Why TestLedger How It Works See the Platform Pricing Verify Record Sign In
Sealed Record Platform for Workforce Drug Testing

A disputed drug test costs $125,000 to defend. Make sure your records aren't the reason you lose.

Structured. Timestamped. Tamper-Evident. TestLedger™ creates cryptographically sealed records designed to support defensible documentation practices for HR directors, compliance officers, and corporate counsel.

$75K – $250K
Avg. cost to defend
an employment lawsuit
67,448
EEOC charges filed
in 2024
Start Free Trial See How It Works
No credit card required
Data stored locally in trial
Works with any test kit
Sources: Novian Law (2025), Nakase Law Firm (2024), EEOC Charge Statistics FY2024.
Why Structured Documentation Matters

Paper forms and spreadsheets do not provide cryptographic integrity verification.

Drug testing programs operate across varying state requirements, internal policies, and collection environments. Informal documentation methods may capture results, but they cannot demonstrate that records have not been altered after the fact.

Litigation Exposure from Disputed Results

When a terminated employee challenges a positive drug test, employers must produce documentation proving unbroken chain of custody. Paper forms often contain unverified signatures, missing timestamps, or inconsistent collector notes that create openings for wrongful termination claims.

No Proof Records Haven't Been Altered

Spreadsheets and basic HRIS modules store test results, but offer no cryptographic evidence that data has not been modified after the fact. In an audit or deposition, there is no mechanism to prove a record was not backdated, edited, or selectively deleted.

State-by-State Regulatory Variance

Cannabis legalization across 24+ states has created a patchwork of employer obligations. Organizations operating in multiple jurisdictions need documentation that captures policy-specific test panels, thresholds, and consent workflows to remain compliant in every state.

Inconsistent Multi-Site Documentation

Companies with distributed workforces rely on different collectors, clinics, and internal procedures across locations. Without a standardized digital workflow, documentation quality varies site to site, creating compliance gaps that surface during audits or legal discovery.

Workers' Comp and Insurance Exposure

Many state drug-free workplace programs offer workers' compensation premium reductions for employers with compliant testing programs. Inadequate documentation can jeopardize these benefits, and incomplete records weaken post-accident claim defenses.

MRO Review Bottlenecks

Medical Review Officers need clear, complete specimen documentation to process non-negative results efficiently. Missing collector information, unclear specimen IDs, or delayed paperwork extends the review cycle, creating liability windows and delayed hiring decisions.

Documentation failures are the number one reason drug test results get overturned.

Not lab errors. Not false positives. Procedural and documentation deficiencies give attorneys the leverage to challenge otherwise valid results, turning a $50 drug test into a six-figure legal exposure.

$2.57B
U.S. Workplace Testing
Market (2024)
Workflow

Collect. Record. Seal. Verify.

Your HR or compliance team documents each testing event in the TestLedger™ Sealed Record Platform using results from your existing labs, instant test kits, or collection sites. No integration required. No lab workflow changes.

01

Collect

Your HR team or designated employer representative enters the test authorization, donor identification, consent, and collection details into a structured digital form. Data can be entered at the point of collection or when results are received from a lab or collection site.

02

Record

Test results from instant kits, lab reports, or MRO reviews are entered alongside specimen metadata, chain-of-custody documentation, and employment action decisions. Standardized dropdowns and structured fields replace free-text notes and paper forms.

03

Seal

When the record is complete, the operator seals it with one click. TestLedger computes a SHA-256 cryptographic hash over every field, timestamp, and operator identity. Any subsequent modification would produce a different hash, making alteration detectable.

04

Verify

Authorized parties in possession of an exported sealed record may submit the file to the TestLedger verification interface. The system recalculates the hash to confirm whether the record matches its sealed state. No record content is exposed by this process.

Tamper-Evident Design

Sealed records generate a cryptographic hash derived from record content and associated metadata. If the content is changed, the hash will not match the sealed version. This provides objective evidence of whether a record has been altered after sealing.

Hash = SHA-256(content + timestamp + operator_id)

Works With Your Existing Testing Providers

TestLedger does not replace your lab, MRO, or collection site. It documents for the employer, a complete employee testing event, including results received from any provider. No integration, API connection, or vendor change is required.

