"We have apologised to the patient and family affected, and wish to take this opportunity to apologise again. We take patient privacy and our security responsibilities incredibly seriously, and no breach of this nature is acceptable.
"We launched an investigation as soon as the breach was discovered. We understand that the actions of a medical student were involved in the breach. We have discussed this with the University of Otago, prohibited the student from entering DHB premises while investigations are under way, and the matter of the student is now in the university's hands."
READ MORE:
• Police complaint after baby death at Auckland City Hospital
• Covid 19 coronavirus: Fears colonoscopy delays will worsen bowel cancers
• Auckland City Hospital investigates four deaths of mothers - husband speaks of being kept from hospital under lockdown
Police had been contacted about the person getting into the surgical theatre, Tait said, and the Office of the Privacy Commissioner advised.
"We are now reviewing our security systems and protocols to minimise the risk of such a breach occurring again."
A police spokesperson confirmed they were told of the incident, "however it was not considered to be a police matter".
Tait did not answer specific questions including why the man's presence wasn't immediately noticed, if they were wearing scrubs, what stage the surgery was at, whether the patient was undressed or exposed and what the intruder did once in the theatre.
It is unclear what the man's motivations were, or how he managed to get into a secure swipe-card access area that should be subject to strict controls, particularly during Covid-19 alert level 2.
A University of Otago spokesperson said the allegations involving the possible involvement of its student were being taken extremely seriously, with an investigation under way.
"The university cannot confirm or discuss details of the allegations other than to note that the student allegedly involved is currently not able to undertake clinical placements.
"Please be assured that the University of Otago places very clear expectations on its students in hospital settings and has rigorous processes to address any possible breach of those expectations."
Such a hospital security breach is extremely rare but there are overseas examples. A woman posed as a medical student to observe surgeries and even help transport a patient to recovery at Brigham and Women's Hospital in Boston, US, having gained access by "tailgating" staff as they entered the rooms.
The woman had familiarised herself with the hospital after getting permission to shadow a doctor there, after forging recommendation letters.
And last year a 23-year-old was jailed for a year after pleading guilty to unauthorised practice of medicine, after posing as a doctor and diagnosing a patient about a growth on his neck in a consult room at the University of California Irvine Medical Centre.
Prosecutors said Ariya Ouskouian also impersonated a doctor at Children's Hospital of Orange County on at least seven different occasions.
In 2018 a New Zealand woman, Zholia Alemi, was found to have provided fake qualifications to work as a psychiatrist in the United Kingdom for more than two decades. Her deception was discovered when she faced fraud charges, for which she was jailed.
