Why TestLedger How It Works See the Platform Pricing Verify Record Sign In
Defensible documentation for workplace drug testing programs

Cryptographically Sealed
Drug Test Records.

Litigation-Ready Documentation from Day One.

When a drug test result is disputed, the credibility of the documentation determines the outcome. TestLedger™ replaces fragile paper trails with cryptographically sealed records that can be independently verified by auditors, attorneys, and regulators.

$75K – $250K
Avg. employer cost to defend
a wrongful termination claim*
55%
of disputed drug tests
lack verifiable chain of custody*
Tamper-Evident Records
SHA-256 sealed at creation. Any post-seal modification invalidates the record.
Verifiable Chain of Custody
Independently verified through the TestLedger portal by auditors or attorneys.
Cryptographic Audit Trail
Evidence files hashed and preserved with a verifiable integrity manifest.
Start Free Trial See How It Works
No credit card required
14-day free trial
Works with any test kit
Sources: Novian Law (2025), Nakase Law Firm (2024), EEOC Charge Statistics FY2024.
The Documentation Gap

When a result is disputed, paper records and spreadsheets cannot prove they haven't been altered.

Employers face litigation, regulatory audits, and employee disputes. When a positive test is challenged, the question isn't just what the result was , it's whether you can prove the record was never touched after the fact. Paper and spreadsheets can't answer that question.

Litigation Exposure from Disputed Results

When a terminated employee challenges a positive drug test, employers must produce documentation proving unbroken chain of custody. Paper forms often contain unverified signatures, missing timestamps, or inconsistent collector notes that create openings for wrongful termination claims.

No Proof Records Haven't Been Altered

Spreadsheets and basic HRIS modules store test results, but offer no cryptographic evidence that data has not been modified after the fact. In an audit or deposition, there is no mechanism to prove a record was not backdated, edited, or selectively deleted.

State-by-State Regulatory Variance

Cannabis legalization across 24+ states has created a patchwork of employer obligations. Organizations operating in multiple jurisdictions need documentation that captures policy-specific test panels, thresholds, and consent workflows to remain compliant in every state.

Inconsistent Multi-Site Documentation

Companies with distributed workforces rely on different collectors, clinics, and internal procedures across locations. Without a standardized digital workflow, documentation quality varies site to site, creating compliance gaps that surface during audits or legal discovery.

Workers' Comp and Insurance Exposure

Many state drug-free workplace programs offer workers' compensation premium reductions for employers with compliant testing programs. Inadequate documentation can jeopardize these benefits, and incomplete records weaken post-accident claim defenses.

MRO Review Bottlenecks

Medical Review Officers need clear, complete specimen documentation to process non-negative results efficiently. Missing collector information, unclear specimen IDs, or delayed paperwork extends the review cycle, creating liability windows and delayed hiring decisions.

Documentation failures are the number one reason drug test results get overturned.

Not lab errors. Not false positives. Procedural and documentation deficiencies give attorneys the leverage to challenge otherwise valid results, turning a $50 drug test into a six-figure legal exposure.

$2.57B
U.S. Workplace Testing
Market (2024)
Workflow

Collect. Document.
CryptoSeal™. Verify.

Turn every workplace drug testing event into a tamper-evident, independently verifiable record. TestLedger replaces fragile paper trails with structured records verified by auditors, attorneys, and regulators.

  • Every record SHA-256 sealed at the moment of collection
  • PHI protected by design; identity never exposed by verification
  • Structured for FRE 901 authentication requirements
  • Full audit export in under 60 seconds
Secured by CryptoSeal™ SHA-256 Sealed Independently Verified
TestLedger™ Record Integrity Platform
01

Collect

Structured capture establishes the evidentiary record
Collection Form
DNR-2026-0094
Test Type
Pre-Employment
Panel
5-Panel
Collection Timestamp
2026-03-13  09:42:17 PST
Collector ID
COL-0042  •  Badge verified
Donor consent signed & timestamped

Authorized personnel record the test authorization, donor identification, consent, and collection details using a structured digital form. Standardized fields ensure consistent capture and establish the foundation of the evidentiary record.