Vendor-Neutral Documentation

TestLedger documents results from any manufacturer's drug test kits, any certified laboratory, and any collection site. The platform does not sell testing consumables or require proprietary test products.

Export-Ready Records

Sealed records export in JSON format and can be viewed in a summary report. Documentation remains cryptographically intact regardless of where it is stored. Photos can be added to records prior to sealing in the Basic plan; both photos and multi-file attachments are supported in the Professional plan.

TestLedger provides supplemental documentation and workflow support for non-DOT workplace drug testing programs. The platform focuses on documentation infrastructure; it does not perform laboratory testing or compliance certification. For DOT-regulated testing under 49 CFR Part 40, the Federal Custody and Control Form (CCF) remains the required legal document of record.
What a Defense Attorney Sees

Your documentation is your first witness.
How does it hold up?

Three real scenarios. On the left, what most employers produce today. On the right, what TestLedger seals into the record. A plaintiff's attorney will attack the weakest link in your documentation. Which side do you want to defend?

The scenarios below are illustrative examples created for informational purposes only. All names, dates, and record details are entirely fictitious. No actual employee records, protected health information, or confidential data are displayed on this page.

Scenario 01. Post-Accident Drug Test
Forklift collision in the warehouse. Employee tests positive for THC in a recreational-legal state.
The employee's attorney files for wrongful termination, arguing the employer failed to document the legal context of the positive result and cannot prove the record was not altered after the fact.
What most employers produce
Drug Test Record
Employee Name
J. Martinez
Date
2/18/26
Test Type
Post accident
Specimen
Urine
Result
Positive - THC
Collector Signature
MR Initials only
Action Taken
Terminated
THC Legal Status in State
⚠ Missing
Safety-Sensitive Position?
⚠ Missing
Time of Collection
⚠ Missing
Chain of Custody
⚠ Missing
Tamper Evidence
⚠ Missing
Plaintiff's Attorney Attack Vectors
"No timestamp on collection. No documentation of THC legal context. No safety-sensitive classification. No chain of custody. No proof this form wasn't completed days after termination. The employer terminated my client based on a piece of paper anyone could have filled in after the fact."
What TestLedger produces
TestLedger
SEALED
Specimen Collection
Employee
Martinez, Jorge A.
Test Authorization
Post-Accident
Collection Date/Time
2026-02-18 09:14 PST
Collector
M. Rodriguez, RN
THC Jurisdictional Context
Work State
Colorado
THC Legal Status
Recreational Legal
Safety-Sensitive
Yes
Classification Source
OSHA forklift operator
SHA-256 Record Hash
a7c3f1d9e4b28a1f...6d2c5e9b03f7
Defense Position
Timestamped at point of collection. THC legal context documented. Safety-sensitive classification sourced to OSHA. Cryptographic hash proves no modification since sealing. Every field is independently verifiable.
Five blank fields on a paper form gave the plaintiff's attorney five lines of attack. TestLedger closed all five.
5 of 5
Attack vectors eliminated
Scenario 02. Pre-Employment Screening Dispute
Candidate's offer rescinded after positive result. Three months later, EEOC charge filed alleging discriminatory testing practices.
During discovery, the employer is ordered to produce all documentation related to the test. The EEOC investigator asks for proof that results were recorded at the time of testing, not retroactively assembled after the charge was filed.
What most employers produce
Pre-Employment Drug Screen
Candidate
Sarah Chen
Position Applied For
Acct Mgr
Test Date
Nov 2025 No exact date
Result
Pos - Amphet.
Consent Obtained?
Yes
No
Consent Form on File?
⚠ Missing
Chain of Custody
⚠ Missing
Specimen ID
⚠ Missing
EEOC Investigator Findings
"No exact date on the test. No specimen ID. No chain of custody. Consent box is checked but no signed consent form is on file. There is no way to verify this record was created at the time of the test or that it has not been modified since."
What TestLedger produces
TestLedger
SEALED
Authorization & Consent
Donor
Chen, Sarah L.
Test Authorization
Pre-Employment
Consent Recorded
Yes, digital attestation
Consent Timestamp
2025-11-14 10:02 PST
Chain of Custody
Specimen ID
SP-20251114-1008
Collector
J. Chen, RN
Collection Time
2025-11-14 10:08 PST
Result
Non-Negative: Amphetamines
SHA-256 Record Hash
d4e8b2c7a1f3...9c5d8e2a7b04f1
Defense Position
Digital consent attestation with timestamp. Specimen ID links to chain of custody. Exact collection date and time recorded. Record sealed November 14, 2025; cryptographic hash confirms no modification in the three months before the EEOC charge.
The EEOC investigator needed proof the record existed before the charge was filed. The sealed hash timestamp provided it.
92 days
of tamper-proof integrity
Scenario 03. Multi-Site Random Selection Audit
Insurance carrier audits your drug-free workplace program across four locations. Documentation quality determines your workers' comp premium discount.
The auditor requests 12 months of testing records from all sites. Inconsistencies between locations, missing fields, or records without verifiable timestamps could disqualify the program and eliminate your premium reduction.
What most employers produce
Site A: Dallas Warehouse
Format
Paper form (photocopy)
Fields captured
Name, date, result
Site B: Denver Office
Format
Excel spreadsheet
Fields captured
Name, date, result, collector
Site C: Phoenix Distribution
Format
Email to HR (no form)
Fields captured
Varies
Site D: Portland Lab
Format
Google Form (link expired)
Fields captured
Unknown
Auditor Findings
"Four sites, four different formats, four different levels of data capture. No tamper evidence on any record. Two sites have records with missing fields. One site's records are unrecoverable. Program does not meet documentation standards for premium discount."
What TestLedger produces
TestLedger
4 SITES
Standardized Across All Locations
Dallas Warehouse
47 sealed records
Denver Office
31 sealed records
Phoenix Distribution
52 sealed records
Portland Lab
28 sealed records
Every Record Contains
Workflow
8-section standardized form
Tamper Evidence
SHA-256 cryptographic seal
Export
Instant JSON for auditor
Verification
Independent hash check
Program Total
158 records, 4 sites, 12 months, 100% field completion
Auditor Findings
Identical documentation standard at every location. Every record is cryptographically sealed with operator identification and timestamp. Full 12-month export delivered in under 60 seconds. Program meets all documentation requirements for premium discount.
The premium discount at stake was larger than the annual cost of TestLedger across all four sites combined.
158
Records, one standard
Why It Matters

