service User’s PHI for the following purposes:

• Providing quality programs and services to Service Users.
• For obtaining reimbursement from third parties including private insurance and public programs.
• Providing information to other people or organizations with Service User consent (for example, making a referral for service).
• Contacting Service Users to remind them of appointments or evaluate Spectra Support Services, LLC service and work.
• Reviewing Service User records to ensure high quality of service and documentation.

Spectra Support Services, LLC may also collect, use and share a Service User’s PHI with consent or as permitted or required by law. Spectra Support Services, LLC is committed to protecting the privacy of its Service Users and ensuring that:

• The personal information it receives from Service Users is kept safe, secure, confidential, accurate and up to date.
• Service Users understand why their personal information is collected by Spectra Support Services, LLC as affirmed by their receipt of the Notice of Privacy Practices and their signed acknowledgement thereof.
• Spectra Support Services, LLC obtains Service User consent before collecting, using, sharing or releasing Service User information, except as set out in this policy or permitted or required by law.
• Only the personal information necessary for the purposes listed above is collected from Service Users, unless otherwise consented to by the Service User or permitted or required by law.
• Access to Service User information is limited to the Spectra Support Services, LLC staff, students, and volunteers involved in delivering services to Service Users.
• Any external agents to whom Spectra Support Services, LLC releases information have a need to know and only use and disclose Service User information for the purposes for which it was originally provided, and the Service User consented.
• Service Users can withdraw their consent at any time to the collection, use and disclosure of their personal information. In this case, Service Users should be informed by staff about possible repercussions on third-party reimbursement that requires this information for payment.
• Service Users have access to their record. 
• Complaints about Spectra Support Services, LLC privacy policies and procedures are handled efficiently and effectively.
• All legal and regulatory requirements regarding Service User information are met and maintained.

All staff must receive a HIPAA compliance training during their 30-day orientation period. This training shall be documented and kept with the employee's permanent employment record. During the all-staff a

nnual training, HIPAA compliance training will be provided and documented to assure staff are acting in compliance with the regulations.

Electronic Medical Record (EMR)

Spectra Support Services, LLC utilizes electronic medical records (EMR) with a web-based software program that ensures HIPAA compliance, 

This policy applies to all Spectra Support Services, LLC staff and Service Users. For mental health services, any individual over the age of 18 who does not have a court-appointed guardian may consent to their own service. Consent for Service Users under the age of 14 and those with court-appointed guardians over 18 years of age must be obtained from the Service User’s legal guardian. For those between ages 14-18, either the Service User/client or the legal guardian must consent. Both, may consent, but only one consent is required.