02

Document

Evidence and supporting documentation are assembled
Evidence Manifest 3 files  •  hashed
lab_report_DNR0094.pdf
a3f8b2c1e7d04f92...
collection_photo_001.jpg
e7c4d9f2a1b83c0e...
mro_review_signed.pdf
b9a1f3e82d057c41...
Manifest fingerprint
f2e9c4b1 a7d03f8e 2c91ff4e...

Test results, MRO reviews, photographs, and supporting documents are attached before sealing. Each file receives an individual SHA-256 hash and is included in the evidence manifest, creating a complete, auditable evidentiary package.

Photos and image files Laboratory reports Supporting documents
03

CryptoSeal™

SHA-256 cryptographic fingerprint generated

The CryptoSeal™ engine generates a SHA-256 cryptographic fingerprint over the canonicalized evidentiary record, including all structured fields, chain-of-custody data, and attached evidence files. Each attachment is individually hashed and included in the evidence manifest. The record hash, operator identity, and timestamp are permanently sealed. Any modification to the record or associated evidence files results in a cryptographic hash mismatch, invalidating the seal.

Form fields Chain-of-custody data Attached evidence files
04

Verify

Independent hash verification confirms record integrity

Authorized parties, including attorneys, auditors, and regulators, can independently verify record integrity with the TestLedger Verification engine. The verification engine compares the current file hash against the original CryptoSeal™ SHA-256 fingerprint, confirming the record remains byte-for-byte identical to the version sealed at the moment of collection.

Customer records remain private and under the custody of the originating organization. TestLedger does not store or access the underlying files and operates solely as a cryptographic verification layer.

Independent Verification for Legal & Compliance Review
When a sealed record is produced in discovery, audit, or regulatory review, the receiving party can independently confirm it has not been altered since the moment of collection. Verification confirms cryptographic integrity only. Protected health information remains under the custody of the originating organization.
Verify a Record
testledger.io/verify
Real-World Scenarios

When documentation is challenged, what do you produce?

Two situations every drug testing program faces. The difference between a defensible record and an exposed one is whether the documentation was structured, timestamped, and cryptographically sealed at the time of the event.

Scenario 01

Pre-Employment Screening Dispute

Candidate's offer was rescinded after a positive result. Three months later, an EEOC charge alleged discriminatory testing practices. During discovery, the employer was ordered to produce all documentation related to the test , including proof that records were created at the time of testing, not assembled after the charge was filed.

Typical employer documentation
  • No exact date on the test , only "Nov 2025"
  • Consent box checked, no signed form on file
  • No specimen ID or chain-of-custody record
  • No way to prove record was not modified after the charge
EEOC Investigator
"No mechanism to verify this record was created at the time of the test or that it has not been modified since."
TestLedger sealed record
  • Exact consent timestamp: 2025-11-14 10:02 PST
  • Digital consent attestation with operator ID
  • Specimen ID and collection time recorded
  • SHA-256 hash sealed same day , proves no modification
Defense Position
Cryptographic hash confirms no modification in the 92 days between sealing and the EEOC filing.
The sealed hash timestamp proved the record predated the charge. 92 days of tamper-proof integrity, documented.
92days of verified integrity
Scenario 02

Multi-Site Insurance Audit

An insurance carrier audited the company's drug-free workplace program across four locations to determine eligibility for a workers' comp premium discount. The auditor requested 12 months of records from all sites. Inconsistent formats, missing fields, or unverifiable timestamps would disqualify the program entirely.

Typical employer documentation
  • Dallas: paper photocopies , name, date, result only
  • Denver: Excel spreadsheet , partial fields
  • Phoenix: email to HR , no standardized form
  • Portland: Google Form , link expired, records unrecoverable
Auditor Finding
"Four sites, four formats, no tamper evidence. Program does not meet documentation standards for premium discount."
TestLedger sealed record
  • 158 records across 4 sites , identical format, every field complete
  • Every record SHA-256 sealed with operator ID and timestamp
  • Full 12-month export delivered in under 60 seconds
  • Independent hash verification available for any record
Auditor Finding
Identical documentation standard at every location. Program meets all requirements for premium discount.
The premium discount was larger than the annual cost of TestLedger across all four sites combined.
158records, one standard
Why It Matters

One record. One workflow. Cryptographically sealed.