One record. One workflow. Sealed for good.

Typical HR Office Today
Time per test 15 – 30 minutes
Process Paper form, photocopy, file cabinet
Tamper evidence None
Chain of custody Handwritten, inconsistent
Audit readiness Days to assemble
Independent verification Not possible
Dispute defense "We have a filing cabinet"
With TestLedger™ Sealed Record Platform
Time per test Minutes, not hours
Process Structured form, one-click seal
Tamper evidence SHA-256 cryptographic hash
Chain of custody Timestamped, operator-verified
Audit readiness Instant export
Independent verification Possession-based, no record content exposed
Dispute defense Sealed record with audit trail

One structured record today can prevent
six figures of litigation exposure tomorrow.

The cost of a TestLedger record is a fraction of 1% of the cost of defending a single disputed drug test.
Pricing

Two plans. Transparent pricing.

Purpose-built for workforce drug testing documentation. Choose the level of record integrity your program requires.

Basic
$99 /month

Essential documentation for employers running straightforward testing programs with standard record-keeping needs.

  • Drug Test Record forms
  • Operator identification and timestamps
  • Test panel and result documentation
  • JSON record export
  • Up to 3 users
Start Free Trial
Professional
$199 /month

Full cryptographic sealing, audit trails, and chain-of-custody documentation for organizations that need dispute-ready records.

  • Everything in Basic
  • SHA-256 cryptographic record sealing
  • Complete chain-of-custody audit trail
  • Possession-based record verification portal
  • S3 tamper-evident record storage
  • Multi-location support, up to 10 users
  • Administrative dashboard
Start Free Trial

Both plans include a free trial period. No credit card required to start. Data stored locally during trial.

Frequently Asked Questions

What employers ask before they start.