• Obtaining Consent

• As Spectra Support Services, LLC services often involve collaboration and consultation among staff, Spectra Support Services, LLC staff will discuss the following with new Service Users:
• the nature and extent of that their personal information will be shared in consultation and  collaboration in the Spectra Support Services, LLC program or service  which the new Service User is accessing. 
• the purposes for which Spectra  Support Services, LLC collects, uses and shares personal information, as listed above.
• Service User’s rights and responsibilities including rights related to keeping Service User’s personal information private will be reviewed with all new Service Users       at their first appointment following intake.
• Service Users will be asked to  use a form indicating that the organization’s privacy policies have been  discussed and that the Service User consents to the collection use and  sharing of personal information for the purposes listed in this policy.
• The signed forms will be maintained by the program (e.g., in the Service User’s paper record,       electronically recorded centrally within the web-bases software). A note  will be made in the Service User’s electronic record that the form has       been signed.
• In cases where it is not  possible or practicable to obtain the Service User’s written       acknowledgment (e.g., telephone only service), verbal acknowledgment that the organization’s privacy practices have been explained to, and accepted       by, the Service User will be recorded in an activity note in the Service       User’s record.
• Consent will be that of the individual and must be knowledgeable, relate to the personal information, and not be obtained through deception or coercion. A consent to the collection, use, or sharing of personal health information about an individual is knowledgeable if it is reasonable in the circumstances to believe that the individual knows (a) the purposes of the collection,  use, and/or disclosure, as the case may be; and (b) that the individual may give or withhold consent.
• If staff are concerned that a  Service User does not have the capacity to consent to the collection, use, and disclosure of the person’s personal information, staff should: consider whether the Service User understands the decision they are being asked to make, question whether the person understands the reasonably foreseeable consequences of the decision or lack of decision, and consult with their supervisor.
• Service User Withholding, Limiting, or Withdrawing Consent
  • Service Users have the right to stipulate who will have access to their PHI. This means that they can withhold, limit, or withdraw their consent to the collection, use or disclosure of personal information. The request may cover all or a specific part of a Service User’s record. When this happens, staff will implement the following “lockbox” procedure.
  • Electronic records: The Spectra  Support Services, LLC staff receiving the Service User’s request to withhold, limit or withdraw their consent will: record the verbal instructions by the Service User in an activity note in the Service User’s electronic record, scan any written instructions by the Service User into the Service User’s electronic record, notify the Director that the Service User’s instructions and the staff person will limit access to the electronic record in compliance with the Service User’s request (e.g., closing access to the record; limiting access to the individuals specified by the Service User to be allowed access).
  • Paper records: If the Service User also has a paper record: the Service User’s record (either in whole or in part depending on the Service User’s instructions) to which access is to be limited will be placed inside an envelope that will be sealed       with the instructions from the Service User stapled to the outside of the record, if the Service User’s request is to withdraw consent, the record  will be safeguarded by Spectra Support Services, LLC Privacy Officer (Patricia Gonzalez, LPC). If the Service User’s request is to withhold or  limit consent, the supervisor responsible for the program will determine how best to comply with the Service User’s request.
  • In cases where the withholding,  limiting or withdrawal of consent will limit or prevent Spectra Support Services, LLC from continuing to deliver services, staff will discuss with the Service User the consequences of their withholding, limiting or withdrawal of consent.
• Disclosure without Consent, Including Responding to Summons/Subpoenas/Court Orders and Requests from Police
  • Spectra Support Services, LLC will not disclose the personal information of Service Users without their consent, except where: it is believed the Service User or someone else is in imminent danger of serious physical harm (see Duty to Warn policy #B-8), a child under the age of 18 is at risk of or has been abused or neglected (see Child Abuse Reporting and Documentation policy), Spectra       Support Services, LLC is subpoenaed or is otherwise served with a court order, summons, warrant or a similar requirement issued by a person who has jurisdiction to compel the production of information in a proceeding.  Spectra will continue to obtain consent from the Service User, when applicable, before making disclosures. Staff is required to immediately notify the executive director and not release any information until the executive director reviews the case and decides whether to release it, or as otherwise permitted or required by law.
  • If a Spectra Support Services, LLC staff member, student, or volunteer is served with a warrant, summons, subpoena, order, or similar requirement issued in a proceeding, the individual must immediately notify their supervisor, who will provide advice and direction on how to respond. Spectra Support Services, LLC staff should follow the same procedure in response to requests from police officers for Service User information.
  • In general, where an order, summons, warrant, subpoena or other requirement to produce documents has been served on Spectra Support Services, LLC, Spectra Support Services, LLC will: make every attempt to respond in a way that is respectful of the order or other requirement, while at the same time taking steps to preserve the Service User's right to confidentiality, make an exact copy of the record to remain at Spectra Support Services, LLC and deliver the documents to the court or other proceeding in a sealed enveloped marked    “private and confidential”, where Spectra Support Services, LLC discloses personal information without the Service User’s consent, the Service User will be notified of such disclosure as soon as reasonable, practical,  safe and/or legally possible under the circumstances. 
• Release of Information with Service User Consent

o Subject to Section E, PHI, whether all or part of a Service User record, will not be released to third parties without the written consent of the Service User or the Service User’s substitute decision maker, where applicable. Service Users are required to complete the Spectra Support Services, LLC Authorization to Request or Release Information Form, depending on the nature of the request. Consents provided on these forms are valid for either 1) the period necessary to complete all transactions on accounts related to services provided to the Service User, 2) one year, 3) a period specified by the Service User, or 4) until the time when the Service User limits or withdraws in advance of that date. Spectra Support Services, LLC may disclose a Service User’s personal information, provided that the disclosure, to the best of Spectra Support Services, LLC's knowledge, is for a lawful purpose.