The difference between a defensible record and a liability is whether the documentation was structured, timestamped, and cryptographically locked at the time of the event.

Traditional Documentation
  • Fragmented formats across locations , paper, email, spreadsheet
  • No tamper evidence; records can be edited or backdated after the fact
  • Audit assembly takes days; independent verification is not possible
TestLedger™ + CryptoSeal™
  • SHA-256 cryptographic seal on every record , tamper-evident by design
  • Independent verification portal requires no account and exposes no PHI
  • Structured, searchable data exportable in seconds for any audit

One structured record today can prevent
six figures of litigation exposure tomorrow.

Pricing

Documentation that pays for itself.

Purpose-built for workforce drug testing programs. One avoided dispute covers years of protection.

Basic
$99 /month

Essential documentation for employers running straightforward testing programs with standard record-keeping needs.

  • Drug Test Record forms
  • Operator identification and timestamps
  • Test panel and result documentation
  • JSON record export
  • Up to 3 users
Start Free Trial
Professional
$199 /month

SHA-256 cryptographic sealing, chain-of-custody audit trails, and WORM evidence storage for organizations that need dispute-ready records.

  • Everything in Basic
  • SHA-256 cryptographic record sealing
  • Complete chain-of-custody audit trail
  • Possession-based record verification portal
  • S3 tamper-evident record storage
  • Multi-location support, up to 10 users
  • Administrative dashboard
Start Free Trial

Both plans include a free trial period. No credit card required to start.

Frequently Asked Questions

What employers ask before they start.

No. TestLedger does not conduct laboratory testing, perform MRO review, or provide clinical interpretation of results. It provides documentation infrastructure only. The platform records and seals the documentation surrounding a test; it does not perform, evaluate, or certify the test itself.
No. TestLedger is designed for non-DOT employer drug testing programs. If your organization conducts DOT-regulated testing under 49 CFR Part 40, the Federal CCF remains the required legal document of record. TestLedger may be used as supplemental documentation alongside the CCF, but it does not replace it.
A typical Basic record can be completed and sealed in a few minutes. Professional records with full chain-of-custody documentation, THC jurisdictional context, and evidence attachments take longer depending on the complexity of the testing event, but the structured form with dropdowns, checkboxes, and standardized fields is significantly faster than assembling the same documentation on paper. Once sealed, the record is cryptographically locked.
When a record is sealed, TestLedger computes a SHA-256 cryptographic hash over the complete record content, timestamp, and operator identity. If any data in the record is changed after sealing, the hash will no longer match, making the modification detectable. This is the same hashing standard used in banking, digital signatures, and blockchain technology.
Yes. TestLedger is vendor-neutral and works with any drug test kit from any manufacturer, any certified laboratory, and any third-party collection site. Your HR or compliance team enters results received from these providers into the platform. TestLedger does not require integration with lab systems, API connections, or changes to your existing testing workflow.
Sealed records are preserved in an append-only structure within the platform. They cannot be modified or deleted, even by account administrators. If a correction is required, a superseding record is created that references the original, maintaining continuity of documentation.
Verification confirms that a record has not been altered since it was sealed. When your organization exports a sealed record and provides it to an authorized party, that party can upload the file to the TestLedger verification interface. The system recalculates the cryptographic hash and confirms whether the record matches its sealed version. No record content is stored or exposed by the verification process; it requires possession of the exported file, which remains under your organization's control.
TestLedger is designed with PHI-aware architecture. Personally identifiable fields such as donor name and date of birth are available only in the Professional tier and are excluded from the cryptographic record hash for HIPAA isolation. Evidence uploads require a non-PHI attestation or an executed Business Associate Agreement. The platform displays warnings against entering PHI in free-text fields unless a BAA is in place. Organizations are responsible for determining whether their testing program involves PHI under HIPAA and for ensuring appropriate agreements are executed before submitting protected data.
Yes. The Professional plan supports up to 10 users across multiple locations with role-based access controls and an administrative dashboard. Every location uses the same standardized form and sealing workflow, eliminating the documentation inconsistencies that arise when different sites use different paper forms or spreadsheet templates.
Your HR team, compliance officer, or designated employer representative. TestLedger is not a lab system. It is the employer's documentation layer. When your organization receives test results from a laboratory, collection site, instant test kit, or MRO review, the designated person enters the complete testing event into TestLedger's structured form, including authorization, donor identification, consent, collection details, results, employment action, and any supporting evidence.
Yes. Records are controlled entirely by your organization. Sealed records are not publicly accessible, searchable, or visible to other TestLedger users. The verification portal operates on a possession-based model: only someone who already has the exported record file can verify its integrity. No record content is exposed during verification. Professional plan data is stored in isolated, encrypted S3 infrastructure. If your testing program involves PHI under HIPAA, PHI fields are blocked by default and can only be activated after executing a Business Associate Agreement.
When a test result flags THC, TestLedger prompts the operator to document four additional fields: the employee's primary work state, the THC legal status in that state at the time of testing, whether the position is classified as safety-sensitive, and the source of that classification. These fields are sealed into the record alongside the test result, providing documented evidence that the employer considered the jurisdictional legal framework before making an employment decision. This is increasingly critical in states with recreational or medical marijuana protections for employees.
+
No. Admissibility is determined by applicable law, evidentiary standards, and the specific circumstances of each case. TestLedger provides tamper-evident documentation architecture designed to support record integrity, which is substantially stronger than paper forms, spreadsheets, or unverifiable digital records. The platform does not provide legal, regulatory, or compliance advice.
You get full access to the platform with no credit card required. During the trial, records are stored locally in your browser and you can seal up to 10 records to evaluate the complete workflow. When you subscribe, both plans store sealed records in cloud infrastructure. The Professional plan enforces cloud-only storage with no client-side record persistence, which is required for workflows that may involve Protected Health Information. Both plans support JSON record export and independent verification.
The moment that separates prepared employers from exposed ones

