Basic Plan User Manual
Covers the core record flow, sealing steps, exports, and verification for the Basic plan.
Collect. Document. CryptoSeal. Check.
TestLedger™ Documentation Platform gives HR and compliance teams one place to document non-DOT workplace drug testing workflows, complete a record through the CryptoSeal Engine, and later check supported exports against the state recorded at completion. CryptoSeal is TestLedger’s change-detection system: it creates a unique fingerprint for each completed record so later comparison can assess whether the supported export still matches the recorded state.
✓Every completed record receives a SHA-256 fingerprint through the CryptoSeal Engine. If supported export data changes after completion, the fingerprint changes too.
✓Record checks focus on consistency with the state recorded at completion while limiting unnecessary identifier exposure in supported workflows.
✓Each step is recorded in order with timestamps, making later internal handling and documentation review easier to follow.
✓Supported exports from completed records can be checked later to assess whether they still match the original state recorded at completion.
Platform scope: TestLedger records and seals workplace testing documentation for later internal handling and supported export comparison. Not a laboratory, MRO, or employer decision-maker.
Secured by CryptoSeal
SHA-256 Reference State
Cryptographic Consistency
Completed Record
Reference State Saved
DNR-2026-0094
Record components
01
Authorization
Bound
02
Donor Identity
Protected
03
Specimen Collection
Bound
04
Test Result
Bound
05
Employer Decision
Bound
06
Evidence & Files
4 attached
SHA-256 Fingerprint
d4e8b2c7 93af41ce 7b90dd24
9c5d8e2a 1f6b3e85 c2d94a71
9c5d8e2a 1f6b3e85 c2d94a71
✓ Reference State Saved
Timestamped
CRYPTOSEAL READY
See the platform in action
A two-minute overview of TestLedger
Structured, change-detectable documentation for non-DOT workplace drug testing programs.
Non-DOT workplace drug testing documentation platform | testledger.io
How the record comes together
TestLedger organizes the workflow so every step lands in one controlled record.
TestLedger keeps the chronology, supporting materials, and final recorded state in one place. Instead of reconstructing paperwork after the fact, teams document the workflow as it happens and prepare a cleaner record for later handling and comparison.
01 - Capture
Chronology recorded in order
Authorization, consent, collection, results, and recorded actions are entered into one system-recorded timeline instead of being scattered across formats.
02 - Attach
Professional tier
Supporting documentation stays with the record
Lab reports, chain-of-custody materials, photographs, and other documentation are linked to the same record instead of being scattered across inboxes and folders.
03 - Complete Record
CryptoSeal state recorded at completion
When the record is complete, the CryptoSeal Engine records a server timestamp and generates a unique fingerprint. Any later change to supported export data produces a different fingerprint, making the difference detectable.
04 - Compare
Later comparison starts from one organized record
Supported exports from completed records can be checked later. The record check indicates whether the supported export still matches the state recorded at completion.
Why This Matters
When documentation is revisited,
paper records and spreadsheets
cannot show whether they changed after the fact.
Employers face audits, disputes, and record requests. When documentation is revisited later, the question is not only what was recorded, but whether the documentation still matches what was originally sealed. Paper files and spreadsheets do not answer that question well.
Why Employers Document Early
Chronology gaps, missing chain-of-custody details, and late record assembly can increase audit friction and documentation risk. TestLedger gives organizations a way to capture each step as it happens, so the record is already structured when questions arise later.
$75K – $200K
Published estimates of employer costs when workplace drug testing records are subject to formal scrutiny or dispute handling.
4.6% – 5.7%
Published share of U.S. workplace drug tests reported as positive in recent years, based on millions of employer tests annually
Sources: Novian Law (2025) and Quest Diagnostics Drug Testing Index news release (May 15, 2024). Figures represent published ranges and workforce positivity snapshots; individual outcomes vary.
The Documentation Risks Employers Face Today
Where paper records and spreadsheets break down
When records are revisited later, the problem is rarely just missing paperwork. It is whether the documentation is complete, consistent, and traceable across people, locations, and time.
Documentation Risk During Later Handling
When a workplace drug testing record is revisited later, organizations need documentation showing when the record was created, who handled it, and whether the chain of custody was preserved. Paper forms often contain unverified signatures, missing timestamps, or inconsistent collector notes that weaken later documentation handling.
High Documentation RiskNo Mechanism to Detect Whether Records Have Been Altered
Spreadsheets and basic HRIS modules store test results, but offer no cryptographic evidence that data has not been modified after the fact. In an audit or formal review, there is no mechanism to demonstrate whether a record was backdated, edited, or selectively deleted.