• Release of Information to Third Parties
  • Spectra Support Services, LLC will not release a report from a third party contained in a Service User record without the written consent of the third party. The Service User will be encouraged to directly contact the third party to obtain a       release of the report. 
  • In exceptional circumstances, where written consent is not possible, the oral consent of the Service User to the release of personal information will be accepted and will be recorded in the Service User’s record.
  • In response to requests to release information to third parties, the Spectra Support Services, LLC service provider will ensure that the Service User understands the  purpose for which the information is being released and to whom the information is being released. The agency service provider will also explain that Spectra Support Services, LLC cannot guarantee the confidentiality of the information once it has been released.
• Obtaining Service User Protected Health Information from Third Parties
  • Spectra Support Services, LLC must obtain consent from the Service User prior to obtaining a copy of any PHI from an outside individual and/or agency. 
  • The Service User may authorize a Spectra employee to release or obtain PHI by completing Spectra’s “PHI Authorization Form” (See Appendix J). This form identifies the entity, contact information, and authorizes the types of disclosures the Spectra employee may release or obtain.
  • Permission to review a  third-party’s client record does not extend beyond viewing this documentation. Additional PHI authorizations are required when the       Spectra employee seeks to obtain a copy of the third party’s record. Once the proper authorizations are obtained, the third party will provide the Spectra employee with a copy of the requested information. 
  • To obtain a copy of a Service User’s PHI from a third party, the Spectra employee is required to initiate a request by 1) following Spectra Support Services, LLC's policy to obtain PHI information, which may include having the Service User complete the “PHI Authorization Form” and 2) following the third-party’s policy and procedure for obtaining PHI information. 
  • The Spectra employee will protect Service User’s PHI by engaging in the following: Spectra employee will only store Service User’s PHI on Spectra’s electronic devices,       secured storage cabinets, secured equipment, secure computer systems and secured Wi-Fi, the Spectra employee may not store Service User’s PHI or likeness on any personal electronic devices which includes texts, e-mail communications, and taking of photographs or videos, the Spectra employee may store User’s PHI on Spectra’s web-based (HIPAA compliant) Google  E-mail and Drive as long as the employee uses secured Wi-Fi. Employees’ use of public Wi-Fi for storing Users’ PHI is prohibited; the Spectra employee will keep all Service User information confidential. At no time may the employee make any reference to their direct interactions with Service Users with others outside the agency or on social media. Merely, withholding the name of the       Service User does not protect confidentiality. The entire story/account is not allowed to be shared verbally or published in any fashion.
• Safeguarding of Service Users’ Personal Information
  • Service User information stored electronically is protected by a password.  Access to the Spectra Support  Services, LLC EMR is limited on a need-to-know basis for added security.
  • Service User information collected in hard copy form is stored in locked cabinets accessible only by the counselors or other Spectra Support Services, LLC staff, or       students providing service to the Service User, and the relevant Directors.
  • Access to Service User information will be limited to those who need to know the information for the purposes set out in the Service User’s consent or as otherwise permitted or required by law.
  • Spectra Support Services, LLC staff will never leave Service User personal information, in paper or electronic form, unattended or exposed to anyone other than the Service User.
  • Spectra Support Services, LLC  will not send Protected Health Information (PHI) to Service Users by e-mail without the Service User’s prior consent. All outgoing PHI documents must be sent encrypted. Staff is to contact the executive director for information on how to send PHI documents to Service Users.
  • Communications between Spectra staff and Service Users are required to occur through the following Spectra Support Services, LLC accounts: TherapyNotes, Spectra’s Google E-mail Account, or Grasshopper Business Phone System. Spectra staff are NOT permitted to text or call Service Users directly from their personal phones. Staff who block their personal phone numbers from Service Users continue to be an unacceptable form of contact. Spectra staff are expected to contact Service Users using the following communication systems: Spectra’s landline, and staff may use their personal phone as long as it meets all of the following requirements: the mobile phone is password protected, staff have uploaded the following HIPAA-compliant applications: 1) Spectra’s Google E-mail, and 2) Spectra’s Grasshopper Business Account. Communication with Service Users through these HIPAA-compliant systems protects Service Users’ PHI, protects employees’ personal information, and promotes Spectra’s ability to monitor for safety.
