The Office for Civil Rights (OCR) in the Department of Health and Human Services (HHS) has collected $10 million in fines since June 2013 for breaches of the Health Insurance Portability and Accountability Act (HIPAA), which protects patients' medical privacy, but an OCR senior counsel says that figure will be "low compared to what's coming up."

HHS Chief Regional Civil Rights Counsel Jerome Meites offered that prediction this past week while speaking at an American Bar Association (ABA) conference in Chicago. He noted that the goal was to make examples of noncompliant providers.

The biggest source of breaches, according to HHS, continues to be theft of laptops and other devices containing unencrypted ePHI (electronic protected health information).

Of the $10 million collected, half of it came from just a single HIPAA violation settlement reached with New York Presbyterian Hospital and Columbia University.