No. TestLedger does not conduct laboratory testing, perform MRO review, or provide clinical interpretation of results. It provides documentation infrastructure only. The platform records and seals the documentation surrounding a test; it does not perform, evaluate, or certify the test itself.
No. TestLedger is designed for non-DOT employer drug testing programs. If your organization conducts DOT-regulated testing under 49 CFR Part 40, the Federal CCF remains the required legal document of record. TestLedger may be used as supplemental documentation alongside the CCF, but it does not replace it.
A typical Basic record can be completed and sealed in a few minutes. Professional records with full chain-of-custody documentation, THC jurisdictional context, and evidence attachments take longer depending on the complexity of the testing event, but the structured form with dropdowns, checkboxes, and standardized fields is significantly faster than assembling the same documentation on paper. Once sealed, the record is cryptographically locked.
When a record is sealed, TestLedger computes a SHA-256 cryptographic hash over the complete record content, timestamp, and operator identity. If any data in the record is changed after sealing, the hash will no longer match, making the modification detectable. This is the same hashing standard used in banking, digital signatures, and blockchain technology.
Yes. TestLedger is vendor-neutral and works with any drug test kit from any manufacturer, any certified laboratory, and any third-party collection site. Your HR or compliance team enters results received from these providers into the platform. TestLedger does not require integration with lab systems, API connections, or changes to your existing testing workflow.
Sealed records are preserved in an append-only structure within the platform. They cannot be modified or deleted, even by account administrators. If a correction is required, a superseding record is created that references the original, maintaining continuity of documentation.
Verification confirms that a record has not been altered since it was sealed. When your organization exports a sealed record and provides it to an authorized party, that party can upload the file to the TestLedger verification interface. The system recalculates the cryptographic hash and confirms whether the record matches its sealed version. No record content is stored or exposed by the verification process; it requires possession of the exported file, which remains under your organization's control.
TestLedger is designed with PHI-aware architecture. Personally identifiable fields such as donor name and date of birth are available only in the Professional tier and are excluded from the cryptographic record hash for HIPAA isolation. Evidence uploads require a non-PHI attestation or an executed Business Associate Agreement. The platform displays warnings against entering PHI in free-text fields unless a BAA is in place. Organizations are responsible for determining whether their testing program involves PHI under HIPAA and for ensuring appropriate agreements are executed before submitting protected data.
Yes. The Professional plan supports up to 10 users across multiple locations with role-based access controls and an administrative dashboard. Every location uses the same standardized form and sealing workflow, eliminating the documentation inconsistencies that arise when different sites use different paper forms or spreadsheet templates.
Your HR team, compliance officer, or designated employer representative. TestLedger is not a lab system. It is the employer's documentation layer. When your organization receives test results from a laboratory, collection site, instant test kit, or MRO review, the designated person enters the complete testing event into TestLedger's structured form, including authorization, donor identification, consent, collection details, results, employment action, and any supporting evidence.
Yes. Records are controlled entirely by your organization. Sealed records are not publicly accessible, searchable, or visible to other TestLedger users. The verification portal operates on a possession-based model: only someone who already has the exported record file can verify its integrity. No record content is exposed during verification. Professional plan data is stored in isolated, encrypted S3 infrastructure. If your testing program involves PHI under HIPAA, PHI fields are blocked by default and can only be activated after executing a Business Associate Agreement.
When a test result flags THC, TestLedger prompts the operator to document four additional fields: the employee's primary work state, the THC legal status in that state at the time of testing, whether the position is classified as safety-sensitive, and the source of that classification. These fields are sealed into the record alongside the test result, providing documented evidence that the employer considered the jurisdictional legal framework before making an employment decision. This is increasingly critical in states with recreational or medical marijuana protections for employees.
+
No. Admissibility is determined by applicable law, evidentiary standards, and the specific circumstances of each case. TestLedger provides tamper-evident documentation architecture designed to support record integrity, which is substantially stronger than paper forms, spreadsheets, or unverifiable digital records. The platform does not provide legal, regulatory, or compliance advice.
You get full access to the platform with no credit card required. During the trial, records are stored locally in your browser and you can seal up to 10 records to evaluate the complete workflow. When you subscribe, both plans store sealed records in cloud infrastructure. The Professional plan enforces cloud-only storage with no client-side record persistence, which is required for workflows that may involve Protected Health Information. Both plans support JSON record export and independent verification.

Implement structured, tamper-evident documentation
across your workforce testing program.

Free trial, no credit card, no commitment. Evaluate the complete workflow on your own terms.

Start Free Trial Verify a Record