High Record-Change RiskState-by-State Documentation Variance
Cannabis legalization across 24+ states has created a patchwork of employer obligations. Organizations operating in multiple jurisdictions need documentation that reflects the specific rules, test panels, and consent requirements of each jurisdiction.
Jurisdictional Documentation RiskInconsistent Multi-Site Documentation
Companies with distributed workforces rely on different collectors, clinics, and internal procedures across locations. Without a consistent process across locations, documentation quality varies site to site, creating documentation gaps that surface during audits or record requests.
Audit Risk
Workflow
Collect. Document. CryptoSeal. Check.
Turn every workplace drug testing event into a completed record designed for documentation-sensitive workflows. TestLedger tracks completion status, timestamp consistency, and change detection without validating the underlying record content.
- Every finalized record receives a SHA-256 state recorded at completion
- Designed to limit identifier exposure in supported comparison workflows
- Structured for consistent documentation handling across locations
- Full audit export in under 60 seconds
Secured by CryptoSeal
SHA-256 Reference State
Cryptographic Consistency
Powered by the CryptoSeal™ Engine
Record completion and record check workflow
01
Collect samples and data
›
02
Document structured records
›
03
CryptoSeal reference state saved
›
04
Check for cryptographic consistency
›
One record. Everything inside.
Every document, every file, one reference-state package.
A single Professional Tier TestLedger record can bind over 80 structured fields, evidence files, chain-of-custody documents, photos, and video into one completed record protected by the CryptoSeal Engine.
TestLedger™ Documentation Platform
STANDBY
Source
Processed
0 / 8
Powered by
CryptoSeal™ Engine
Reference-State and Consistency Workflow
REFERENCE-STATE PACKAGE
CryptoSeal Record Check Portal
When a record is shared for internal handling, audit preparation, or authorized external review, the receiving party can check a supported export against the state recorded at completion.
Check Record
testledger.io/verify
Real-World Scenarios
When documentation is requested, what do you produce?
Two situations every drug testing program faces. The difference between a record captured to a sealed reference state and a scattered one is whether the documentation was structured, timestamped, and cryptographically sealed at the time of the event.
Scenario 01
Pre-Employment Screening Documentation Scenario
A candidate's offer was rescinded after a positive result. Three months later, the employer had to assemble all documentation related to the testing event, including records showing whether key entries were created at the time of testing rather than assembled later.
Typical employer documentation
- No exact date on the test , only "Nov 2025"
- Consent box checked, no signed form on file
- No specimen ID or chain-of-custody record
- No easy way to assess whether the record changed after the documentation request
Later Documentation Note
"No mechanism showed when this record was created or whether it remained unchanged after the testing event."
TestLedger reference-state record
- Exact consent timestamp: 2025-11-14 10:02 PST
- Digital consent attestation with operator ID
- Specimen ID and collection time recorded
- SHA-256 reference-state hash and timestamp were recorded the same day; later comparison detected no post-seal changes to the exported record
Comparison Note
The exported record still matched its reference-state hash 92 days after the original CryptoSeal event.
The reference-state record showed when the documented workflow was recorded, and the exported copy still matched the reference-state hash during later comparison.
92days later, still matched
Scenario 02
Multi-Site Insurance Audit
An insurance carrier reviewed the company's drug-free workplace program across four locations while assessing eligibility for a workers' compensation premium discount. The reviewer requested 12 months of records from all sites. Inconsistent formats, missing fields, or timestamps that could not be reliably compared would put that discount at risk.
Typical employer documentation
- Dallas: paper photocopies , name, date, result only
- Denver: Excel spreadsheet , partial fields
- Phoenix: email to HR , no standardized form
- Portland: Google Form , link expired, records unrecoverable
Documentation Note
"Four sites, four formats, no tamper evidence. Program does not meet documentation standards for premium discount."
TestLedger sealed record
- 158 records across 4 sites , identical format, every field complete
- Every record SHA-256 sealed with operator ID and timestamp
- Full 12-month export delivered in under 60 seconds
- Hash-based consistency comparison available for exported records
Standardization Note
Records from every location arrived in the same structure with timestamped fields and comparable sealed exports.
The team was able to assemble one consistent export set instead of reconciling four different documentation formats by hand.
158records, one standard
Pricing
Choose the workflow that fits your testing program.
Basic gives you structured documentation with a sealed reference state for routine workplace testing. Professional adds worker identity protection, evidence attachments, team administration, and workflows designed for organizations that handle sensitive health information.