  • Web-based counseling will use an encrypted website to protect Service Users’ privacy and confidentiality.
  • Spectra Support Services, LLC  requires external agents, such as third-party auditors, to maintain the confidentiality of Service User information and to refrain from using       Service User information for any purpose other than the purposes for which consent was provided by the Service User. Where appropriate and necessary, Spectra Support Services, LLC will obtain the consent of the       Service User to the disclosure of information to external agents. (External  agents are persons or companies with which Spectra Support Services, LLC       has contracts and that may encounter personal information.)
  • When disposal is permitted or required, records containing the Service User's personal information will be disposed of securely.
• Notice to Service Users of Theft, Loss, Unauthorized Access, Use or Disclosure of Personal Information
  • Staff are required to report to their supervisor and to the Spectra Support Services, LLC Privacy Office any theft, loss, unauthorized access, use, or disclosure of personal information of Spectra Support Services, LLC Service Users. 
  • In the event of such theft,   loss, unauthorized access, use or disclosure of personal information of a   Spectra Support Services, LLC Service User, Spectra Support Services, LLC  will notify the Service User as soon as possible.
  • Oral contact with the Service User will be logged in the Service User record and followed up with a letter, which will also be included in the record.
  • In the case of former Service Users, contact will be made orally, if possible, and in writing at the last known address for the Service User recorded in Spectra Support Services, LLC's, database.
• Service User Access to and      Correction of Personal Information
  • Service Users wishing to review their records should contact Spectra Support Services, LLC, the relevant program Director, or the Privacy Officer.
  • Within 30 days of any such request, an appointment will be made for the Service User to review his/her personal information in a confidential manner on Spectra Support Services, LLC premises, in the presence of a Spectra Support Services,       LLC employee, unless Spectra Support Services, LLC is entitled to refuse the request, in which case written notice will be given. Service Users may bring a support person to this appointment if they wish. Up to 60 days may be required in the case of complex searches for records. In exceptional circumstances (e.g., a Service User is unable to come to the Spectra Support Services, LLC office due to health issues), a copy of the record may be sent to the individual with consent.
  • Spectra Support Services, LLC       is required to retain Service User personal information that is the subject of a request for access for as long as necessary to allow the       Service User to exhaust any recourse under the Personal Health       Information Protection Act, 2004 that he or she may have with respect to the request. This may require Spectra Support Services, LLC to maintain the record for longer than the typical Service User record retention period.
  • Service Users who wish an explanation of their records may contact their Spectra Support Services, LLC service provider, the relevant program Director or the Spectra  Support Services, LLC Privacy Officer.
  • Service Users will not be permitted to access third-party records without the third party's consent. In such cases, Spectra Support Services, LLC, the service provider, will direct the Service User to obtain the requested information directly from the third party.
  • Service Users wishing to correct information in their record shall provide the correction in writing to Spectra Support Services, LLC. The written correction will be included in the Service User’s record and, within three weeks of receipt,       Spectra Support Services, LLC will notify the Service User of its response to the correction.
• Appointment of Privacy Officer
  • The Privacy Officer for Spectra  Support Services, LLC is Patricia Gonzalez, LPC, MT-BC.
  • The name and contact information for the Privacy Officer is available in the Service User Rights and Responsibilities Statement and in the Spectra Support  Services, LLC Staff Directory: The duties of the Privacy Officer include: maintaining knowledge of privacy legislation and regulations, ensuring that all staff and volunteers have training on the privacy policy, monitoring employee compliance with Spectra Support Services, LLC privacy policy, responding to privacy-related complaints and concerns, responding to requests for access and correction, responding to inquiries from the public about Spectra Support Services, LLC privacy practices, liaising with other organizations, the public and government, as necessary, on privacy-related issues.
• Inquiries and Complaints
  • Questions, comments or complaints about the Spectra Support Services, LLC privacy policies and procedures or about the collection, use or disclosure of personal information will be directed to the Privacy Officer.
  • The Privacy Officer will follow the procedures set out in the Service User Complaints - Grievance Process Policy #A-11 in responding to, resolving, and recording privacy-related complaints.