When the demand letter arrives,
your response is already prepared.

Every record sealed with TestLedger carries a cryptographic timestamp and tamper-evident hash at the moment of collection. When documentation is demanded, it is already structured, signed, and verifiable.

Harrison & Cole LLP
Employment Litigation & Workplace Rights
1200 Market Street, Suite 1800  |  San Francisco, CA 94105
Tel: (415) 882-4400  |  Fax: (415) 882-4401
Via Certified Mail and Electronic Delivery
June 14, 2026
Human Resources Director
Acme Industrial Services, Inc.
RE: Preservation of Records and Demand for Production
Former Employee: Daniel Martinez  •  Matter No. HC-2026-0391
Dear Sir or Madam:

Our firm represents Mr. Daniel Martinez regarding his termination from Acme Industrial Services on May 22, 2026. Mr. Martinez disputes the basis for his termination and has retained counsel to pursue claims for wrongful termination and violations of applicable employment statutes.

This letter serves as formal notice that Acme Industrial Services must immediately preserve all records relating to Mr. Martinez's employment and drug testing history, including but not limited to:

  • Chain-of-custody documentation for all testing events
  • Laboratory reports and confirmed test results
  • Collector identification and timestamp records
  • Consent forms and authorization records
  • All electronic records related to the testing event
Failure to preserve these materials may constitute spoliation of evidence and may result in sanctions, adverse inference instructions, or other remedies imposed by the court. Please provide the requested documentation within ten (10) business days of receipt of this letter.
Sincerely,
Margaret Cole
Margaret Cole
Partner, Harrison & Cole LLP
LEGAL DEMAND
YOUR
RESPONSE
Record Verified Intact
Sealed
2025-11-14  10:02:47 UTC
Operator ID
Collector #C-4471  •  Badge verified
Specimen ID
SPM-20251114-8823
Consent
Digital attestation  •  10:01:53 UTC
SHA-256
d4e8b2c7a1f3…9c5d8e2a
Tamper-evident integrity
112 days — hash unchanged
Full evidence package exportable in < 5 seconds
Consent form & timestamp
Chain-of-custody record
Collector ID & operator log
Cryptographic proof of no modification

Start Your Trial Now.

Free trial, no credit card, no commitment. Evaluate the complete workflow on your own terms.

Start Free Trial Verify a Record