Basic
$99 /month
Structured drug test documentation for routine employer testing programs. Records receive a SHA-256 sealed reference state and can be independently compared against that reference state.
- Structured record forms covering authorization, consent, collection, and results
- Donor code workflow for routine, non-identified testing documentation
- Operator ID, timestamps, and result fields recorded in every sealed record
- Export, search, and reporting across your sealed record history
- Up to 3 users and 500 records per month
Professional
$199 /month
For organizations that need worker identity in the record, evidence file attachments, and team-based workflows. Designed for programs that handle sensitive health information, with access controls that activate after a signed Business Associate Agreement (BAA) is in place.
- Everything in the Basic tier
- Worker identity fields (name, DOB) protected by cryptographic hashing
- Chain-of-custody tracking, confirmatory review, and recorded employer action fields
- Evidence file attachments (PDFs, photos, video) stored with per-file tamper detection
- Sealed record consistency review portal for supported export checks
- Administrative dashboard and multi-location support
- Up to 10 users and 2,000 records per month
- Identity and evidence workflows require BAA activation before use
No credit card required. Both plans include a 14-day free trial with preview workflows. Trial accounts can explore the full interface but do not create production sealed records, cryptographically consistent exports, or evidence uploads. A subscription is required to begin production sealing.
TestLedger provides documentation controls, consistency review workflows, and access restrictions, but your organization remains responsible for determining whether submitted data is PHI or ePHI and for meeting applicable privacy-law requirements, including any required Business Associate Agreement (BAA).
These features do not represent legal certification or guarantee outcomes in any proceeding. TestLedger does not act as a laboratory, medical review officer, employer decision-maker, counsel, or regulatory authority.
Frequently Asked Questions
What employers ask before they start.
Basic records are typically completed more quickly because the workflow is intentionally narrower and de-identified. Professional records with fuller chain-of-custody documentation, confirmatory review, and post-BAA evidence packaging take longer depending on the complexity of the testing event. Once sealed, the record receives a cryptographic hash that can be used to detect whether the exported record data changed after sealing.
When a record is sealed, TestLedger computes a SHA-256 cryptographic hash over supported exported record data and associated seal metadata. If exported record data changes after sealing, a later consistency comparison will no longer match, making the change detectable. This is the same hashing standard widely used in banking and digital-signature workflows. CryptoSeal is a cryptographic sealing workflow; it is not blockchain or decentralized verification technology.
Those platforms are useful for storage, but storage is not the same as consistency review. TestLedger adds cryptographic sealing, evidence hashing, sealed manifests, tamper detection, and consistency workflows so your organization can later assess whether a supported export still matches its recorded reference state. Cloud storage keeps files. TestLedger supports consistency review of those files and records against their recorded reference state.
The trial is a 14-day evaluation environment with no credit card required. It is intended to let you compare the Basic and Professional workflows before purchase using preview-only drafts and seal previews. Trial does not create production sealed records, cryptographically consistent exports, evidence uploads, BAA activation, or PHI-capable processing. When the trial expires, evaluation access ends until you subscribe and move into a production plan.
Yes. TestLedger is vendor-neutral and fits alongside your current collection sites, laboratories, MRO workflows, and internal HR or compliance processes. Your team records the testing event and supporting documentation in TestLedger after results are received. The platform does not currently require a lab integration or force you to replace your existing providers.
Your HR team, compliance officer, or designated employer representative. TestLedger is not a lab system. It is the employer's documentation layer. After your organization receives source information from a laboratory, collection site, instant test kit, or MRO review, the designated person records the testing event in TestLedger based on that source documentation, including authorization, donor identification, consent, collection details, results, any recorded employer action, and any supporting evidence. TestLedger records what the organization enters. It does not independently verify the accuracy or completeness of submitted information.
Sealed records are treated as finalized reference-state records after sealing. The platform does not provide an edit function for the sealed version of a record. If a correction is needed, a superseding record can be created that references the original. Record retention and deletion remain subject to account lifecycle and applicable retention policies, and sealing does not by itself make a record legally indisputable.
TestLedger's comparison workflow checks a supported exported record against its sealed reference state and reports whether the reviewed export still matches. The result addresses sealed-state consistency only; it does not establish the accuracy, legality, admissibility, or evidentiary weight of the underlying content.
Yes. The Professional plan supports up to 10 users across multiple locations with role-based access controls and an administrative dashboard. Every location uses the same standardized form and sealing workflow, reducing the documentation inconsistencies that arise when different sites use different paper forms or spreadsheet templates.
TestLedger is built to keep records scoped to the customer workspace, limit access through role and administrator controls, and preserve a seal-status trail around sealed records and exports. The platform is designed to reduce unnecessary exposure, but customers still control who enters data, what content is uploaded, who receives exported files, and whether a particular disclosure is lawful. The CryptoSeal comparison portal is possession-based: only someone who already has a supported exported record file can check whether it still matches its sealed reference state.
TestLedger uses different protection layers for different parts of the workflow. All sealed records use SHA-256 tamper-detection hashing so post-seal changes can be detected. Supported protected workflows may use HMAC-SHA-256 to replace direct donor identity in the export with a keyed reference value. Selected narrative fields may be encrypted with AES-256-GCM in supported workflows. These protections support controlled handling and sealed-state comparison; they do not by themselves determine lawful access, confidentiality rights, regulatory compliance, or evidentiary outcomes.
TestLedger provides access controls and protected-field workflows intended to reduce unnecessary exposure of sensitive records. Trial is evaluation-only, Basic is intended for de-identified non-PHI workflows, and Professional is the only currently PHI-capable tier. Professional workflows involving uploads or PHI-sensitive content are not enabled unless an executed Business Associate Agreement and the customer's own controls are in place before that data is submitted. TestLedger does not determine whether submitted content is PHI or ePHI and does not certify HIPAA compliance.
Evidence uploads and file attachments are not available in the Basic plan. Basic records seal as de-identified record artifacts without evidence attachments. If your workflow requires supporting documentation such as laboratory reports, chain-of-custody forms, or photographs, use the Professional workflow, which includes the evidence vault and attachment capabilities after the required controls are in place.
When a test result flags THC, the workflow includes four additional documentation fields: the employee's primary work state, the THC legal status in that state at the time of testing, whether the position is classified as safety-sensitive, and the source of that classification. These fields are sealed into the record alongside the test result, creating a time-linked record of the jurisdictional context the employer documented in its own workflow. This documentation does not constitute legal analysis and does not determine whether the employer's actions were lawful. This feature does not determine legality or guarantee compliance.
No. TestLedger does not conduct laboratory testing, perform MRO review, or provide clinical interpretation of results. It provides documentation infrastructure only. The platform records and seals the documentation surrounding a test; it does not perform, evaluate, or certify the test itself.
No. TestLedger is designed for non-DOT employer drug testing programs. If your organization conducts DOT-regulated testing under 49 CFR Part 40, the Federal CCF remains the required legal document of record. TestLedger may be used as supplemental documentation alongside the CCF, but it does not replace it.
No. Admissibility is determined by applicable law, evidentiary standards, and the specific circumstances of each case. TestLedger provides documentation features for record handling, sealing, and supported export comparison, but those features do not guarantee legal sufficiency, admissibility, or regulatory compliance. The platform does not provide legal, regulatory, or compliance advice.
Without TestLedger vs. With TestLedger
HR should not have to rebuild a test record under pressure.
On the left is the common scramble when documentation is scattered. On the right is the TestLedger version: one organized record with a sealed reference state assembled for later handling and comparison.
Immediate HR Problem
A documentation request arrives, but the record is scattered.
Before HR can answer the question, someone has to hunt through tabs, notes, attachments, and handoff details to rebuild the file.
4+
places to check before a response can begin
Consent timestamp
Need to locate
Collector details
Need to confirm
Specimen reference
Need to match
Supporting files
Need to gather
The response starts with reconstruction instead of a ready record.
Before
After
After
TestLedger Solution
Open one organized reference-state record.
TestLedger keeps all workflow steps, timestamps, recorded actions, and attached files together in one structured record that can be revisited and compared later.
Organized reference-state record
Pre-Employment Drug Test
Reference state saved
All key workflow steps together
Authorization, donor, consent, collection, result, decision, and CryptoSeal status in one organized record.
Evidence stays linked to the record
Photos, documents, and supporting files remain attached to the same record instead of living in separate inboxes or folders.
Timeline is preserved
Collected timestamps and record details stay in one place for faster internal handling.
Sealed-state match can be checked
The sealed record can be exported and later checked for consistency with its sealed state without rebuilding the file.
HR can open one record and export one package without rebuilding the file first.
Documentation
Download the current user guides.
Use the illustrated guides for team onboarding and training. Both guides track the current workflow and reference the active TestLedger interface.
Professional Plan User Manual
Covers identity-linked records, evidence attachments, team management, and verification for the Professional plan.
Start Your Trial.
Begin a 14-day evaluation with no credit card required. Explore the complete workflow in a preview-only environment.